Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Transcription

1 Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

2 A Unified and Continuous View of ICT Security, Risks and Compliance Device & Application Security The QualysGuard Cloud Platform and suite of integrated applications allows enterprises to discover and catalog all IT assets, and provides them with a continuous view of their security and compliance posture on a global scale. Benefits Fully automated continuous asset discovery, security & compliance assessments. Up-to-date security intelligence with no software to install and maintain.

3 QualysGuard ICT Security Management Integrated Suite of ICT Security and Compliance SaaS services ICT SECURITY INTELLIGENCE & MANAGEMENT PLATFORM ICT RISK MANAGEMENT Devices & Applications Risk Assessment Vulnerabilities Exploits, Malware Patches, Workarounds, Virtual IDS/IDP Patches Threats Protection ICT ASSET MANAGEMENT Devices & Applications Discovery and Tagging Business Value Responsibility Ownership Continuous Auditing ICT COMPLIANCE MANAGEMENT Devices & Applications Configurations Audits Internal Policies External Regulations ICT Technological controls checks Non-technological Questionnaires INTEGRATED DASHBOARDS AND REPORTS 3

4 QualysGuard SaaS Applications Enterprise SMB Freemium Services QualysGuard On Demand Portal Analyze Comply Monitor Prevent Vulnerability Mgmt. Web App Scan Malware Detection SSL Labs Zero days analyzer Policy Compliance PCI Compliance Qualys Seal SCAP / FDCC Compliance Mgmt* Web Application Logs Botnet Detection* Web App. Firewall* Asset Management Module QualysGuard SaaS Technology Platform Scanners & Collectors Open APIs, Web Services & Integrations

5 QualysGuard Suite of Security & Compliance Applications

6 Scalable QG Cloud Architecture CONFIDENTIAL 6

7 QualysGuard Suite of SaaS Services AUTOMATE - Asset Management (ICT Asset Discovery, Tagging and Prioritization) - Risk Management (ICT Vulnerability Analyses, Remediation, Verification) - Compliance Management (ICT Configuration Standards and Audits) by SaaS Service on your request, demand, price and scope!

8 Qualys Asset Management (patent pending) Powerful ability to manage, search and tag assets Organizing ICT Assets using Tags - Static and Dynamic asset tagging - Hierarchical asset tagging Uses existing VM scan data Integrated with existing QG apps. Asset Tagging/Searching/Reporting based on - platforms, applications, services - IT responsibility - Based on locality - Based on Business Processes

9 Qualys Asset Management Host tagging & Web application tagging

10 Qualys Asset Management Reports by tags & User permissions by tags

11 Qualys Vulnerability Management 12 years on market Market leader since 2008 Gartner, IDC, Forrester, Frost & Sullivan SC Magazine best Vulnerability Mgt solution 6 years in a row Full VM Cycle Free and unlimited network discovery Discover, group, & prioritize network assets Identify vulnerabilities, exploits, malware, patches, & unsupported technologies Prioritize, execute & audit remediation Automate reporting, trending, & alerting 13,000+ signatures covering 55K+ vulnerabilities, updated daily

12 QG Vulnerability Management VM process Lifecycle workflow

13 QG Vulnerability Management User Interface Vulnerability Knowledge Base

14 QG Vulnerability Management Vulnerability Knowledge Base Vulnerability Rating 14

15 QG Vulnerability Management Vulnerability Description

16 QG Vulnerability Management Exploits Description Information added for Exploits Following resources used: Exploit-DB Metasploit Core Security Immunity Others Helpful in the Remediation process Comprehensive CVSS v2 scores Assets at risk of Exploits Report

17 QG Vulnerability Management Malware Description Information added for Malware Code Availability Following resources used: Trend Micro Malware Knowledgebase Others malware resources coming Helpful in the Remediation process Assets at risk of Malware Report

18 QG Vulnerability Management 3 Solutions Description Solution description categories: Vendor Patch available Workaround available Virtual Patch available Trend Micro Deep Inspection signatures Others resources coming Helpful in the Remediation process Virtually Patchable Assets Report

