Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Similar documents
Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Qualys Cloud Platform

Automating Security Practices for the DevOps Revolution

Qualys Cloud Platform

Regaining Our Lost Visibility

Everything visible. Everything secure.

Community Edition Getting Started Guide. July 25, 2018

SYMANTEC DATA CENTER SECURITY

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

AWS Reference Design Document

Investor presentation. Philippe Courtot, Chairman and CEO Melissa Fisher, CFO

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Qualys Cloud Suite 2.30

Investor presentation

Qualys Indication of Compromise

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Qualys Cloud Platform

CLOUD WORKLOAD SECURITY

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

How to manage evolving threats on evolving ICT assets across Enterprise

CyberPosture Intelligence for Your Hybrid Infrastructure

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

AWS Integration Guide

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Investor presentation. Philippe Courtot, Chairman and CEO Melissa Fisher, CFO

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

SECURING THE MULTICLOUD

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Deploy Symantec Cloud Workload Protection for Storage

InstallAnywhere: Requirements

Qualys Release Notes

Data Sheet GigaSECURE Cloud

QUALYS SECURITY CONFERENCE Qualys CertView. Managing Digital Certificates. Jimmy Graham Senior Director, Product Management, Qualys, Inc.

Patching and Updating your VM SUSE Manager. Donald Vosburg, Sales Engineer, SUSE

Securing Amazon Web Services with Qualys. December 11, 2017

Securing the Modern Data Center with Trend Micro Deep Security

Vulnerability Management

Vulnerability Management

Cisco Tetration Analytics Demo. Ing. Guenter Herold Area Manager Datacenter Cisco Austria GmbH

DevSecOps Shift Left Security. Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis

McAfee Public Cloud Server Security Suite

Chapter 5: Vulnerability Analysis

Consulting Edition Getting Started Guide. October 3, 2018

The Pathway to the Cloud Using Azure SQL Managed Instance

SIEMLESS THREAT DETECTION FOR AWS

Cisco Tetration Analytics

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

ALIENVAULT USM FOR AWS SOLUTION GUIDE

FROM VSTS TO AZURE DEVOPS

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Self-driving Datacenter: Analytics

Docker and Oracle Everything You Wanted To Know

The Evolution of Data Center Security, Risk and Compliance

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Red Hat Roadmap for Containers and DevOps

Ipswitch: The New way of Network Monitoring and how to provide managed services to its customers

VMware Hybrid Cloud Solution

BigFix 2018 Roadmap. Aram Eblighatian. Product Manager IBM BigFix. 14 May, 2018

Continuous Delivery for Cloud Native Applications

EdgeConnect for Amazon Web Services (AWS)

Data Sheet Gigamon Visibility Platform for AWS

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Security Configuration Assessment (SCA)

Welcome to IBM Security Guardium Analyzer!

CLOUDLENS PUBLIC, PRIVATE, AND HYBRID CLOUD VISIBILITY

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

McAfee Endpoint Threat Defense and Response Family

Cyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks

ForeScout Extended Module for ServiceNow

Citrix Workspace Cloud

ElasterStack 3.2 User Administration Guide - Advanced Zone

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

Title DC Automation: It s a MARVEL!

Kubernetes Integration Guide

A10 HARMONY CONTROLLER

Infoblox as Part of the Ecosystem

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

Table of Contents Release Notes 2013/03/25. Introduction in OS Deployment Manager. in Security Manager System Requirements

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Datacenter Security: Protection Beyond OS LifeCycle

No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Symantec Endpoint Protection Family Feature Comparison

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Tenable.io User Guide. Last Revised: November 03, 2017

NGFW Security Management Center

LINUX, WINDOWS(MCSE),

Securing the Software-Defined Data Center

Getting Started with AWS Security

Client Automation v8.10 Enterprise, Standard, Starter*

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

What is Dell EMC Cloud for Microsoft Azure Stack?

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Introduction to Cloud Computing

Modern and Fast: A New Wave of Database and Java in the Cloud. Joost Pronk Van Hoogeveen Lead Product Manager, Oracle

Transcription:

18 QUALYS SECURITY CONFERENCE 2018 Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation Jimmy Graham Senior Director, Product Management, Qualys, Inc.

Agenda Expanding Vulnerability Management Introducing Qualys Patch Management Unified Dashboard 2 QSC Conference, 2018 November 29, 2018

Vulnerability Management Lifecycle Asset Inventory Vulnerability Management Patch Management Threat Risk and Prioritization 3 QSC Conference, 2018 November 29, 2018

Expanding Vulnerability Management Containers Private Cloud IoT Devices ICS / SCADA Mobile Devices Workstations Public Cloud On Premise 4 QSC Conference, 2018 November 29, 2018

Case Study: Large US Bank Challenge Difficult to prioritize vulnerabilities across 100,000 endpoints Manual correlation of external threat data No active alerting on highthreat vulnerabilities Low visibility into workstations Solution Threat Protection RTIs automates prioritization Threat Protection Live Feed provides one-click access to impacted assets Continuous Monitoring combined with RTIs Qualys Cloud Agent for continuous and complete visibility 5

