Cyber Risk Series: Navigating the Broken CMDB

Today’s rapidly evolving attack surface demands air-tight alignment between cybersecurity and IT teams. CISOs and security teams are working hard to assess risk across a dynamic technology environment. Still, that hard work falls apart if there’s no transparency with IT—the business unit responsible for patches, software upgrades, access controls, and other mitigation steps.

This session explores the critical imperative of turbocharging the CMDB with cyber risk context—allowing organizations to reduce cyber risk while limiting business disruption.

Summed Thakar - President & CEO, Qualys.

Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders.

Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.

Omar Santos
Cybersecurity and AI Security Research
OASIS Open

In the modern enterprise, the CMDB is vital yet fraught with challenges. This fireside chat explores the CMDB’s pivotal role in asset management and cybersecurity. It will cover key IT and Security challenges such as:

Creating executive buy-in for addressing the impact of flawed CMDB on incident response and compliance.
Strategies for immediate assessment, data cleansing, and proactive risk mitigation.
The impact of disruptions caused by organizations neglecting CMDB data quality.
Join Shira Rubinoff, renowned cybersecurity advisor, global keynote speaker and influencer for a riveting discussion with Bindu Sundaresan, Director, AT&T Cybersecurity on the challenges of effectively managing the CMDB. Bindu brings extensive leadership and experience spanning over 20 years working with some of the world’s most innovative companies and industry frameworks, including NIST/ISO/HITRUST, regulatory requirements including PCI, NERC, and HIPAA.

Attendees will gain practical insights for CMDB optimization, including integration with IT management systems. Practitioners will learn to chart a path for effective CMDB utilization, bolstering security and operational resilience in today’s digital landscape.

Bindu Sundaresan
Director
AT&T Cybersecurity

Shira Rubinoff
President
Cybersphere

Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption.

That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve:

An always-up-to-date inventory in the CMDB
Automated ticket assignment for critical remediation tickets
Mapping EoL/EoS software to the CMDB up to 12 months in advance to prioritize upgrades
Most importantly, learn how her consolidated approach enables IDB Bank to stay agile and ahead of the curve—securely—when it comes to technology and innovation.

Beatrice Sirchis

The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right?

In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including:

Adding business context from the CMDB to your security program (such as asset criticality, ownership, and support group) to drive accurate TruRisk Scoring and prioritization
Eliminating blind spots in your CMDB by adding previously unknown assets from the external attack surface and rogue IoT assets connecting to the network in real time
Mapping remediation tickets to the CMDB with 96% accuracy using Qualys tagging, cutting MTTR in half for critical vulnerabilities

Then this includes a second session called: The Step-by-Step Guide to Turbocharging Your CMDB

You know there are blind spots in the CMDB, and it keeps you awake at night.

Are you missing external assets? What about the IoT/OT devices or BYOD on our network at any given time?

Even if your SecOps team finds those assets and discovers critical risk, your IT team has no records in the CMDB. While your team wastes precious time aligning on where to focus, the window is open for attackers.

Join us to see exactly how to locate these missing cyber assets and add them to the CMDB with comprehensive, real time risk assessment. When security teams identify cyber risk, IT teams will work from the same asset inventory and set of data to take remediation action immediately.

Pablo Quiroga, Senior Director of Product Management at Qualys will demonstrate real-world scenarios of cyber risk response using a bi-directional sync between the Enterprise TruRisk Platform and the CMDB to measure, communicate, and eliminate risk across IT and Security workflows.

Kunal Modasiya and Mike Orosz, CISO of Vertiv, will close out the Cyber Risk Series with a discussion on how Vertiv bridges the IT-security gap and the importance of a complete asset inventory.