Paul's Security Weekly Subscribe

Vulnerability Management

Taming Vulnerability Overload – Mehul Revankar – PSW #688

March 25, 2021

Almost weekly, hackers discover and exploit vulnerabilities in popular programs like SolarWinds and Microsoft Exchange Server, impacting thousands. While it would be great to eradicate these vulnerabilities in the programs themselves, it is unlikely to happen any time soon. That’s why patching vulnerabilities quickly is important, yet even when patches are available, companies often fail to patch promptly. We’ll discuss barriers companies face that delay patching and Qualys’ experience with creating free services that help companies detect specific vulnerabilities and patching remotely for events like the SolarWinds and Microsoft Exchange incidents. The session will include a brief demo of Qualys free 60-day service to detect, prioritize, and patch vulnerable Exchange servers, and to detect environments missing compensating controls.

This segment is sponsored by Qualys.

Visit https://securityweekly.com/ to learn more about them!

Sponsored By

Full episode and show notes

Announcements

Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Mehul Revankar

VP Product Management and Engineering, VMDR at Qualys

https://securityweekly.com/qualys

Mehul is a cybersecurity professional with over 15 years of experience in Vulnerability Management, Policy Compliance and Security Operations. He leads the product management and engineering functions for VMDR (Vulnerability Management, Detection and Response) at Qualys. Before joining Qualys, Mehul led development of vulnerability and patch management products at SaltStack, and prior to that he led multiple research teams at Tenable.

Hosts

Paul Asadoorian

Principal Security Evangelist at Eclypsium

https://securitypodcaster.com

Professor at Roger Williams University

https://securedigitallife.com/

Sr. InfoSec Consultant at Online Business Sytems

https://www.obsglobal.com/

Senior Cyber Advisor at Lawrence Livermore National Laboratory

Related

5G Hackathons – Casey Ellis – BTS #28

April 24, 2024

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Vulnerability Management

Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland… – SWN #380

April 23, 2024

Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News.

Government Regulations

Unraveling the “Materiality” Mystery: A CISO’s Guide to SEC Compliance – Mike Lyborg – BSW #347

April 22, 2024

The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including: Quantification M...