Visit Rezilion at Black Hat USA 2022
Get ready to meet the future of Vulnerability Management as Rezilion heads to Black Hat USA next week.
The theme for our exhibition will be “it’s about time” – which represents what you can expect to see from Team Rezilion at our booth this year, and also, on a more fundamental level, the core of what our customers can expect from our newly-expanded platform itself.
***WHAT TO KNOW***
- See Rezilion’s newly-expanded Software Attack Surface Management Platform live at Black Hat and online in the Virtual Business Hall, August 10-11, 2022.
- Catch live demos on the hour, every hour, plus prizes, giveaways, and more at Rezilion’s booth, #2408.
- Panel discussion: “Tales from the Trenches: What We Learned from Log4J” featuring Liran Tancman, CEO, Rezilion, Yotam Perkal, Head of Research, Rezilion, Chris Wilder, Senior Analyst and Director of Research, Tag Cyber, and Roger Martinez, Sr. Information Security Engineer, Ziff Davis. Thursday, August 11, 3:00pm-3:50pm at Mandalay Bay.
- Arsenal Tool Demonstration: MI-X. Rezilion’s Head of Research, Yotam Perkal, and Security Researcher, Ofri Ouzan demo a new, open-source tool that can determine whether a local host or a running container image is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability. Thursday, August 11, 10-11:30.
- Reserve now to meet with us at the show or skip the line and meet with us before August 10th for a chance to win a free Apple Watch
In the constant battle that exists between software security teams, and developers who desire faster innovation, traditional software vulnerability management solutions can’t keep pace. Without enough time to both build and secure, teams find themselves in a struggle between keeping up with competition and mitigating threats and attacks. When it comes to VM, it’s about time we evolved.
With our newly-expanded platform, Rezilion now uniquely solves these challenges by applying automation at all of the critical stages in the software security workflow, providing security teams with full-stack assurance and giving developers time back to build. From the industry’s first Dynamic Software bill of Materials (SBOM) to vulnerability validation to automated remediation in CI, we are proud to unveil a holistic lineup of tools and solutions that reduce – not complicate – the work of software security. No compromises. No silos. No bottlenecks.
Give us a few minutes of your time this August and experience the future of software attack surface management for yourself, as we head to Vegas for Black Hat USA, 2022.
Wednesday, August 10, 10am – 6pm
Thursday, August 11, 10am – 4pm
Mandalay Bay Convention Center, Booth #2408
Join us as we unveil Rezilion’s expanded Software Attack Surface Management platform. With prizes, giveaways and live demos on the hour, learn how Rezilion’s full-stack/full-cycle solution accelerates software security, giving you clarity to find, manage and eliminate risk while freeing up time to build.
- Reserve now to meet with us at the show
- Skip the line and meet with us before August 10th for a chance to win a free Apple Watch
***Just in*** We are excited to announce we will be joined by GitLab in the Rezilion booth #2408 to present “The Fast and the Furious in DevSecOps.”
Fernando (Fern) Diaz, Senior Technical Marketing Manager, GitLab, will join Curtis Barker, VP Product Strategy with Rezilion, for this demonstration of how Gitlab and Rezilion work together to turbocharge your software security process in CI.
Wednesday at 1:30 and 3:30 pm
Thursday at 2:30 pm
Receive a Casio calculator watch for attending and enter for a chance to win an Apple Watch in every session.
Thursday, August 11, 3:00pm-3:50pm
Mandalay Bay I
Tracks: Application Security, Cloud Security
Tales from the Trenches: What We Learned from Log4J
Liran Tancman | CEO, Rezilion
Roger Martinez | Sr. Information Security Engineer, Ziff Davis
Yotam Perkal | Head of Vulnerability Research, Rezilion
Chris Wilder | Sr Analyst and Director of Research, TAG Cyber
The security industry was abuzz when a flaw in Apache’s Log4j software was first revealed in December. Known as Log4Shell, the critical vulnerability has a huge attack surface, ease of exploitation, and severe potential impact. The fall out of the discovery continues today.
Months later, and Rezilion research finds that many instances of the flaw remain unpatched, putting a massive number of organizations at risk. Because of the complexity in detecting Log4Shell, analysts say the implications of the bug are far-reaching and will likely be exploited for years to come.
In this discussion, Rezilion CEO Liran Tancman and Rezilion’s Vulnerability Research Head Yotam Perkal will be joined by Chris Wilder of TAG Cyber and Roger Martinez of Ziff Davis to discuss what was learned during the first fraught months of dealing with Log4Shell and what it means for vulnerability management strategy as a whole. Panelists will also offer takeaways for what you can do now to protect yourself against the inevitable next Log4j-type discovery.
BLACK HAT ARSENAL
Thursday, August 11, 10-11:30
Black Hat Arsenal, Mandalay Bay Convention Center
Yotam Perkal | Head of Research, Rezilion
Ofri Ouzan | Security Researcher, Rezilion
Track: Vulnerability Assessment
The first critical step to address any security vulnerability is to verify whether or not your environment is affected. Even if a vulnerable package is installed on your system, this condition alone does not determine exploitability as several conditions must be in place in order for the vulnerability to be applicable (exploitable). For example, can the vulnerability only be exploited under a specific configuration or in a specific OS?.
Most conventional vulnerability scanners rely on package manager metadata in order to determine the installed components (and in which versions) and then cross reference this data with vulnerability advisories in order to determine what vulnerabilities affect the system. The problem with that is that often software may be deployed without a package manager. For example, software might be built from source and then added to an image or unzipped from a tarball to a specific location on the file system. In these cases, no package manager data is associated with the application, which can result in false negatives (a scanner will “miss” these vulnerabilities) and offer a false sense of security.
MI-X is an open source tool aimed at effectively determining whether a local host or a running container image is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability. The tool prints the logical steps it takes in order to reach a decision and can generate a flow chart depicting the complete logical flow.
We aim to build a community of researchers that can improve the validation process of historically dangerous vulnerabilities, as well as newly discovered ones, so users and organizations will understand whether they are vulnerable or not, as well as which validation flow is used to reach that verdict, and what steps are necessary for remediation or mitigation.
Wednesday, August 10 – Thursday, August 11
On-demand in the Black Hat 2022 Virtual Business Hall
Automating Vulnerability Management in the Software Supply Chain: Log4j as a Case Study
Tom Blauvelt | VP, Solution Architecture, Rezilion
Tracks: Application Security, Cloud Security
Supply chain security risk became an urgent part of the conversation after breaches like SolarWinds and Kaseya revealed the vulnerability of software components. A Software Bill of Materials (SBOM) only offers a limited view into your software environment. But a Dynamic SBOM offers a real-time inventory of software and its behaviors and changes.
Join this session and learn how a Dynamic SBOM works to automatically identify, prioritize, and remediate vulnerabilities instantly and continuously. Using the recent Log4j vulnerability as an example, we’ll show you how to identify and remediate security holes using a Dynamic SBOM as a critical component in a modern vulnerability management strategy.