QualysGuard® Malware Detection Service – Enterprise Edition

Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Why MDS?

1

Thousands of sites are infected daily

“Malvertising”- Exploits hidden inside legitimate looking ads

Malware propagates to the visitors of the site

Unknown malware is hard to recognize

Do you know if your site is serving Malware?

MDS Benefits

2

Avoid your site from being blacklisted

0-day defense

Prevents visitors from getting infected

Brand reputation

Protects against a loss of revenue

SaaS - Nothing to install or download

MDS service tiers

3

Free

• Single site •Domain and email address of user must match •5 scans •No scheduled scans, no support

Enterprise Edition Trial

•30 day trial •Up to 20 sites, 1000 pages per site • Sites can be be “unvalidated”- users sign terms and agreement •After 30 days, gets downgraded to Free version

Enterprise Edition

•1000 pages by default •More blocks can be purchased (consult your TAM)

MDS activity

4

You plug in your URL

Qualys Virtual Machine Farm

1. Enter URL 2. We breadth crawl URL (we stay in the

domain) 3. We do both behavioral and static

analysis 4. Qualys will email user if Malware is

found.

MDS Analysis - Static

5

Encoded JavaScript Document.write with obfuscation Web Bugs Vulnerable Control Instantiation Character encoding on inline frames

MDS Analysis - Behavioral

6

Microsoft Windows registry keys being written Rogue processes being started Programs being installed and started Files being written to disk

MDS User Interface

MDS Dashboard

Last Scan

Upcoming Scans

Infected sites Infections

MDS Knowledgebase

Adding Sites - Wizard Upload multiple

sites via CSV Up to 1000 pages Add Asset Tags

Assets

Scanning

View Scan Results View Thread

for each scan

Reporting

Reporting

Thank You training@qualys.com