Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw

Transcription

1 Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw Andrzej Kleśnicki, CISM Technical Account Manager for Central Eastern Europe!!

2 Qualys at a Glance Software-as-a-Service (SaaS) Founded in 1999 to deliver a SaaS VM Expanded the service as suite of SaaS! Security and Compliance offerings Last round of funding in 2004, IPO in employees (50% R&D and Operations) global customers 50% of Fortune % of Fortune % Forbes Global 2000 US 65%, EMEA 30%, Asia 5% 9,000+ scanner appliances in 85 countries 600+ million IP scans in million WAS scans in 2011 Highest possible rating of Strong Positive Largest market share Highest possible rating of Leader The leading vendor Market Share Leadership

3 Global Market Adoption By Forbes and Fortune Rankings Forbes % Fortune % Fortune % Forbes % 8 out of the top 10 Biotech 6 out of the top 10 Banks 5 out of the top 10 Insurance 8 out of the top 10 Software & Services 6 out of the top 10 Business Services 5 out of the top 10 Retailers 8 out of the top 10 Technology Hardware 6 out of the top 10 Media 4 out of the top 10 Auto Manufacturers 7 out of the top 10 Chemical 6 out of the top 10 Telecom 4 out of the top 10 Oil & Gas

4 Global Market Adoption Insurance Financial Services Chemical Internet Retail Technology Consulting

5 Global Market Adoption continued Media Energy Consumer Healthcare Manufacturing Education Transportation Public Sector

6 ICT Security is problem of Scale & Complexity and ALL constantly changes in time

7 Qualys Cloud Approach to ICT Security continuous view on ICT Security Risks and Compliance

8 QualysGuard ICT Security Management Integrated Suite of ICT Security and Compliance SaaS services ICT SECURITY INTELLIGENCE & MANAGEMENT PLATFORM ICT RISK MANAGEMENT Devices & Applications Risk Assessment Vulnerabilities Exploits, Malware Patches, Workarounds, Virtual IDS/IDP Patches Threats Protection ICT ASSET MANAGEMENT Devices & Applications Discovery and Tagging Business Value Responsibility Ownership Continuous Auditing ICT COMPLIANCE MANAGEMENT Devices & Applications Configurations Audits Internal Policies External Regulations ICT Technological controls checks Non-technological Questionnaires INTEGRATED DASHBOARDS AND REPORTS 8

9 QualysGuard Suite of Security & Compliance Applications VM PC PCI WAS MDS Vulnerability Management Policy Compliance PCI Compliance Web Application Scanning Malware Detection Service SECURE Seal

10 Qualys Global Clouds Deployments Security Operations Center (SOC) Private Clouds (PC) Future SOC and PC US SOC PC PC PC PC US SOC PC PC EU SOC EU SOC PC PC PC PC SOC PC PC

11 QualysGuard Global Infrastructure Virtual vscanner and Virtual Private SOC QualysGuard SW Virtual Scanner QualysGuard SW Virtual Private SOC World s Largest global Vulnerability Management deployment at Daimler! scanner appliances scanning over a million IPs in 80 locations Performing 600+ Million IP scans and maps per year 11!

12 Qualys Asset Management (Patent-pending Asset Tagging engine) Powerful ability to manage, search and tag assets Organizing ICT Assets using Tags - Static and Dynamic asset tagging - Hierarchical asset tagging Uses existing VM scan data Integrated with existing QG apps. Asset Tagging/Searching/Reporting based on - platforms, applications, services - IT responsibility - Based on locality - Based on Business Processes FREE OF CHARGE for every QG Customer - Part of every QG Subscription - Unlimited Network Scope

13 Qualys Vulnerability Management 12 years on market Market leader since 2008 Gartner, IDC, Forrester, Frost & Sullivan SC Magazine best Vulnerability Mgt solution 6 years in a row Full VM Cycle Free and unlimited network discovery Discover, group, & prioritize network assets Identify vulnerabilities, exploits, malware, patches, & unsupported technologies Prioritize, execute & audit remediation Automate reporting, trending, & alerting 13,000+ signatures covering 55K+ vulnerabilities, updated daily

