In recent years, the world of cybersecurity has experienced a dramatic transformation. The threat landscape has erupted, creating a host of complex challenges, with malicious actors continuously upping their game. In this high-stakes environment, the need for robust cloud security platforms continues to pick up steam. These platforms aren’t just a “nice-to-have” anymore – they’re an absolute necessity in the modern cyber battlefield.
Earlier this week, that sentiment was underscored at the Qualys Security Conference (QSC) Mumbai, where the message was heard loud and clear: the demand for advanced, integrated cybersecurity solutions to protect enterprises from bad actors is more significant than ever.
In tandem with its game-changing suite of IT, security, and compliance solutions, Qualys solidified its position as an industry leader, where a diverse group of customers, partners, and cybersecurity thought leaders gathered to exchange ideas, insights, and knowledge across a wide array of timely cybersecurity topics and issues.
The War of the Wired
The event commenced with an insightful keynote from Lt. Gen (Retd.) Deependra Singh Hooda, PVSM, UYSM, AVSM, VSM & Bar, who expressed his viewpoint on the similarities of a physical war to today’s cyber risks. Driving his discussion about the correlation between the War of the Wired and the ever-evolving challenges of new-age hacking, Deependra Singh explained how there is a little bit of Qualys in all of India.
Cyber-Resilience is More Critical than Cybersecurity
Sumedh Thakar, president and CEO of Qualys, continued with an engaging discussion urging attendees to think more holistically about potential attack paths when it comes to minimizing their cyber risk. He highlighted the fact that over five trillion lines of code have been written, which has created billions of vulnerabilities waiting to be exploited. So, instead of embracing the strategy of scanning everything, Thakar stressed the criticality of empowering systems with immediate patches so organizations can supersede these vulnerabilities. As such, he said that every cybersecurity practitioner is like the cyber-resilience’s first responder or warfront soldier.
Talking further about the changing scenario of the digital-first environment, Thakar also discussed various trends in digital payments that have positively impacted India. He pointed out that from tipping Uber drivers to easy, one-touch banking experiences, the world of technology in India has never been more agile or fast-paced. But, as technology advances, so does the threat landscape.
Not restrictive to just software, Thakar spoke about how virtually every person these days utilizes at least three personal devices, all of which can be easily exploited. Since digital assets are financially attractive to hackers, the risk of an attack becomes tenfold. Thakar further explained, “It’s not the knowledge of vulnerability that will make us secure; it’s the ability to combat that vulnerability, that attack which is going to make us secure.”
Aligning with Thakar’s sentiments, Lt. Gen. Deependra Hooda also shared his view on combatting today’s cybersecurity challenges, which he said was to induce “the fear of cyber resilience within the hackers’ community.”
Overcoming Challenges that CISOs Face
As a CISO, establishing a timeline to protect an organization’s environment without compromising its existing IT structure can be daunting. As can often be the case, many CISOs are concerned about the perils that a vulnerability can introduce into their environments. Even when vulnerability detection time has been reduced to hours and the remediation time has been shortened, Thakar pointed out that one of the biggest challenges lies in convincing the organization of the critical nature of these vulnerabilities.
Providing more context, Thakar highlighted that the time required to exploit a new vulnerability has been reduced to just 19 days, but fixing that vulnerability will take 40 days. On average, news about such a vulnerability will be released after about 20 days. So, by the time an organization is ready to start focusing on addressing the vulnerability, the damage it has created at that point will be significantly high.
For many organizations, slow communication about the critical nature of vulnerabilities is where half of the battle can be lost, according to Thakar.
So, instead of implementing a wait-and-watch approach, Thakar underscored the need for CISOs to implement a more resilient and proactive strategy. Taking reference from Lt. Gen. Deependra Hooda on building an attack of deterrence against hackers and cybercriminals, Thakar explained how a more preemptive approach to cybersecurity should be implemented in real time.
By automating endpoint security with the right set of tools and capabilities and implementing a clear line of communication, organizations can ensure everyone understands the severity and scope of attacks, which can also help CISOs stay ahead of the curve in the event of an attack.
The Qualys Approach
With the infinite number of potential risks that lie ahead, identifying the most critical risks and having the ability to effectively prioritize each one is vital to the security of any organization. By identifying the severity of the risks and categorizing them into Operational, Financial, and Reputational, Qualys helps drive down the cost of maintaining a secure environment while increasing the scale of cyber resilience.
The Qualys platform empowers organizations to automate their entire IT environment with unsurpassed control, helping them speed the remediation process, more effectively measure risk, and clearly communicate their risk across the organization.
Sumedh put a finer point on the topic: “With the Qualys TruRisk Platform, organizations can pivot from risk measurement to secure, operationalize, collaborate, and cohesively reduce the risks. And, with Qualys solutions, you can find your assets’ risks, communicate them, and find a way to remediate the risk in the shortest possible time while saving costs, thus rightfully supporting Qualys’ mission of helping organizations measurably reduce cyber risk.”
Achieving Results by Embracing Risk Prioritization and Risk-Based Remediation
Attendees at the event also had the opportunity to see how Qualys innovations are helping customers stay ahead of today’s threat actors by extending the power of MITRE ATT&CK evaluation to proactively defend against attack risk.
Qualys customers discussed how they’ve embraced new capabilities such as MITRE-based risk prioritization, which has helped them more effectively prioritize and reduce their risk by leveraging such techniques as Active Directory Security to detect unauthorized and unknown devices using the same Qualys agent.
Still, attendees heard firsthand how TruRisk has been helping organizations uplift their security risk quantification processes and more effectively prioritize their riskiest vulnerabilities to significantly reduce the burden on their security teams compared to CVSS- and EPSS-based risk prioritization methods.
Abhaya Vidyarengahari, Group Manager & Head-Security Validation at Infosys, also explained how Qualys helped them remediate nearly 60 billion vulnerabilities and reduced the remediation cycle from 12 months to eight months to four months. By leveraging a single glass-pane view of all the vulnerabilities and patches, they work closely with the IT Team, eliminating delayed processes and patching issue ticketing.
Nilesh Khot, CISO, HDFC, also talked about leveraging Qualys solutions, such as Qualys agents and the TruRisk score, along with a 10-step plan that enabled them to better control over the remediation of IT assets across their environment. As a result, HDFC now analyzes critical threats faster with a centralized view across all its departments so they can identify potential risks and take immediate action.
Tarang Parikh, Senior Director of Cybersecurity, Risk Management, and Audit at WNS Global, emphasized why vulnerability management should be a consistent and continuous process across organizations to empower their entire IT environments to become a “strong, Fort Knox-like cybersecurity posture.”
Qualys cybersecurity experts also presented various demos about newly launched risk reports— such as the External Attack Surface Management Report, Technology Tech Debt Report, and TruRisk Research Report, all of which are available upon request on Qualys.com.
In an era where the quantity and impact of cyber-attacks are rising, QSC Mumbai set the stage to provide attendees with the expert insights and innovations they need to rewrite their cybersecurity playbook for the new era.
As the event ended, attendees walked away armed with new tools to help them prioritize their most severe vulnerabilities across their most critical assets and a firmer grasp on resolving them before attackers can exploit them.
If you missed QSC Mumbai, Qualys will host QSC Americas, November 6-9, at the Disney Swan & Dolphin Resort in Orlando, Florida, USA.
At this dynamic, 4-day event, attendees will dive deep into the impact of the digital journey and explore how to build security automation into every area of the enterprise. Attendees can also sharpen their expertise and earn valuable ISC2 CPE credits during two days of free training at the event.