Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Transcription

1 Introduction to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

2 Qualys at a Glance Software-as-a-Service (SaaS) Founded in 1999 to deliver a SaaS VM Expanded the service as suite of SaaS Security and Compliance offerings Last round of funding in employees (50% R&D and Operations) global customers 50% of Fortune % of Fortune % Forbes Global 2000 US 65%, EMEA 30%, Asia 5% 9,000+ scanner appliances in 85 countries Highest possible rating of Strong Positive Largest market share Highest possible rating of Leader The leading vendor Market Share Leadership

3 3

4 Global Market Adoption Insurance Financial Services Chemical Internet Retail Technology Consulting

5 Global Market Adoption continued Media Energ y Consumer Healthcare Manufacturing Education Transportation Public Sector

6 A Unified and Continuous View of ICT Security, Risks and Compliance Device & Application Security The QualysGuard Cloud Platform and suite of integrated applications allows enterprises to discover and catalog all IT assets, and provides them with a continuous view of their security and compliance posture on a global scale. Benefits Fully automated continuous asset discovery, security & compliance assessments. Up-to-date security intelligence with no software to install and maintain. 6

7 A Unified and Continuous View of ICT Security, Risks and Compliance IT-GRC Automation The QualysGuard Cloud Platform and suite of integrated applications automates the collection of security and compliance data with customizable policies, questionnaires and workflows, helping organizations to automate and expedite compliance Benefits Automated & Agent-less compliance auditing supporting multiple regulatory mandates. Customizable questionnaires and business workflows to evaluate controls, gather evidence & validate compliance. Seamless integration with enterprise GRC solutions. 7

8 QualysGuard SaaS Applications Enterprise SMB Freemium Services QualysGuard On Demand Portal Analyze Comply Monitor Prevent Vulnerability Mgmt. Web App Scan Malware Detection SSL Labs Zero days analyzer Policy Compliance PCI Compliance Qualys Seal SCAP / FDCC Compliance Mgmt* Web Application Logs Botnet Detection* Web App. Firewall* QualysGuard SaaS Technology Platform Scanners & Collectors Open APIs, Web Services & Integrations

9 QualysGuard Suite of Security & Compliance Applications 9

10 Qualys Asset Management (patent pending) Powerful ability to manage, search and tag assets Organizing ICT Assets using Tags - Static and Dynamic asset tagging - Hierarchical asset tagging Uses existing VM scan data Integrated with existing QG apps. Asset Tagging/Searching/Reporting based on - platforms, applications, services - IT responsibility - Based on locality - Based on Business Processes CONFIDENTIAL 10

11 Qualys Vulnerability Management 12 years on market Market leader since 2008 Gartner, IDC, Forrester, Frost & Sullivan SC Magazine best Vulnerability Mgt solution 6 years in a row Full VM Cycle Free and unlimited network discovery Discover, group, & prioritize network assets Identify vulnerabilities, exploits, malware, patches, & unsupported technologies Prioritize, execute & audit remediation Automate reporting, trending, & alerting 13,000+ signatures covering 55K+ vulnerabilities, updated daily

12 QG Vulnerability Management Module User Interface Vulnerability Knowledge Base

13 QG Vulnerability Management Module User Interface Vulnerability Description

14 Exploits Knowledgebase Information added for Exploits Following resources used: Exploit-DB Metasploit Core Security Immunity Others Helpful in the Remediation process Comprehensive CVSS v2 scores Assets at risk of Exploits Report

15 Malware Knowledgebase Information added for Malware Code Availability Following resources used: Trend Micro Malware Knowledgebase Others malware resources coming Helpful in the Remediation process Assets at risk of Malware Report

16 3 Solution categories Solution description categories: Vendor Patch available Workaround available Virtual Patch available Trend Micro Deep Inspection signatures Others resources coming Helpful in the Remediation process Virtually Patchable Assets Report

17 Qualys Web Application Scanning Vulnerability Scanning inside Web Apps : Authenticated Scanning OWASP TOP 10 support Web services Discovery Web services Catalog Certificate auth. support Selenium auth. Support Java, Ajax, Flash support

18 Qualys Malware Detection for Web Apps Malware Detection inside Web App source code: Static signature Analysis Behavioral Analysis Dashboard and centralized reporting Sharing WAS module settings and Web Apps authentication

19 Qualys SECURE Seal for Web Apps Web Site Certification Daily WAS Malware Scanning Weekly IP vulnerability Weekly WAS vulnerability Weekly SSL Protocol Audit notification Daily updated SECURE Seal applet for your web site

20 Zero-Day Analyzer for VM GA April in Europe Zero-Day Analyzer for VM Allows customers to analyze zero-day threats and estimate their impact on their assets and critical systems based on information collected from previous scan results. Benefits Latest signatures for idefense exclusive zeroday threats Customizable alerting and notifications Actionable data with estimates about what systems are at risk 20

21 Free BrowserCheck Business Edition Audit state of browsers security in the enterprise Simple & Scalable Multiple platform & browsers Multiple Browser Plugins Centralized Reporting No SW/HW to install! Register here:

22 QualysGuard scanning progress Number of vulnerability and compliance scans per quarter Qualys reached +500 millions scans in 2010 Qualys reached +600 millions scans in millions in 2012?

23 Number of Scans Qualys Scanning Quality Metrics Six Sigma Scanning Accuracy Qualys Six Sigma Accuracy Scanned IPs (M) Reported Cases Actual Bugs , , SIX SIGMA 99, , , , QG Scan Accuracy (%) SCANNING ACTIVITY 99, , Six Sigma Accuracy = Less then 4 defects for each 1 mil IP scanning! 4 defects (bugs) cover: False-negative, False-positive, Service-crashed, Host-crashed reported to Qualys Support 23

24 Number of Calls per Month Quality Metrics Customer Contact Ratio Customer Contact Ratio* 1,20 QG-Enterprise QG-Express QG-PCI 1,00 0,80 0,60 0,40 0,20 0,00 dec..10 jan..11 febr..11 márc..11 ápr..11 máj..11 jún..11 júl..11 aug..11 szept..11 okt..11 nov..11 dec..11 jan..12 * Number of phone calls and per customer/month 24

25 Thank You