• Home

  • Documents

  • Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security...
18
18 QUALYS SECURITY CONFERENCE 2018 Qualys Agents and RTI’s Leveraging Vulnerability Intelligence and Cloud Agents in Vulnerability Management: Prioritizing Risk at Montana State University Constantine Vorobetz Technical Account Manager, U.S. West, Qualys, Inc.

Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

  • Upload
    others

  • View
    3

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

18QUALYS SECURITY CONFERENCE 2018

Qualys Agents and RTI’s Leveraging Vulnerability Intelligence and Cloud Agents in Vulnerability Management: Prioritizing Risk at Montana State University

Constantine Vorobetz Technical Account Manager, U.S. West, Qualys, Inc.

Page 2: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Agenda Vulnerability Intelligence

Situation

Problems

Objectives

Technology

Results

Q&A

November 16, 2018 Qualys Security Conference, 2018 2

Page 3: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Vulnerability Intelligence How it Works and How its Used

Page 4: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Intelligence vs. Information

Intelligence is information that has been analyzed Intelligence provides informative insights Collecting, processing, analyzing information Data meets some goal or purpose The problem is not to find something … But to understand something Source: Multiple

November 16, 2018 Qualys Security Conference, 2018 4

Page 5: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Vulnerability Intelligence

Identifies the Vulnerabilities with the greatest impact on risk. Proactive vs reactive. Pertains to a specific environment. Prioritizes vulnerability workflow.

November 16, 2018 Qualys Security Conference, 2018 5

Page 6: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

We need to think about…

November 16, 2018 Qualys Security Conference, 2018 6

Threats and Vulnerabilities Visibility with Technology

VM

TPCA

Page 7: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

1.  19,299 vulnerabilities on 698 servers (2015)

2.  Average Resolution 44.2 days

3.  High numbers

4.  Overwhelmed Staff

5.  VM became a low priority

6.  Can we be more proactive?

November 16, 2018 Qualys Security Conference, 2018 7

Information Overload

Situation Vulnerabilities/Remediation

Page 8: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Objectives

Discover and Prioritize by Criticality

Effective Vulnerability Management Assesses the Risk Verified and Reliable Data Timely and Actionable

November 16, 2018 Qualys Security Conference, 2018 8

Page 9: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Technology Cloud Agent & Threat Protect

Page 10: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Qualys Cloud Agent

Produces real-time data that is more reliable than traditional scanning. More visibility into systems for troubleshooting, services running, user accounts, open ports, software and version number

November 16, 2018 Qualys Security Conference, 2018 10

Cloud Agent

CATP

Page 11: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Continuous Data Collection Eliminates scanning windows Real-time tracking No credentials to manage Visibility of Operating System, Applications and Certificate.

November 16, 2018 Qualys Security Conference, 2018 11

Continuous Visibility and Real-Time Vulnerability Management:

Page 12: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

TP

Qualys Threat Protect

Real-Time Indicators (RTI’s) are data points collected per vulnerability. It is accurate, timely and actionable information to help prioritize and shrink the flood of Vulnerabilities reported

November 16, 2018 Qualys Security Conference, 2018 12

Threat Protect

Page 13: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Vulnerabilities that are not very critical can be dealt with in due course. Know the assets with the most risk. Prioritize based on criticality. Understand the associations across vulnerabilities to know the impact of a threat.

November 16, 2018 Qualys Security Conference, 2018 13

Identify & Weigh Characteristics that Intensify a Vulnerabilities Danger:

Page 14: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

1.  21,409 vulnerabilities on 775 servers (2017).

2.  Average Resolution 21.5 days. 3.  Higher numbers than 2015.

4.  Removal of Secondary

Scanner Appliance (Nessus).

5.  Priorities defined by risk.

6.  Transitioned from reactive to proactive!

November 16, 2018 Qualys Security Conference, 2018 14

Intelligence Leveraged

Results Vulnerabilities/Remediation

Page 15: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Actionable Vulnerability Information

November 16, 2018 Qualys Security Conference, 2018 15

Page 16: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Qualys Asset Inventory

Accurate server inventory with detailed and continuous hardware and software visibility. Timely and actionable information to help prioritize decision making regarding EOL software and hardware.

November 16, 2018 Qualys Security Conference, 2018 16

Asset Inventory

AI

Page 17: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

Replaces manual procurement collection efforts. Identify and know the assets on your network by functional category. Prioritize replacing EOL hardware and software licensing with easy and efficient decision making. Beta testing at Montana State University by Technical Leads in Distributed IT Units.

November 16, 2018 Qualys Security Conference, 2018 17

Could this improve the existing Server Inventory? Tester Comment: “I think it goes without saying this would be a huge improvement. The current Server Inventory is not easy to use and it’s function is generally a mystery to end users.”

