Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw

26 

Loading....

Loading....

Loading....

Loading....

Loading....

Full text

(1)

Rozwiązanie SaaS w zakresie

bezpieczeństwa teleinformatycznego i

ochrony danych dla przedsiębiorstw

Andrzej Kle

ś

nicki, CISM

Technical Account Manager for Central Eastern Europe

!

!

(2)

Qualys at a Glance

Software-as-a-Service (SaaS)

Founded in 1999 to deliver a SaaS VM

Expanded the service as suite of SaaS

!

Security and Compliance offerings

Last round of funding in 2004, IPO in 2012

350 employees (50% R&D and Operations)

6000+ global customers

50% of Fortune 100

35% of Fortune 500

20% Forbes Global 2000

US 65%, EMEA 30%, Asia 5%

9,000+ scanner appliances in 85 countries

600+ million IP scans in 2011

10+ million WAS scans in 2011

Highest possible rating of “Strong Positive”

Largest market share

Highest possible rating of “Leader”

“The leading vendor”

(3)

8

out of the top 10

Biotech

8

out of the top 10

Software & Services

8

out of the top 10

Technology Hardware

7

out of the top 10

Chemical

6

out of the top 10

Banks

6

out of the top 10

Business Services

6

out of the top 10

Media

6

out of the top 10

Telecom

5

out of the top 10

Insurance

5

out of the top 10

Retailers

4

out of the top 10

Auto Manufacturers

4

out of the top 10

Oil & Gas

Global Market Adoption

By Forbes and Fortune Rankings

Forbes 100

51

%

Fortune 100

50

%

Fortune 500

35

%

Forbes 2000

20

%

(4)

Global Market Adoption

Insurance Chemical

Internet Retail Technology Consulting

(5)

Global Market Adoption – continued

Media Energy Consumer Healthcare

(6)

ICT Security is problem of Scale & Complexity

(7)

Qualys Cloud Approach to ICT Security

(8)

8

QualysGuard ICT Security Management

Integrated Suite of ICT Security and Compliance SaaS services

ICT RISK

MANAGEMENT

Devices & Applications Risk Assessment Vulnerabilities Exploits, Malware

Patches, Workarounds, Virtual IDS/IDP Patches Threats Protection

ICT ASSET

MANAGEMENT

ICT COMPLIANCE

MANAGEMENT

Devices & Applications Discovery and Tagging Business Value

Responsibility Ownership Continuous Auditing

Devices & Applications Configurations Audits Internal Policies External Regulations ICT Technological controls checks Non-technological Questionnaires

ICT SECURITY INTELLIGENCE & MANAGEMENT PLATFORM

(9)

VMVM Vulnerability Management PCPC Policy Compliance PCIPCI PCI Compliance WASWAS Web Application Scanning MDSMDS Malware Detection Service SECURE Seal

QualysGuard Suite of Security

(10)

Qualys Global Clouds Deployments

US SOC EU SOC

Security Operations Center (SOC)

PC PC PC PC PC PC PC PC PC PC Private Clouds (PC) US SOC EU SOC

Future SOC and PC

PC PC

(11)

QualysGuard Global Infrastructure

Virtual vScanner and Virtual Private SOC

11!

World’s Largest global Vulnerability Management deployment at Daimler

!

- 293 scanner appliances scanning over a million IPs in 80 locations

Performing 600+ Million IP scans and maps per year

QualysGuard SW Virtual Scanner

QualysGuard SW Virtual Private SOC

(12)

Powerful ability to manage,

search and tag assets

− Organizing ICT Assets using Tags

-  Static and Dynamic asset tagging

-  Hierarchical asset tagging − Uses existing VM scan data

− Integrated with existing QG apps.

Asset Tagging/Searching/Reporting

based on

-  platforms, applications, services

-  IT responsibility

-  Based on locality

-  Based on Business Processes

FREE OF CHARGE for every QG

Customer

-  Part of every QG Subscription

-  Unlimited Network Scope

Qualys Asset Management

(13)

Qualys

Vulnerability Management

12 years on market

Market leader since 2008

Gartner, IDC, Forrester, Frost & Sullivan SC Magazine best Vulnerability Mgt solution 6 years in a row

Full VM Cycle

•  Free and unlimited network discovery

•  Discover, group, & prioritize network assets

•  Identify vulnerabilities, exploits, malware,

patches, & unsupported technologies •  Prioritize, execute & audit remediation

•  Automate reporting, trending, & alerting

13,000+ signatures covering 55K+

vulnerabilities, updated daily

(14)

http://www.qualys.com/zero-day

Zero-Day Analyzer for VM

Add-on feature for VM service

Zero-Day Analyzer for VM

Allows customers to analyze zero-day threats and estimate their impact on their assets and critical systems based on information collected from previous scan

results.