19 QualysGuard Vulnerability Management Risk Management Security Risk Average security score calculated by: Vulnerability Severity Levels Number of Confirmed/Potential Vulnerabilities per scope of report Business Risk security score related to business criticality of processes / systems: Combines Security Risk per Host and Business Impact value per Host Helps prioritize vulnerabilities among your hosts in remediation process

20 QualysGuard Vulnerability Management Mapping and Scanning Engine Architecture Scanning Core Engine Launched for every IP in scope Managing launching of modules Collecting all information provided by modules Host / Port / Service / Application / OS Detection Modules Responsible for collecting specific data from the hosts Needs specific inputs, delivers specific outputs Host Alive Discovery TCP Port Discovery OS Fingerprinting Information Data collected and delivered by modules (output) Can be used as a input for launching new modules Host Status : Active TCP XX Port Open TCP/UDP Service (HTTP, FTP, SMTP ) Vulnerability Scanning Modules Effectively perform vulnerability detections and verifications Can handle one single vulnerability or many of the same type Confirmed Vulnerability Potential Vulnerability

21 QualysGuard Network Discovery process

22 QualysGuard Vulnerability Scan process

23 What is Trusted Scan Network vulnerability detection Based on port scanning and enumeration Banner grabbing Testing open ports Limited visibility Host vulnerability detection Host scanning with valid credentials Every resource is reachable Installed software, versions Policies Configuration errors More confirmed vulnerabilities CONFIDENTIAL 23

24 QualysGuard Asset Search Portal Instant Search on the whole Scan Results Database Find all hosts of a specific operating system Finds hosts affected by a specific vulnerability Export Search Results Centralized location for asset management Perform bulk Actions on Selected Results Bulk Edit Hosts

25 QualysGuard Remediation Ticket Creation & Verification Automatic Trouble ticket generation Based on Remediation Policy Rules set on Asset Groups / Tags Tickets created by Severity Level, Business Value and Asset Owners Manual Trouble ticket generation From Automatic Report From Host Information Launching Verification Scans 25

26 QualysGuard Suite of SaaS Services AUTOMATE - Asset Management (ICT Asset Discovery, Tagging and Prioritization) - Risk Management (ICT Vulnerability Analyses, Remediation, Verification) - Compliance Management (ICT Configuration Standards and Audits) by SaaS Service on your request, demand, price and scope!

27 VM Report Templates Map Reports: Map Result (list / graphical map) Unknown Device Report Asset Reports: Assets for selected OS / SW / Port / Service Assets at risk of Malware v.1 Assets at risk of Exploits v.1 Assets with Obsolete Software v.1 Virtually Patchable Assets v.1 Scan Reports: Scan Result (full technical report) Executive Scan Report Technical Scan Report High Severity Report Payment Card Industry Executive Report Payment Card Industry Technical Report Vulnerability ScoreCard Reports Remediation Reports: Tickets per Asset Group / Business Unit Tickets per User Tickets per Vulnerability Executive Remediation Report Patchable High-priority Vulnerabilities v.1 Disabled/Ignored Vulnerabilities v.1 Patchable High-priority Vulnerabilities v.1 Remediated Vulnerabilities Last 30 Days v.1 Qualys Patch Report per IP / Asset Group / BU Critical Patches Required v.1 Tickets ScoreCard Reports The Most Prevalent Vulnerabilities Report The Most Vulnerable Hosts Additional Qualys Reports Qualys TOP 20 Benchmark report SANS TOP 20 Benchmark report Authentication Verification Report

28 Zero-Day Analyzer for VM Beta available in US, GA in Q2 Zero-Day Analyzer for VM Allows customers to analyze zero-day threats and estimate their impact on their assets and critical systems based on information collected from previous scan results. Benefits Latest signatures for idefense exclusive zeroday threats Customizable alerting and notifications Actionable data with estimates about what systems are at risk

29 Thank You