Taming Vulnerability Overload – Mehul Revankar – PSW #688



Sponsored By


sponsor
Visit https://securityweekly.com/ for more information!

Almost weekly, hackers discover and exploit vulnerabilities in popular programs like SolarWinds and Microsoft Exchange Server, impacting thousands. While it would be great to eradicate these vulnerabilities in the programs themselves, it is unlikely to happen any time soon. That’s why patching vulnerabilities quickly is important, yet even when patches are available, companies often fail to patch promptly. We’ll discuss barriers companies face that delay patching and Qualys’ experience with creating free services that help companies detect specific vulnerabilities and patching remotely for events like the SolarWinds and Microsoft Exchange incidents. The session will include a brief demo of Qualys free 60-day service to detect, prioritize, and patch vulnerable Exchange servers, and to detect environments missing compensating controls.

This segment is sponsored by Qualys.

Visit https://securityweekly.com/ to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Taming Vulnerability Overload

Guests

Mehul Revankar

Mehul Revankar – VP Product Management and Engineering, VMDR at Qualys

@MehulRevankar

Mehul is a cybersecurity professional with over 15 years of experience in Vulnerability Management, Policy Compliance and Security Operations. He leads the product management and engineering functions for VMDR (Vulnerability Management, Detection and Response) at Qualys. Before joining Qualys, Mehul led development of vulnerability and patch management products at SaltStack, and prior to that he led multiple research teams at Tenable.

Hosts

Doug White

Doug White – Professor at Roger Williams University

@dougwhitephd

Doug White is a Cybersecurity professor at Roger Williams University, the President of Secure Technology, and a Security Weekly network host.

Jeff Man

Jeff Man – Sr. InfoSec Consultant at Online Business Systems

@MrJeffMan

Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Lee Neely

Lee Neely – Senior Cyber Analyst at Lawrence Livermore National Laboratory

@lelandneely

Lee Neely is a senior IT and security professional at Lawrence Livermore National Laboratory (LLNL) with over 25 years of experience. He has been involved in many aspects of IT from system integration and quality testing to system and security architecture since 1986. He has had extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. Lee has worked with securing information systems since he installed his first firewall in 1989.

Paul Asadoorian

Paul Asadoorian – Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

Announcements

Audio