Enable Efficiency Across IT and Security with Up to Date Continuous Visibility

Page 18: Qualys Agents and RTI’s€¦ · 16/11/2018  · Applications and Certificate. 11 Qualys Security Conference, 2018 November 16, 2018 ... Time Vulnerability Management: TP Qualys

18QUALYS SECURITY CONFERENCE 2018

Thank You

Constantine Vorobetz @qualys.com


QUALYS, INC. - AnnualReports.co.ukannualreports.co.uk/HostedData/AnnualReportArchive/q/...Qualys, the Qualys logo and QualysGuard, and other trademarks and service marks of Qualys

QUALYS, INC. - AnnualReports.co.ukannualreports.co.uk/HostedData/AnnualReportArchive/q/...Qualys, the Qualys logo and QualysGuard, and other trademarks and service marks of Qualys

Documents
Cloud Platform 2.37 API Release Notes - Qualys...Qualys Cloud Platform v2.x 2 The Qualys API documentation and sample code use the API server URL for the Qualys US Platform 1. If your

Cloud Platform 2.37 API Release Notes - Qualys...Qualys Cloud Platform v2.x 2 The Qualys API documentation and sample code use the API server URL for the Qualys US Platform 1. If your

Documents
Qualys Management Service Descriptions

Qualys Management Service Descriptions

Documents
Qualys AssetView User Guide4 About this Guide About Qualys About this Guide Welcome to Qualys AssetView! AssetView is ou r free asset discovery and inventory service. We’ll help

Qualys AssetView User Guide4 About this Guide About Qualys About this Guide Welcome to Qualys AssetView! AssetView is ou r free asset discovery and inventory service. We’ll help

Documents
Qualys CMDB Sync App · Qualys CMDB Sync App 2 Prerequisites Make sure you have a valid Qualys Account Subscription with API Access. Visit the ServiceNow Store, search for …

Qualys CMDB Sync App · Qualys CMDB Sync App 2 Prerequisites Make sure you have a valid Qualys Account Subscription with API Access. Visit the ServiceNow Store, search for …

Documents
Qualys Certificate View - betta-security.com.ua · 4 About this Guide About Qualys About this Guide Welcome to Qualys Certificate View! Certificate View provides discovery, assessment,

Qualys Certificate View - betta-security.com.ua · 4 About this Guide About Qualys About this Guide Welcome to Qualys Certificate View! Certificate View provides discovery, assessment,

Documents
Qualys Container Security User Guide...3 Table of Contents About this Guide..... 5 About Qualys ..... 5 Qualys Support

Qualys Container Security User Guide...3 Table of Contents About this Guide..... 5 About Qualys ..... 5 Qualys Support

Documents
Qualys Container Scanning Connector for Azure DevOps User Guide · 2020. 7. 15. · Qualys Container Scanning Connector for Azure DevOps Qualys Container Security provides a plugin

Qualys Container Scanning Connector for Azure DevOps User Guide · 2020. 7. 15. · Qualys Container Scanning Connector for Azure DevOps Qualys Container Security provides a plugin

Documents
Qualys WAS Web Application Report · Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in

Qualys WAS Web Application Report · Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in

Documents
Qualys Cloud Platform · Qualys Cloud Platform Sensors, Data Platform, Microservices, DevOps 4 QSC Conference, 2018 November 16, 2018 Application Services / Shared Services / Stream

Qualys Cloud Platform · Qualys Cloud Platform Sensors, Data Platform, Microservices, DevOps 4 QSC Conference, 2018 November 16, 2018 Application Services / Shared Services / Stream

Documents
Qualys Security Advisory QSA-2017-11-24 · 2018-12-13 · Qualys Security Advisory QSA-2017-11-24 November 24, 2017 Dell EMC Avamar and Integrated Data Protection Appliance (IDPA)

Qualys Security Advisory QSA-2017-11-24 · 2018-12-13 · Qualys Security Advisory QSA-2017-11-24 November 24, 2017 Dell EMC Avamar and Integrated Data Protection Appliance (IDPA)

Documents
Continuous Monitoring API - Qualys · Preface Using the Qualys Continuous Monitoring (CM) API, third parties can integrate the Qualys Security and Compliance solution into their own

Continuous Monitoring API - Qualys · Preface Using the Qualys Continuous Monitoring (CM) API, third parties can integrate the Qualys Security and Compliance solution into their own

Documents
Qualys Scanner Appliance

Qualys Scanner Appliance

Documents
Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc. //nullcon.net

Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc. //nullcon.net

Documents
NOVEDADES - Qualys€¦ · soluciones de seguridad en la nube de Qualys”, resalta la compañía. Qualys Patch Management (PM) Asimismo, la recién introducida aplicación de gestión

