Learn to effectively navigate the security risks, new regulations, and new technologies on your journey to a secure and compliant digital transformation with this Qualys webcast series. In this webcast, Tim White, Director of Product Management at Qualys, explained how Qualys helps customers worldwide comply with the European Union General Data Protection Regulation (GDPR). You will learn how Qualys’ security and compliance apps enable GDPR compliance by: • Tracking and classifying the IT assets which contain EU customers’ personal data • Providing ongoing protection of personal data across global IT environments and third parties • Maintaining continuous visibility of your organization’s GDPR compliance state Watch the on-demand recording: https://goo.gl/DkNq52

1. GDPR Deadline Readiness and
Impact to Global Organizations Outside the EU
Tim White
Director of Product Management, Qualys, Inc.

2. Key features of the regulation:
• Tougher consequences for non-compliance (€10-20 m or 2-4%
turnover)
• Countdown has begun – goes live May 25, 2018
• Rights for data subjects
• Breach notification requirements
• Number of data protection principles
EU General Data Protection Regulation (GDPR)
2

3. Have you started yet?
3

4. GDPR is already a reality
• Data breach reporting laws in
Germany, Austria and The
Netherlands
• Increased fines in The Netherlands
(up to 10%)
• Privacy policy code in the UK
• Right to be forgotten cases
• Exporting GDPR eg Japan, South
Korea
4

5. What do you have left to do?
• Identify & classify all personal data
• Evaluate Internal Policies, Processes, Controls and Risk
• Security & Privacy Awareness
• Protect systems from unauthorised access & misuse
• Verify third parties meet requirements
• Test incident response/data breach plans
• Privacy/Security by Design
• Recovery of data for ‘right to be forgotten’ and ‘subject access
requests’
5

6. How Qualys Can Help with GDPR
1. Automate Assessment & Data
Gathering
2. Identify & Track Assets
3. Protect Systems against
Compromise
4. Validate Security Controls &
Compliance
5. Manage Vendor Risk
6

7. Perform Internal Risk & Readiness
Assessments
Collect Information to Classify & Validate
Data
Ensure Data Privacy Considerations are
Applied
Verify Procedural Controls Regularly
Automate Assessment & Data Gathering
with Security Assessment Questionnaire
7

8. GDPR Readiness Assessment
8

9. Unified view of IT & security data
Search all hardware & software inventory
information in seconds
Simple but powerful
Customizable dashboards
Dynamically Organize GDPR Related
Assets
Identify and Track Assets
with Asset Inventory
9

10. Protect Systems Against Compromise
with Vulnerability Management
Comprehensive coverage and visibility
Agent and scan-based detection
VM for the perimeter-less world
Constant monitoring and alerts
10

11. Prioritize Remediation Efforts
with Threat Protection
11

12. Protect Web Applications
with Web Application Scanning & Firewall
• Continuously monitor web
applications and track
vulnerabilities
• Identify & remediate OWASP Top
10 Privacy and Application Security
risks
• Prevent immediate threats using
virtual patches to close
vulnerabilities quickly
• Ease of use with built in policies &
custom rules
12

13. • Lightweight add-on to VM
• Broad platform coverage
• Accurate controls & content
• Simple assessment workflow
• Scan remotely or via agent
• Powered by the Qualys Cloud
Platform
Eliminate Common Misconfigurations
with Security Configuration Assessment
13

14. (Coming Soon)
Discover missing patches on assets
Correlate with vulnerabilities
Prioritize with Threat Protection
data
Deploy patches to Windows, Mac,
and Linux OS in one platform –
anywhere
Deploy Critical Patches Quickly
with Patch Management
14

15. Validate Security Controls & Compliance
with Policy Compliance
Track Permissions & Privileges for
Critical Files & Databases
Enforce Security Best Practices &
Ensure Due Diligence
Verify Data Security Controls
Lock Down Application Settings
15

16. Ensure Data Integrity
with File Integrity Monitoring
Real-time detection
Built on the Qualys Cloud Agent
Easy to install, configure and manage
No expensive infrastructure to deploy
16

17. Detect Breaches
with Indication of Compromise
Uses the Qualys
Cloud Agent
Same agent for
Vulnerability
Management and
Policy Compliance
Don’t fight with IT to
add additional security
functionality
Remove point solution
agents from your
systems
Cloud Platform
Processing
Lightweight Cloud
Agent only collects
telemetry from the
endpoint
Storage, processing,
and query performed
on the Qualys Platform
Any Type of
Asset
Server, user endpoint,
cloud Instances
located anywhere in
the world
Windows OS initially
Query system activity
even if system is offline
or rebuilt by IT
Multiple Use
Cases
Detection, response,
hunting, investigation,
correlation
Open APIs and partner
integrations*
17

18. Cloud Providers —
Where is data hosted?
Partnerships — What
data is being shared?
Outsourcing — What data
is being accessed?
Vendors — What data can I
share?
Suppliers — What data
have you got?
M&A — What data do I
have to share?
Manage Vendor Risk
with Security Assessment Questionnaire
18

19. People
Technology
Process
• Limited Resource
• Constantly Changing
Requirements
• Excel & Email
• Manual Aggregation
• Decentralized
• Not Scalable
• Hard to Deploy & Maintain
• Cumbersome to Use
• Not Accessible from
Everywhere
Vendor Assessment Challenges
19

20. Integrated Suite of
Applications
Analytics and Reporting
Engines
Distributed
Sensors
Hardware Agent PassiveVirtual Cloud API
20
…
Environments
EndpointsOn-Premise Cloud
Qualys Cloud Platform
Unified approach to detection, prevention & response

21. 1+ trillion
Security Events
3+ billion
IP Scans/Audits a Year
99.9996%
Six Sigma Scanning Accuracy
250+ billion
Data Points Indexed on
Elasticsearch Clusters
Single Pane of Glass
Via dynamic and customizable dashboards and centrally
managed, self-updating, integrated Cloud Apps in a
single-pane-of-glass UI (AssetView, CloudView, CertView…)
21

22. Thank You
qualys.com/trial
twhite@qualys.com