• No results found

Maintaining Control in a Complex Environment. Joash Herbrink Solution architect - EMEA Qualys, Inc.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Maintaining Control in a Complex Environment. Joash Herbrink Solution architect - EMEA Qualys, Inc."

Copied!
37
0
0

Loading.... (view fulltext now)

Download now ( 37 Page )

Full text

(1)

Maintaining Control in a Complex Environment

Joash Herbrink

Solution architect - EMEA

Qualys, Inc.

(2)

Are you in control?

Qualys, Inc. Corporate Presentation 2

Most organizations suffer

in

getting

..

(3)

You can’t secure

what you don’t know

Qualys, Inc. Corporate Presentation 3

And

Security starts

with

.

(4)

Step 1: Visibility

know your assets

Qualys, Inc. Corporate Presentation 4

(5)

Infrastructures getting complex……

Qualys, Inc. Corporate Presentation 5

On Premise

VMware

Endpoints

(6)

…. and more complex

29 September 2019 QSC Conference, 2018

6

Private Cloud

On Premise

Containers

Public Cloud

Workstations

Mobile Devices

(7)

…. and more complex

29 September 2019 QSC Conference, 2018

7

Private Cloud

On Premise

Containers

Public Cloud

Workstations

Mobile Devices

IoT Devices

OT - ICS / SCADA

Public Cloud

(8)

Digital Transformation

Transformation of Business to Digital

Integration with backends & OT

Cloud, Containers, IaaS, PaaS, OT, IIoT, IoT,

Mobility, Web apps, APIs, Mobile Apps

Continuously changing

Started 20 years ago… Internet banking

29 September 2019 QSC Conference, 2018

(9)

Digital Transformation

How to get Control?

29 September 2019 QSC Conference, 2018

9

(10)

Step 1: Visibility

know your assets

Step 2: Security

Patch

Qualys, Inc. Corporate Presentation 10

(11)

Huge growth in disclosed vulnerabilities

Too long, we have been fighting the numbers*

Qualys Benelux - Team presentation

11 * https://www.cvedetails.com/browse-by-date.php

+12,5%

+128%

894

1020

1677

2156

1527

2451

4935

6610

6520

5632

5736

4652

4155

5297

5191

7946

6480

6447

14714

16555

1085

0

2000

4000

6000

8000

10000

12000

14000

16000

18000

1999

2000

2001

2002

2003

2004

2005

2006

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

Security Vulnerabilities Published

(12)

Security & Compliance (in the Cloud)

Qualys Benelux - Team presentation 12

For a long time, Vulnerability Management was all about getting it

ALL

done.

(13)

Step 1: Visibility

know your assets

Step 2: Security

Patch what matters

Step 3: Compliance - System configuration

Qualys, Inc. Corporate Presentation 13

(14)

Policy Compliance

Internal

Hardening

Guidelines

Out-of-box

Controls and Policies

Comply with

Regulatory

Mandates

Broad

Platform

Support

Automate Security Configuration Assessment

ISO

COBiT

HIPAA

SOX

COSO

MS SCM

UK DPA

PCI

CIS

NIST

ADSIC

(15)

Containers

15

On-Prem - OT, IOT

DevOps

Mobile - BYOD

And there’s more….

APIs

(16)

Qualys Cloud Platform

Qualys, Inc. Corporate Presentation 16

(17)

Future Proof Platform & Unified Dashboard

See the results in one place, anytime, anywhere

1+ trillion

Security Events

3+ billion

IP Scans/Audits a Year

28+ billion

Data Points Indexed on Elasticsearch

Clusters

99.9996%

(18)

Unique advantages of the

Qualys Cloud Platform

No hardware to manage

Lower operating costs

Easy to deploy & maintain

Unprecedented scaling

Always up-to-date

Data stored securely

No Back-Ups

(19)

Step 1: Visibility

know your assets

Qualys, Inc. Corporate Presentation 19

(20)

20 20

On Premise

Endpoints

Cloud

VMware

20

Qualys

Streaming

Data Backbone

Single Pane of Glass

Discover Prevent

Detect Response

Physical

Virtual

Cloud Agents

Container

Passive

API

Sensors:

(21)

21

(22)

22

Asset Inventory

Hardware specs

Installed software

EOL software

Commercial / Open source software

Integrate with CMDB

(23)

Step 1: Visibility

know your assets

Step 2: Security

Patch what matters

Qualys, Inc. Corporate Presentation 23

(24)

Security & Compliance

Getting it

ALL

done?

Fancy tooling?

Next great endpoint solution?

The silver Bullet?

