Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw Andrzej Kleśnicki, CISM Technical Account Manager for Central Eastern Europe!!
Qualys at a Glance Software-as-a-Service (SaaS) Founded in 1999 to deliver a SaaS VM Expanded the service as suite of SaaS! Security and Compliance offerings Last round of funding in 2004, IPO in 2012 350 employees (50% R&D and Operations) 6000+ global customers 50% of Fortune 100 35% of Fortune 500 20% Forbes Global 2000 US 65%, EMEA 30%, Asia 5% 9,000+ scanner appliances in 85 countries 600+ million IP scans in 2011 10+ million WAS scans in 2011 Highest possible rating of Strong Positive Largest market share Highest possible rating of Leader The leading vendor Market Share Leadership
Global Market Adoption By Forbes and Fortune Rankings Forbes 100 51 % Fortune 100 50% Fortune 500 35 % Forbes 2000 20 % 8 out of the top 10 Biotech 6 out of the top 10 Banks 5 out of the top 10 Insurance 8 out of the top 10 Software & Services 6 out of the top 10 Business Services 5 out of the top 10 Retailers 8 out of the top 10 Technology Hardware 6 out of the top 10 Media 4 out of the top 10 Auto Manufacturers 7 out of the top 10 Chemical 6 out of the top 10 Telecom 4 out of the top 10 Oil & Gas
Global Market Adoption Insurance Financial Services Chemical Internet Retail Technology Consulting
Global Market Adoption continued Media Energy Consumer Healthcare Manufacturing Education Transportation Public Sector
ICT Security is problem of Scale & Complexity and ALL constantly changes in time
Qualys Cloud Approach to ICT Security continuous view on ICT Security Risks and Compliance
QualysGuard ICT Security Management Integrated Suite of ICT Security and Compliance SaaS services ICT SECURITY INTELLIGENCE & MANAGEMENT PLATFORM ICT RISK MANAGEMENT Devices & Applications Risk Assessment Vulnerabilities Exploits, Malware Patches, Workarounds, Virtual IDS/IDP Patches Threats Protection ICT ASSET MANAGEMENT Devices & Applications Discovery and Tagging Business Value Responsibility Ownership Continuous Auditing ICT COMPLIANCE MANAGEMENT Devices & Applications Configurations Audits Internal Policies External Regulations ICT Technological controls checks Non-technological Questionnaires INTEGRATED DASHBOARDS AND REPORTS 8
QualysGuard Suite of Security & Compliance Applications VM PC PCI WAS MDS Vulnerability Management Policy Compliance PCI Compliance Web Application Scanning Malware Detection Service SECURE Seal
Qualys Global Clouds Deployments Security Operations Center (SOC) Private Clouds (PC) Future SOC and PC US SOC PC PC PC PC US SOC PC PC EU SOC EU SOC PC PC PC PC SOC PC PC
QualysGuard Global Infrastructure Virtual vscanner and Virtual Private SOC QualysGuard SW Virtual Scanner QualysGuard SW Virtual Private SOC World s Largest global Vulnerability Management deployment at Daimler! - 293 scanner appliances scanning over a million IPs in 80 locations Performing 600+ Million IP scans and maps per year 11!
