O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Continuous Security and Compliance Monitoring
for Global IT Assets
January 18, 2018
Chris Carlson
VP, Product Management
Q...
WannaCry: Observations of Qualys Threat Data
Inadequate Patching timing: high severity
vulnerabilities are taking 100+ day...
WannaCry (MS17-010) and VM Scanning
Auth Scanning / Agent
EternalBlue released
New Auth Scanning / New
Agent Deployment
Wa...
The core IT service areas must be improved
Asset Identification, Monitoring all enterprise assets
Alert Speed, Triage Accu...
How?
5
Transition from Point-in-Time Assessments
to
Continuous Security and Compliance Monitoring
6
Why? What factors are driving this?
• Rapidly reducing time from Vulnerability to Attack
• Attacks shifting to organized c...
Digital Transformation is Driving IT Transformation for
Organizations
Private Clouds
Enterprise On
Premise
Remote
End User...
… But creates new Challenges for Security
Private Clouds
Enterprise On
Premise
Remote
End Users
Can’t scan remote users
Do...
End-to-end Security Architecture
Automated Continuous Monitoring & Response
Discovery
On-Prem
Cloud
Mobile Devices
OT/ICS
...
Qualys Sensors
Scalable, self-updating & centrally managed
Physical
Legacy data
centers
Corporate
infrastructure
Continuou...
Qualys Cloud Agent
Lightweight
Software Agent
(collects metadata only)
On-Premise
Servers,
Public Cloud,
Remote
Endpoints
...
Qualys Suite of
Applications
Central Management / API
Efficient Network Usage
(Delta Processing average)
Qualys
Platform
C...
Cloud Agent Extends Network Scanning
No scan windows needed
Find vulnerabilities faster
Detect a fixed vulnerability faste...
Try and Manage Apps on one Cloud Agent
End the fight with IT to deploy security agents!
DEMO
16
Selected Cloud Agent Deployments
Ecommerce Company
1,200,000 scope
(1M cloud + 150k users)
Financial Services 270,000 Wind...
Global Pharmaceutical Company (Case Study)
Challenges • No vulnerability visibility of user endpoint machines
• Authentica...
1+ trillion
Security Events
3+ billion
IP Scans/Audits a Year
99.9996%
Six Sigma Scanning Accuracy
250+ billion
Data Point...
Thank You
qualys.com/trial
ccarlson@qualys.com
20
Próximos SlideShares
Carregando em…5
×
Próximos SlideShares
What to Upload to SlideShare
Avançar
Transfira para ler offline e ver em ecrã inteiro.

2

Compartilhar

Baixar para ler offline

Webcast Series #1: Continuous Security and Compliance Monitoring for Global IT Assets

Baixar para ler offline

Learn to effectively navigate the risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series.

In this webcast, Chris Carlson, Vice President of Product Management at Qualys, discussed how enterprises can achieve immediate visibility across on-premises, endpoint, and cloud IT environments with Qualys Cloud Platform and its powerful, natively integrated security and compliance applications.

You will learn how Qualys Cloud Platform allows you to:
• Have all of your data analyzed in real time
• Respond to threats immediately
• See the results in one place, in just seconds
• Protect your digital transformation efforts

Watch the on-demand recording: https://goo.gl/gC7jZR

Webcast Series #1: Continuous Security and Compliance Monitoring for Global IT Assets

