More than 7000 new and unique vulnerabilities will be disclosed this year. CSOs, CISOs and security professionals in IT are expected to keep their organizations safe not only from these new flaws but also from a ton of older security issues. An effective way to prioritize and mitigate the most relevant issues is by analyzing the associated exploits.
This session is the result of a yearlong study of the most recent exploits and their associated vulnerabilities. The outcome are a number of trends which give meaningful insight into the nature of the problem that are helpful in creating a remediation plan for existing and future threats.
You will get an insight into the factors that resulted in the nature, magnitude and timing of the harmful outcomes in order to identify what actions need to be taken to prevent recurrence of similar harmful outcomes. Amol will discuss real life exploit case studies as well as present aggregate results for exploits included in the study. Based on this aggregation he will offer strategies, policies and best practices for attack mitigation which can be used by attendees in their day-to-day field of work. The presentation will conclude with guidance on how these best practices can be leveraged by CSOs to get to an acceptable security posture. Attendees who are in charge of IT security will get insight on exploits that affect their systems and technical insight on attacks.
As Director of Vulnerability Labs at Qualys, Amol Sarwate heads a worldwide team of security researchers who analyze threat landscape of exploits, vulnerabilities and attacks. Sarwate’s team develops signatures for Qualys’ vulnerability management service, which helps organizations improve their security posture. He is a veteran of the security industry who has worked for the last 15 years on firewalls, vulnerability scanners, embedded security at McAfee, Hitachi, i2 and other organizations. He presented his research on Vulnerability Trends, Security Axioms and SCADA security at many conferences, including, RSA, BlackHat, Hacker Halted, nullCon, Hack In Paris, BSides, HSNI and FS/ISAC. He regularly contributes to SANS @RISK, SANS Top 20 and writes the “HOT or NOT” column for SC Magazine.