Qualys Asset Management (Patent-pending Asset Tagging engine) Powerful ability to manage, search and tag assets Organizing ICT Assets using Tags - Static and Dynamic asset tagging - Hierarchical asset tagging Uses existing VM scan data Integrated with existing QG apps. Asset Tagging/Searching/Reporting based on - platforms, applications, services - IT responsibility - Based on locality - Based on Business Processes FREE OF CHARGE for every QG Customer - Part of every QG Subscription - Unlimited Network Scope
Qualys Vulnerability Management 12 years on market Market leader since 2008 Gartner, IDC, Forrester, Frost & Sullivan SC Magazine best Vulnerability Mgt solution 6 years in a row Full VM Cycle Free and unlimited network discovery Discover, group, & prioritize network assets Identify vulnerabilities, exploits, malware, patches, & unsupported technologies Prioritize, execute & audit remediation Automate reporting, trending, & alerting 13,000+ signatures covering 55K+ vulnerabilities, updated daily
Zero-Day Analyzer for VM Add-on feature for VM service Zero-Day Analyzer for VM Allows customers to analyze zero-day threats and estimate their impact on their assets and critical systems based on information collected from previous scan results. Benefits Latest signatures for idefense exclusive zero-day threats Customizable alerting and email notifications Actionable data with estimates about what systems are at risk http://www.qualys.com/zero-day
Qualys Policy Compliance Management Audits and documents compliance against external regulations & company internal policies Supports major security frameworks & regulations Controls library pre-mapped to frameworks such as CIS, COBIT, ISO27001:2005, HIPAA, ITIL, etc. Agent-less 100% SaaS 2600+ controls over 50 platforms User defined controls for Win/ Unix
Qualys PCI-DSS Compliance PCI Council ASV certified Used by 65% of ASVs and 49% of QSAs certified companies Automates PCI Compliance Periodic network discovery scans Periodic external scans for vulnerabilities Complete annual Self-Assessment Questionnaire Generates proof of PCI Compliance & attestation to submit to acquiring banks Delivers full ASV service ASV certified quarterly reports ASV support and insurance False-negative priority handling
Qualys Web Application Scanning Vulnerability Scanning inside Web Apps : Authenticated Scanning OWASP TOP 10 support Web services Discovery Web services Catalog Certificate auth. support Selenium auth. Support Java, Ajax, Flash support
Qualys Malware Detection for Web Apps Malware Detection inside Web App source code: Static signature Analysis Behavioral Analysis Dashboard and centralized reporting Sharing WAS module settings and Web Apps authentication
Customizable Questionnaires for PC Beta available Custom Questionnaires Enables customers to easily build questionnaires using the Unified Compliance Framework (UCF), as well as leverage existing business process workflows to evaluate controls, gather documents and evidence and validate compliance. Benefits Automation of manual assessments Ability to define/customize audit work flow Industry leading policy repository of nearly 1000 standards and regulations via UCF http://www.qualys.com/forms/questionnaires/
Qualys Web Application Firewall Beta available WAF Provides protection against known and emerging web application threats, and helps increase web site performance through caching, compression and content optimization, with no equipment needed. Benefits Zero-footprint, low cost deployment Ease of use, ease of maintenance Real-time attack prevention Virtual patching and application hardening http://www.qualys.com/waf
Why customers selected QualysGuard? Key functionalities and benefits Automated ICT Network and Application Discovery Automated ICT Asset Management based on Tagging and Rules Automated ICZ Vulnerability Scanning and ICT Risk Management Automated ICT Configuration Audit and Compliance tool Most accurate and secure Vulnerability Scanning Engine on market Economical and TCO benefits Try and Buy model = YOU pay for what you see is working for YOU Fully Scalable and flexible licensing = YOU pay for what YOU need NO HW and SW purchase, installation, maintenance and updates! NO CAPEX and HUMAN resources needed for implementation / run
4 defects (bugs) cover: False-negative, False-positive, Service-crashed, Host-crashed reported to Qualys Support Qualys Scanning Quality Metrics Six Sigma Scanning Accuracy Qualys Six Sigma Accuracy Scanned IPs (M) Reported Cases Actual Bugs 21 000 000 100.00000000 20 000 000 99.99990000 Number of Scans 19 000 000 18 000 000 17 000 000 16 000 000 SIX SIGMA 99.99980000 99.99970000 99.99960000 99.99950000 QG Scan Accuracy (%) 15 000 000 SCANNING ACTIVITY 99.99940000 14 000 000 99.99930000 Six Sigma Accuracy = Less then 4 defects for each 1 mil IP scanning!
Quality Metrics Customer Contact Ratio Customer Contact Ratio* Number of Calls per Month 1.20 1.00 0.80 0.60 0.40 0.20 0.00 QG-Enterprise QG-Express QG-PCI gru.10 sty.11 lut.11 mar.11 kwi.11 maj.11 cze.11 lip.11 sie.11 wrz.11 paź.11 lis.11 gru.11 sty.12 * Number of phone calls and e-mail per customer/month
Global Technology Partners / Integrations
Free Services at your Fingertips www.qualys.com/secure 25
Thank You aklesnicki@qualys.com!