14 Zero-Day Analyzer for VM Add-on feature for VM service Zero-Day Analyzer for VM Allows customers to analyze zero-day threats and estimate their impact on their assets and critical systems based on information collected from previous scan results. Benefits Latest signatures for idefense exclusive zero-day threats Customizable alerting and notifications Actionable data with estimates about what systems are at risk

15 Qualys Policy Compliance Management Audits and documents compliance against external regulations & company internal policies Supports major security frameworks & regulations Controls library pre-mapped to frameworks such as CIS, COBIT, ISO27001:2005, HIPAA, ITIL, etc. Agent-less 100% SaaS controls over 50 platforms User defined controls for Win/ Unix

16 Qualys PCI-DSS Compliance PCI Council ASV certified Used by 65% of ASVs and 49% of QSAs certified companies Automates PCI Compliance Periodic network discovery scans Periodic external scans for vulnerabilities Complete annual Self-Assessment Questionnaire Generates proof of PCI Compliance & attestation to submit to acquiring banks Delivers full ASV service ASV certified quarterly reports ASV support and insurance False-negative priority handling

17 Qualys Web Application Scanning Vulnerability Scanning inside Web Apps : Authenticated Scanning OWASP TOP 10 support Web services Discovery Web services Catalog Certificate auth. support Selenium auth. Support Java, Ajax, Flash support

18 Qualys Malware Detection for Web Apps Malware Detection inside Web App source code: Static signature Analysis Behavioral Analysis Dashboard and centralized reporting Sharing WAS module settings and Web Apps authentication

19 Customizable Questionnaires for PC Beta available Custom Questionnaires Enables customers to easily build questionnaires using the Unified Compliance Framework (UCF), as well as leverage existing business process workflows to evaluate controls, gather documents and evidence and validate compliance. Benefits Automation of manual assessments Ability to define/customize audit work flow Industry leading policy repository of nearly 1000 standards and regulations via UCF

20 Qualys Web Application Firewall Beta available WAF Provides protection against known and emerging web application threats, and helps increase web site performance through caching, compression and content optimization, with no equipment needed. Benefits Zero-footprint, low cost deployment Ease of use, ease of maintenance Real-time attack prevention Virtual patching and application hardening

21 Why customers selected QualysGuard? Key functionalities and benefits Automated ICT Network and Application Discovery Automated ICT Asset Management based on Tagging and Rules Automated ICZ Vulnerability Scanning and ICT Risk Management Automated ICT Configuration Audit and Compliance tool Most accurate and secure Vulnerability Scanning Engine on market Economical and TCO benefits Try and Buy model = YOU pay for what you see is working for YOU Fully Scalable and flexible licensing = YOU pay for what YOU need NO HW and SW purchase, installation, maintenance and updates! NO CAPEX and HUMAN resources needed for implementation / run

22 4 defects (bugs) cover: False-negative, False-positive, Service-crashed, Host-crashed reported to Qualys Support Qualys Scanning Quality Metrics Six Sigma Scanning Accuracy Qualys Six Sigma Accuracy Scanned IPs (M) Reported Cases Actual Bugs Number of Scans SIX SIGMA QG Scan Accuracy (%) SCANNING ACTIVITY Six Sigma Accuracy = Less then 4 defects for each 1 mil IP scanning!

23 Quality Metrics Customer Contact Ratio Customer Contact Ratio* Number of Calls per Month QG-Enterprise QG-Express QG-PCI gru.10 sty.11 lut.11 mar.11 kwi.11 maj.11 cze.11 lip.11 sie.11 wrz.11 paź.11 lis.11 gru.11 sty.12 * Number of phone calls and per customer/month

24 Global Technology Partners / Integrations

25 Free Services at your Fingertips 25

26 Thank You