Benefits

Latest signatures for iDefense exclusive

zero-day threats

Customizable alerting and email notifications

Actionable data with estimates about what

(15)

Qualys

Policy Compliance Management

Audits and documents

compliance against external

regulations & company internal

policies

Supports major security

frameworks & regulations

Controls library pre-mapped to frameworks such as CIS, COBIT, ISO27001:2005, HIPAA, ITIL, etc.

Agent-less – 100% SaaS

2600+ controls over 50 platforms

User defined controls for Win/

(16)

Qualys

PCI-DSS Compliance

PCI Council ASV certified

Used by 65% of ASVs and

49% of QSAs certified

companies

Automates PCI Compliance

Periodic network discovery scans

Periodic external scans for vulnerabilities Complete annual “Self-Assessment

Questionnaire”

Generates proof of PCI

Compliance & attestation to submit to acquiring banks

Delivers full ASV service

ASV certified quarterly reports ASV support and insurance False-negative priority handling

(17)

Qualys Web Application Scanning

Vulnerability Scanning

inside Web Apps :

Authenticated Scanning

OWASP TOP 10 support

Web services Discovery

Web services Catalog

Certificate auth. support

Selenium auth. Support

Java, Ajax, Flash support

(18)

Qualys Malware Detection for Web Apps

Malware Detection inside

Web App source code:

Static signature Analysis

Behavioral Analysis

Dashboard and centralized

reporting

Sharing WAS module settings

(19)

http://www.qualys.com/forms/questionnaires/

Customizable Questionnaires for PC

Beta available

Custom Questionnaires

Enables customers to easily build

questionnaires using the Unified Compliance Framework (UCF), as well as leverage

existing business process workflows to evaluate controls, gather documents and

evidence and validate compliance.

Benefits

Automation of manual assessments

Ability to define/customize audit work flow

Industry leading policy repository of nearly

(20)

http://www.qualys.com/waf

Qualys Web Application Firewall

Beta available

WAF

Provides protection against known 


and emerging web application threats, and helps increase web site

performance through caching, compression and content

optimization, with no equipment

needed.

Benefits

Zero-footprint, low cost deployment

Ease of use, ease of maintenance

Real-time attack prevention


Virtual patching and application

(21)

Why customers selected QualysGuard?

Key functionalities and benefits

Automated ICT Network and Application Discovery

Automated ICT Asset Management based on Tagging and Rules

Automated ICZ Vulnerability Scanning and ICT Risk Management

Automated ICT Configuration Audit and Compliance tool

Most accurate and secure Vulnerability Scanning Engine on market

Economical and TCO benefits

Try and Buy model = YOU pay for what you see is working for YOU

Fully Scalable and flexible licensing = YOU pay for what YOU need

NO HW and SW purchase, installation, maintenance and updates !

(22)

Qualys Scanning Quality Metrics

Six Sigma Scanning Accuracy

99.99930000 99.99940000 99.99950000 99.99960000 99.99970000 99.99980000 99.99990000 100.00000000 14 000 000 15 000 000 16 000 000 17 000 000 18 000 000 19 000 000 20 000 000 21 000 000 Q G Sc an A cc u ra cy (% ) N u m b er o f Sc an s

Qualys Six Sigma Accuracy

Scanned IPs (M) Reported Cases Actual Bugs

SIX SIGMA

SCANNING ACTIVITY

Six Sigma Accuracy = Less then 4 defects for each 1 mil IP

scanning!

4 defects (bugs) cover: False-negative, False-positive, Service-crashed, Host-crashed reported to Qualys Support

(23)

Quality Metrics

Customer Contact Ratio

0.00 0.20 0.40 0.60 0.80 1.00 1.20

gru.10 sty.11 lut.11 mar.11 kwi.11 maj.11 cze.11 lip.11 sie.11 wrz.11 paź.11 lis.11 gru.11 sty.12

N u m b er o f C al ls p er Mo n th

Customer Contact Ratio*

QG-Enterprise QG-Express QG-PCI

(24)
(25)

Free Services at your Fingertips

25

(26)

Thank You

aklesnicki@qualys.com

!

Figure

Updating...

References

Updating...

Related subjects :