11. Qualys at a Glance
11
6,700+ Customers 100+ Countries $108M 2013
Revenues
QualysGuard Cloud Platform & Suite of Integrated Solutions
12. Continuous and Unified View of
Security and Compliance
Application Engines
ASSET
DISCOVERY
NETWORK
SECURITY
WEB APP
SECURITY
THREAT
PROTECTION
COMPLIANC
E
MONITORIN
G
Passive Physical Virtual Cloud Mobile
Agent
Sensors
14. Qualys Cloud Platform
On Premise
Same Codebase
Qualys Managed
Disconnected (2015)
On EC2 and AZURE
(2015)
VMware ESX and ESXi
24x7x365 Monitoring and Support
Daily Vulnerability Feeds
Bi-quarterly Platform Updates
SOC
17. 2015 New Services Delivery
18
CONTINUOUS
ASSET
DISCOVERY
NETWORK
SECURITY
WEB APP
SECURITY
THREAT
PROTECTION
COMPLIANCE
MONITORING
Gartner (June) - Continuous Asset Discovery and
Categorization Module with integration with CMDB (ServiceNow)
February - Continuous Monitoring of Critical Assets (Internal)
March – Splunk Integration
RSA (April) – Cloud Agent for VM (Windows servers and clients)
February – Progressive Scanning for large Web Applications
RSA (April) – Web Application Firewall 2.0 with virtual patching
and dedicated hardware appliance
Gartner (June) - Log Management and Data Analytics Module
BlackHat (July) – Advanced Malware Protection Service with
sandboxing, automated malware analysis and asset correlation
RSA (April) – Cloud Agent for Policy Compliance
18. New Products
19
Cloud Agent
Provides a new platform for continuous assessment of your
security posture on laptops, workstations and servers,
leveraging existing Qualys Cloud Suite applications such as
VM, PC, and CM.
Log Management
Our security-focused SIEM which aligns with our threat
protection initiative, allowing for a single-pane of glass view of
events captured by our various sensors.
Malware Protection Service
Opens a new chapter for the detection of malware and the
many advantages Qualys provides by correlating results with
other data sources from the rich suite of products
Passive Scanning
A new paradigm on asset discovery ensuring an accurate
method for network discovery and automated asset
classification dynamically re-building your logical platform
while multiplying the feature set of options available in the
Qualys platform
Updates run on a
new cycle every
weeks
ensuring at the
very minimum
new version
iterations every
calendar year.
8
6
20. Qualys Cloud Agent Platform
Visibility Across Globally Distributed Networks
2
1
• Light-weight agent (1MB) for
on premise systems
dynamic cloud environments
mobile endpoints
built to scale to millions of devices
• Centrally managed, self updating
2
1
21. Unique Advantages of a Cloud Based
Delivery Model
GLOBAL
DELIVERYUNIFIED
BEST OF BREED
SOLUTIONS
CONTEXTUAL
CORRELATION
SPEED & ACCURACY
LOWER
TCO
FASTER TIME
TO MARKET
2
2
Splunk can ingest any type of machine data, from any source in real time. These are listed here on the left and are flowing into Splunk for indexing. Once indexed, users can perform the use cases on the top right on the data. They can search through the data, monitor the data and be alerted in real-time if scheduled search parameters are met. The raw data can be aggregated in seconds for custom reports and dashboards. Also Splunk is a platform that developers can build on. It uses a well documented Rest API and several SDKs so developers and external; applications can directly access and act on the data within Splunk. Lastly, besides indexing raw data into its flat file data store, Splunk can also retrieve and index data that resides in other data stores such as a SQL database or Hadoop.
Splunk enables many use cases. We are drilling into the red box, or security.
Key is you put data into Splunk *once* and then use it for many use cases. This enables a strong ROI.
Make sure to stress we are a Security Intelligence Platform and we can meet their needs these use cases plus more. We are more than a SIEM in that we are much more flexible and also can be used for use cases outside of security. Highlight that many customers already have a SIEM and are generally happy with it. But they do have some pain with current SIEM….maybe it struggles getting in non-security data, maybe it has limited search/reporting capabilities, etc. In these cases, Splunk can happily complement their SIEM. They perhaps use their existing SIEM for alerting, and they then log into Splunk to do the investigation, etc. But key point is that we can easily complement or replace a SIEM.
1 solution for Splunk for Security, but 3 offerings. At bottom is Splunk Enterprise, our core product. Every Splunk deployment includes this as this is where the core indexing and searching resides. Many customers build their own searches/reports/dashboards on top of it.
On top of it, optional Apps can be installed. Apps are basically a collection of reports, dashboards, and searches purpose-built for a specific use case or product. Can be built by Splunk, customer, partners and all but a few are free on Splunkbase. Apps are great for customers who want out-of-the-box content and do want to have to build it themselves, and want to extend point solutions. One key App is the Splunk-built Enterprise Security app. It is basically an out-of-the-box SIEM with reports, dashboards, correlation rules, and workflow for security use cases. (It does have a cost though) Besides this app there are over 80 security-centric free Apps on Splunkbase. These are offering 3 and includes the Splunk App for PAN which is in the red box.
Information from the Verizon Data Breach Report 2015
99,9% of the exploited vulnerabilities seen did focus on vulnerabilities that have been known 1 year or longer.
In the line diagram you can see how long it takes once a CVE is published until the first exploitations can be seen. In generel to be on the safe side you need to patch as soon as possible – but best is within the first 1-2 weeks as the properbility of a exploit goes up each week.
Qualys is focused on providing security and compliance solutions to Enterprises around the world
Qualys reported $91 million in revenues for 2012 and now has over 6,000 enterprise customers in over 100 countries
What distinguishes Qualys? Cloud platform and SaaS business model
Talk about sensors
This year, Qualys will be bringing several new product initiatives into production:
Qualys also has an internal process for improving existing products enhancing synergies among applications.
What is it?
Splunk can ingest any type of machine data, from any source in real time. These are listed here on the left and are flowing into Splunk for indexing. Once indexed, users can perform the use cases on the top right on the data. They can search through the data, monitor the data and be alerted in real-time if scheduled search parameters are met. The raw data can be aggregated in seconds for custom reports and dashboards. Also Splunk is a platform that developers can build on. It uses a well documented Rest API and several SDKs so developers and external; applications can directly access and act on the data within Splunk. Also, besides indexing raw data into its flat file data store, Splunk can also retrieve and index data that resides in other data stores such as a SQL database or Hadoop.
Splunk can easily ingest external data to enrich existing data Splunk has indexed to increase accuracy and reduce false positives. This external could come from a wide range of sources outlined on this slide. It includes employee information from AD, asset information from a CMDB, blacklists of bad external IPs from 3rd-party threat intelligence feeds, IP ranges of critical internal networks (like a PCI-related credit cardholder environment) or a decoy honeypot, NetFlow data in Hadoop, and more. Correlation searches can include this external content. So for example Splunk can alert you if a low-level employee accesses a file share with critical data, but not if the file share has harmless data. Or Splunk can alert you if a user name is used specifically for an employee who no longer works for your organization. These are especially high-risk events.
The Splunk for security offerings start with our big data core platform called Splunk Enterprise. On top of this platform, Apps can be installed. Apps contain pre-built searches, reports, and visualizations for third-party security products or specific use cases. Over 600 Apps are available for free via Splunk.com, with more than 200 specifically for security.
Real-time monitoring of Vulnerability scans data in Splunk Enterprise
eliminate vulnerabilities
patch cycles
Correlation of Qualys scan data with other data sources in Splunk
Improve Security Posture: Risk scores, KSI
track performance of patches against attacks