Abstracts Track 2026

Area 1 - Management and Operations

Nr:	144
Title:	Ditch the Risk & Silence the Noise: How Zero Trust File Security Offers a Proactive Defense against Malware
Authors:	Emily Gallagher
Abstract:	Contemporary cybersecurity is awash with marketing buzzwords, new threat models, and endless promises of “next-gen” security. It is also heavily over-reliant on detection-based technologies, often at the expense of unknown and zero-day threats slipping through defenses. In particular, one dangerous attack vector is still being exploited in plain view: file-based threats, which remain a go-to tactic for delivering malicious payloads. To mitigate these risks, organizations are increasingly adopting file sanitization technologies, commonly known as Content Disarm and Reconstruction (CDR), to proactively remove hidden threats and strengthen the wider security capabilities of their estates, including EDR, XDR, antivirus and sandboxing. Fundamentally, file sanitization neutralizes file-borne and human-interactive threats by enforcing a “clean-by-default” model that removes risk rather than interpreting it. In this environment, adversaries are forced to work harder, while, from the SOC perspective, detection pipelines remain cleaner and teams regain clarity rather than being overwhelmed by alerts. To understand how file sanitization enhances defensive effectiveness, Glasswall’s Head of Security Research, Connor Morley, and DevSecOps Engineer, Chris Holman, conducted an in-depth study processing real-world malware variants with and without sanitization. The findings reveal how CDR amplifies the performance of deployed detection tools across security metrics, including alert volume, false positives, and downstream operational efficiency. While no system achieves 100% coverage, the session will demonstrate how integrating file sanitization supports Zero Trust objectives. Attendees will gain a realistic view of how clean-by-default file protection strengthens modern defensive architectures and reduces hidden operational strain. Key takeaways How file-based threats bypass traditional detection tools. What proactive file sanitization removes before detection is involved. What the study revealed about alert volume and false positives. How sanitization enhances EDR, XDR and antivirus outcomes within Zero Trust architecture.

Nr:	165
Title:	OptiAstra: A Risk-Aware Framework for Automated Vulnerability Remediation through Patch Value Analysis and LLM-Guided Actions
Authors:	Pin-Chieh Huang and Chun-Ming Lai
Abstract:	The accumulation of co-existing vulnerabilities in modern information systems complicates remediation decision making. Security teams must determine not only which vulnerabilities are present, but also which remediation actions yield the greatest reduction of system risk under limited operational budgets. Traditional prioritization approaches based on CVSS or EPSS scores assess vulnerabilities individually and do not account for the combined effects of remediation actions or the fact that a single patch may mitigate multiple vulnerabilities. This paper presents OptiAstra, a risk-aware framework for automated vulnerability remediation that maximizes system-level risk reduction through action-level analysis. The framework is built around a grading algorithm that evaluates vulnerabilities by integrating exploitability, impact, exposure, and environmental controls derived from system configurations and operational context. Instead of ranking vulnerabilities in isolation, the algorithm estimates the remediation value of each candidate action by quantifying its contribution to risk reduction. A Patch Value Score represents the security benefit achieved per remediation effort, enabling the selection of actions that maximize system-wide risk reduction. To support automated remediation, the framework employs retrieval-augmented generation with large language models to analyze system logs and configuration data, detect vulnerabilities, and generate context-aware remediation measures. The retrieval component draws from authoritative sources, including curated vulnerability datasets, security research literature, vendor advisories, and well-maintained GitHub repositories containing remediation scripts and configuration guidelines. The language model can be lightly fine-tuned using domain-specific vulnerability reports to improve domain adaptation. Generated remediation actions are validated against the system state prior to execution, and a rollback mechanism restores the system in the event of execution failure. The proposed approach is evaluated across three Docker-based environments representing distinct deployment domains: an application-facing Web and API service layer, a control and management plane, and an endpoint layer encompassing operating systems and database services. Each environment contains 10 to 15 real-world vulnerabilities, including known CVEs and common misconfigurations, resulting in more than 40 vulnerability instances overall. Experimental results show that, under the same number of remediation actions, the proposed grading algorithm achieves approximately 25–36% greater overall risk reduction than CVSS- and EPSS-based prioritization, while reducing residual system risk by more than 30% on average. The remediation module correctly identifies and generates appropriate mitigation actions for over 78% of detected vulnerabilities and reduces required remediation actions by approximately 19–33%, with each action mitigating an average of 1.4 to 2.3 vulnerabilities. Rollback is triggered in less than 20% of remediation attempts, and system functionality and service availability are preserved after remediation. Overall, the results demonstrate that prioritizing remediation actions based on quantified remediation value enables more effective and risk-aware vulnerability management, providing a practical and deployable solution for reducing system risk.