NOVEDADES - Qualys€¦ · soluciones de seguridad en la nube de Qualys”, resalta la compañía. Qualys Patch Management (PM) Asimismo, la recién introducida aplicación de gestión

Documents
Indication of Compromise API - Qualys · 2020-01-31 · Chapter 1 - Welcome Qualys API Framework 5 Chapter 1 - Welcome Welcome to Indication of Compromise API. Get Started Qualys

Indication of Compromise API - Qualys · 2020-01-31 · Chapter 1 - Welcome Qualys API Framework 5 Chapter 1 - Welcome Welcome to Indication of Compromise API. Get Started Qualys

Documents
Secure your mobile devices - Qualys...QUALYS SECURITY CONFERENCE 2020 Secure your mobile devices Secure Enterprise Mobility (SEM) Jimmy Graham Senior Director, Product Management Qualys,

Secure your mobile devices - Qualys...QUALYS SECURITY CONFERENCE 2020 Secure your mobile devices Secure Enterprise Mobility (SEM) Jimmy Graham Senior Director, Product Management Qualys,

Documents
Qualys Cloud Platform v3€¦ · Qualys Cloud Platform 3.1 brings you many more Improvements and updates! Learn more. Qualys Cloud Platform Release Notes 3 : AssetView . External

Qualys Cloud Platform v3€¦ · Qualys Cloud Platform 3.1 brings you many more Improvements and updates! Learn more. Qualys Cloud Platform Release Notes 3 : AssetView . External

Documents
Network Passive Sensor · 2020-01-16 · Welcome to Qualys Network Passive Sensor 5 Welcome to Qualys Network Passive Sensor With Qualys Network Passive Sensor (PS), you can automatically

Network Passive Sensor · 2020-01-16 · Welcome to Qualys Network Passive Sensor 5 Welcome to Qualys Network Passive Sensor With Qualys Network Passive Sensor (PS), you can automatically

Documents
Qualys Webex 24 June 2008

Qualys Webex 24 June 2008

Technology
A 360˚ Approach to Securing the Cloud - Qualys · Securing Azure Stack using Qualys Qualys is the only distributor of Infra’s VM,PC reports Infrastructure Networking and other

A 360˚ Approach to Securing the Cloud - Qualys · Securing Azure Stack using Qualys Qualys is the only distributor of Infra’s VM,PC reports Infrastructure Networking and other

Documents
Cloud Platform 8.10 Release Notes - Qualys · Qualys 8.10 Release Notes This new release of the Qualys Cloud Suite of Security and Compliance Applications includes improvements to

Cloud Platform 8.10 Release Notes - Qualys · Qualys 8.10 Release Notes This new release of the Qualys Cloud Suite of Security and Compliance Applications includes improvements to

Documents
Qualys CloudView User Guide · Welcome to Qualys CloudView! We’ll help you get acquainted with the Qualys solutions for securing your AWS resources using the Qualys Cloud Security

Qualys CloudView User Guide · Welcome to Qualys CloudView! We’ll help you get acquainted with the Qualys solutions for securing your AWS resources using the Qualys Cloud Security

Documents
Qualys Supports Sans 2014

Qualys Supports Sans 2014

Documents
Qualys PC/SCAP Auditor · Qualys SCAP Auditor 1.2 is a subscription based, Software as a Service solution delivered via Qualys Policy Compliance 8.x and the Qualys Cloud Platform

Qualys PC/SCAP Auditor · Qualys SCAP Auditor 1.2 is a subscription based, Software as a Service solution delivered via Qualys Policy Compliance 8.x and the Qualys Cloud Platform

Documents
Qualys Asset Inventory CMDB Sync · Qualys Asset Inventory CMDB Sync Get Started Add API Source Once you install the Qualys App, you need to add the API source. Go to Qualys Asset

Qualys Asset Inventory CMDB Sync · Qualys Asset Inventory CMDB Sync Get Started Add API Source Once you install the Qualys App, you need to add the API source. Go to Qualys Asset

Documents
Qualys Web Application Scanner Guide

Qualys Web Application Scanner Guide

Technology
QualysGuard Policy Compliance - Qualys, Inc

QualysGuard Policy Compliance - Qualys, Inc

Documents
Qualys Cloud Platformthe benefits of the Qualys Cloud Platform within the walls of your data center. The Qualys Private Cloud Platform allows organizations to store scan data locally

Qualys Cloud Platformthe benefits of the Qualys Cloud Platform within the walls of your data center. The Qualys Private Cloud Platform allows organizations to store scan data locally

Documents
Ensuring RtI’s Successful Implementation

Ensuring RtI’s Successful Implementation

Documents