(25)

Threat Protection

Qualys Benelux - Team presentation 25

(26)

Qualys, Inc. Corporate Presentation 26

(27)

Step 1: Visibility

know your assets

Step 2: Security

Patch what matters

Step 3: Compliance - System configuration

Qualys, Inc. Corporate Presentation 27

(28)

System configuration - Compliance

Qualys Benelux - Team presentation 28

(29)

Unparalleled Visibility and

Continuous Security Monitoring

across public cloud infrastructure

Cloud Inventory

Security Assessment

Cloud

Qualys Cloud Inventory and

Security Assessments

29 September 2019 Qualys Security Conference, 2018

(30)

Use Case #2

Identify Leaky S3 buckets

Misconfigured S3 Buckets are

vulnerable for data leaks

Check the S3 Bucket Access

Permissions Regularly

Review Access Control List

Check Bucket Policy

29 September 2019 Qualys Security Conference, 2018

(31)

Containers

31

On-Prem - OT, IOT

DevOps

Mobile - BYOD

There’s more….

APIs

Container Security

🔜

Passive Scanner / IOT

Web Application Scanning

🔜

Secure Enterprise

Mobility

(32)

CertView

‘Unplanned’ outages due to certificate expiration

Lack of visibility into all certificates

Certificates from unapproved CAs

DevOps often uses free/unapproved CAs

Rogue certificates

Unknown certificates could use weak keys or

algorithms

Unable to fix compliance failures

Validation: CRL/OCSP checks

Manual tracking in Spreadsheets

Qualys, Inc. | Black Hat USA 2017 32

(33)

Integrated Cloud Apps

Secure web applications with end-to-end protection

Web Application Scanning

Web Application Firewall

Block attacks and virtually patch web application vulnerabilities

WEB APPLICATION SECURITY

Security Configuration Assessment

Automate configuration assessment of global IT assets

Policy Compliance

PCI Compliance

Security Assessment Questionnaire

Assess security configurations of IT systems

throughout your network Automate, simplify and attain PCI compliance quickly

Minimize the risk of doing business with vendors and other third parties

COMPLIANCE MONITORING

ASSET MANAGEMENT

Asset Inventory

Maintain full, instant visibility of all your global IT assets

CMDB Sync

Synchronize asset information from Qualys into ServiceNow CMDB

File Integrity Monitoring

Log and track file changes across global IT systems

Cloud Security Assessment

Get full visibility and control across all public cloud instances

Continuously detect and protect against attacks, anytime, anywhere

Vulnerability Management

Threat Protection

Continuous Monitoring

Pinpoint your most critical threats and prioritize patching

Alerts you in real time about network irregularities

IT SECURITY

Indication of Compromise

Continuously monitor endpoints to detect suspicious activity

Container Security

Discover, track, and continuouslyprotect

containers

Certificate Assessment

Cloud Inventory

Certificate Inventory

Inventory of all your cloud assets across AWS,

Azure, GCP and others Inventory of TLS/SSL digital certificates on a global scale

Assess all your digital certificates for TLS/SSL vulnerabilities

33 Qualys Benelux - Team presentation

(34)

34

Qualys Cloud Platform - Integrations

Vulnerability Management

A

cc

es

s

M

an

ag

em

en

t

SI

EM

/L

og

M

an

ag

em

en

t

Ri

sk

M

an

ag

em

en

t

M

is

c

W

eb

A

pp

lica

tio

n

Fi

rew

al

l

Web Application

X M L R e s t A P I

IT

G

RC

Compliance

TNE

Pe

n

Te

st

IPS

CMDB

Dashboard

Excel

Database

(35)

Infrastructures getting more complex

Qualys, Inc. Corporate Presentation 36

(36)

Thank you

(37)

Qualys, Inc. Corporate Presentation 38

References

Download now ( PDF - 37 Page - 3.14 MB )

Related documents

Intravascular Ultrasound-Derived Minimal Lumen Area Criteria for Functionally Significant Left Main Coronary Artery Stenosis

teristics of the 112 patients with isolated LMCA ste- nosis are summarized in Table 1. Their mean age was 60 years of age, 74% were men, 29% had a history of diabetes, 5% had a

The Forrester Wave : Application Security, Q4 2014

Forrester conducted product evaluations in april 2014 and interviewed 12 vendor and user companies: Beyond Security, checkmarx, contrast Security, coverity, HP Fortify, iBM,

Robust non-Abelian spin liquid and a possible intermediate phase in the antiferromagnetic Kitaev model with magnetic field

While at zero field the AFM and FM Kitaev models are exactly equiv- alent by a Majorana sign transformation on one honeycomb sublattice [ 5 ], since their spin correlations

Managing Qualys Scanners

Configured Options Type a comma separated list of option profiles to determine

Implementation of Middleware for Internet of Things in Asset Tracking Applications: In-lining Approach

1) Its implementation is cost effective because it uses infrastructure such as wireless network towers that have already been deployed by mobile network service

BIG SHIFT TO CLOUD-BASED SECURITY

Qualys makes it possible for businesses to strengthen the security of their networks and applications, as well as conduct automated security audits that ensure regulatory

Worldwide Vulnerability Assessment Market and 13 Companies Analysis

Qualys Incorporation Products, Qualys Incorporation Revenue, Qualys Incorporation Strengths, Qualys Incorporation Weakness, Beyond Security Products, Beyond Security Strengths,

Secret Server Qualys Integration Guide

To help determine whether the Qualys account is correctly accessing Secret Server and the stored credential, check the audit on the Qualys user to see if it is logging