  1. 1. Continuous Security and Compliance Monitoring for Global IT Assets January 18, 2018 Chris Carlson VP, Product Management Qualys, Inc.
  2. 2. WannaCry: Observations of Qualys Threat Data Inadequate Patching timing: high severity vulnerabilities are taking 100+ days to patch/configure/correct Exploits and attacks patterns are speeding up and taking < 30 days on average (WannaCry was distributed in 26 days) 2
  3. 3. WannaCry (MS17-010) and VM Scanning Auth Scanning / Agent EternalBlue released New Auth Scanning / New Agent Deployment WannaCry Released Organizations doing continuous VM assessment with agent / authenticated scanning and aggressively patching were much less impacted by WannaCry 3
  4. 4. The core IT service areas must be improved Asset Identification, Monitoring all enterprise assets Alert Speed, Triage Accuracy, Enabling effective response Effective Vulnerability Remediation for real risks targeting individual environments (emergency) vs. commodity risks Asset & Configuration Management / Build Compliance Network Architecture and Segmentation gaps – on-premise, cloud and remote-users Observations of Qualys Threat Data 4
  5. 5. How? 5
  6. 6. Transition from Point-in-Time Assessments to Continuous Security and Compliance Monitoring 6
  7. 7. Why? What factors are driving this? • Rapidly reducing time from Vulnerability to Attack • Attacks shifting to organized crime and ransomware • Board-level / C-suite visibility and impact to security events • Digital Transformation is creating an IT Transformation Are you prepared? 7
  8. 8. Digital Transformation is Driving IT Transformation for Organizations Private Clouds Enterprise On Premise Remote End Users Internet Public Clouds 8
  9. 9. … But creates new Challenges for Security Private Clouds Enterprise On Premise Remote End Users Can’t scan remote users Don’t know how many assets you have Don’t know when those assets are running Credential issues / Authentication failures Monthly / weekly scanning too slow 9
  10. 10. End-to-end Security Architecture Automated Continuous Monitoring & Response Discovery On-Prem Cloud Mobile Devices OT/ICS IoT CMDB Inventory Prevention Security Hygiene Vulnerability Assessment Threat Prioritization Patch Management Configuration Assessment Detection Endpoint Activity Cloud Infra Monitoring Network Activity Response Security Orchestration Incident Response Quarantine NAC 10
  11. 11. Qualys Sensors Scalable, self-updating & centrally managed Physical Legacy data centers Corporate infrastructure Continuous security and compliance scanning Virtual Private cloud infrastructure Virtualized Infrastructure Continuous security and compliance scanning Cloud/Container Commercial IaaS & PaaS clouds Pre-certified in market place Fully automated with API orchestration Continuous security and compliance scanning Cloud Agents Light weight, multi- platform On premise, elastic cloud & endpoints Real-time data collection Continuous evaluation on platform for security and compliance Passive Passively sniff on network Real-time device discovery & identification Identification of APT network traffic Extract malware files from network for analysis API Integration with Threat Intel feeds CMDB Integration Log connectors 11
  12. 12. Qualys Cloud Agent Lightweight Software Agent (collects metadata only) On-Premise Servers, Public Cloud, Remote Endpoints Windows, Linux, Mac, AIX Delivers Multiple Security Functions in one Agent 12
  13. 13. Qualys Suite of Applications Central Management / API Efficient Network Usage (Delta Processing average) Qualys Platform Cloud Agent 50 - 350 KB / day Lightweight Metadata Acquisition Resources 1% CPU (tunable) 3 MB applicationWindows, Linux, Mac, AIX 13
  14. 14. Cloud Agent Extends Network Scanning No scan windows needed Find vulnerabilities faster Detect a fixed vulnerability faster No firewall changes or network impact Best for assets that can’t be scanned Unable to get credentials / authentication failures Remote / roaming user assets Remote systems that can’t be scanned Cloud / Elastic deployments Servers sensitive to port scans 14
  15. 15. Try and Manage Apps on one Cloud Agent End the fight with IT to deploy security agents!
  16. 16. DEMO 16
  17. 17. Selected Cloud Agent Deployments Ecommerce Company 1,200,000 scope (1M cloud + 150k users) Financial Services 270,000 Windows (8K/wk) Financial Services 25,000 user machines Ecommerce 65,000 ~ 95,000 AWS Oil Field Services 4,000 remote servers Rx30 Pharmacy Management 4,500 servers/users/cloud ACI Worldwide Payment Systems 1,500 servers/users 17
  18. 18. Global Pharmaceutical Company (Case Study) Challenges • No vulnerability visibility of user endpoint machines • Authenticated Scanning Failures on server machines • Windows – 20% Failure rates • Linux – 60% Failure rates • Weekly scanning created gaps in reporting • New IT initiative for AWS and Azure development difficult to scan • Deployed 75,000 Cloud Agents on user endpoints for continuous visibility both on and off the network • Deployed 20,000 Cloud Agents for on-premise servers to overcome their authentication failures • Cloud Agent finds new and fixed vulnerabilities faster than scanning • Building the Cloud Agent into gold cloud images Solutions Outcome Customer Global Pharmaceutical Company Industry Pharmaceutical Biopharmaceutical Life Sciences Qualys Applications 18
  19. 19. 1+ trillion Security Events 3+ billion IP Scans/Audits a Year 99.9996% Six Sigma Scanning Accuracy 250+ billion Data Points Indexed on Elasticsearch Clusters Single Pane of Glass Via dynamic and customizable dashboards and centrally managed, self-updating, integrated Cloud Apps 19
  20. 20. Thank You qualys.com/trial ccarlson@qualys.com 20
  • eayoub

    Jun. 5, 2019
  • JAGADISHUPPALA

    Mar. 23, 2018

Learn to effectively navigate the risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series. In this webcast, Chris Carlson, Vice President of Product Management at Qualys, discussed how enterprises can achieve immediate visibility across on-premises, endpoint, and cloud IT environments with Qualys Cloud Platform and its powerful, natively integrated security and compliance applications. You will learn how Qualys Cloud Platform allows you to: • Have all of your data analyzed in real time • Respond to threats immediately • See the results in one place, in just seconds • Protect your digital transformation efforts Watch the on-demand recording: https://goo.gl/gC7jZR

Vistos

Vistos totais

3.497

No Slideshare

0

De incorporações

0

Número de incorporações

13

Ações

Baixados

25

Compartilhados

0

Comentários

0

Curtir

2

×