Vulnerability Management Platform Evolution

Elastic VM Dashboard Merges AssetView technology into Qualys VM Build widgets with vulnerability counts Search filters for quickly building queries Replace long-running reports with live widgets 7 QSC Conference, 2018 November 29, 2018

Opening Up the VM Detections Platform Custom Remote Detections Qualys Remote Detection Interface (QRDI) Create your own or share on Qualys Community Supports HTTP(S) and raw TCP Regex grouping and capturing LUA scripting for advanced logic 8 QSC Conference, 2018 November 29, 2018

Demo VM Elastic VM Dashboard

Qualys Patch Management Overview

Current Patch Management Tools Challenges and Impact Manual correlation of vulnerability to patch leads to delayed mean-time-toremediation Waiting for vulnerability reports to confirm the patch has fixed the vulnerability Remote systems only patched when connected to corporate network Limited or no coverage of third-party apps Multiple patching solutions for each OS type 11 QSC Conference, 2018 November 29, 2018

Introducing Qualys Patch Management Automated correlation of vulnerability and patch data Which patch fixes the CVE? Simple dashboarding for tracking patch deployments Patch using the Qualys Cloud Agent, anywhere Patch OS and third-party applications Single solution for Windows, macos, and Linux 12 QSC Conference, 2018 November 29, 2018

Shift From Reaction Mode to Operational Security Always up-to-date on missing patches Security and IT teams can speak the same language Collaboration key to successful digital transformation Unify discovery, prioritization, and remediation into one platform Rapid remediation of highprofile vulnerabilities in days vs. weeks Regularly scheduled deployments are repeatable and reported on 13 QSC Conference, 2018 November 29, 2018

Demo PM Patch Management Beta

Platform Support XP SP3+ Vista Windows 7 Windows 8/8.1 Windows 10 Server 2003 SP2+ Server 2008/R2 Server 2012/R2 Server 2016 OS X 10.10 Yosemite OS X 10.11 El Capitan macos 10.12 Sierra macos 10.13 High Sierra macos 10.14 Mojave RHEL 6,7 CentOS 5.4+,6,7 SUSE Linux Enterprise Server/ Desktop 11,12,15 Oracle Ent Linux 6,7(Server) Ubuntu 14.x,15.x,16.x, 18.x * Beta will focus on Windows- other operating systems will follow later * Roadmap items are future-looking; timing and specifications may change 15 QSC Conference, 2018 November 29, 2018

Roadmap Beta: Q4 2018 Windows patch deployment General Availability: Early 2019 Beta 1 Windows patching (desktops and servers) Qualys serves patches Third party Windows applications Beta 2 On-prem Caching of patches (QGS) Direct download from vendors for off-prem Additional tokens for dashboarding Upcoming Mac patching Linux patching Repository integration Automation Rules & Approval workflows 18 QSC Conference, 2018 November 29, 2018

Unified Dashboards Overview

Unified Dashboard Build dashboards with widgets from multiple Qualys Cloud Apps Target servers, containers, instances, web apps, etc. using Asset Tags 18 QSC Conference, 2018 November 29, 2018

Demo UD Unified Dashboard Preview

Unified Dashboard Rollout Phase 1 Unified Dashboard App Global dashboard filters Phase 2 Unified widget builder Upgrade existing Cloud App Dashboards Support for: Support for: VM PC FIM IOC WAS WAF SAQ AI PM CRI TP CS CV 20 QSC Conference, 2018 November 29, 2018

18 QUALYS SECURITY CONFERENCE 2018 Thank You Jimmy Graham jgraham@qualys.com

18 QUALYS SECURITY CONFERENCE 2018 Cloud Agent Platform Chris Carlson VP, Product Management, Qualys, Inc.

Digital Transformation is Driving IT Transformation for Organizations Private Clouds Public Clouds Internet Enterprise On Premise Remote End Users 23

But creates new Challenges for Security Don t know how many assets you have Don t Private know Clouds when those assets are running Credential issues / Authentication failures Monthly / weekly scanning too slow [WannaCry] Enterprise On Premise Can t scan remote users Remote End Users 24

Qualys Sensors Scalable, self-updating & centrally managed Physical Virtual Cloud/Container Cloud Agents Passive API Legacy data centers Private cloud infrastructure Commercial IaaS & PaaS clouds Light weight, multiplatform Passively sniff on network Integration with Threat Intel feeds Corporate infrastructure Continuous security and compliance scanning Virtualized Infrastructure Continuous security and compliance scanning Pre-certified in market place Fully automated with API orchestration Continuous security and compliance scanning On premise, elastic cloud & endpoints Real-time data collection Continuous evaluation on platform for security and compliance Real-time device discovery & identification Identification of APT network traffic Extract malware files from network for analysis CMDB Integration Log connectors 29 November 2018 25

Qualys Cloud Agent Platform Lightweight Software Agent On-Premise Servers Public Cloud Windows Linux Mac Delivers Multiple Security Functions in (collects metadata only) User Endpoints AIX Cloud Native one Agent 26

Qualys Platform Central Management / API Qualys Suite of Applications Cloud Agent Efficient Network Usage (Delta Processing average) Lightweight Metadata Collection (tunable) Windows, Linux, Mac, AIX 50-350 KB / day ~1-2% CPU 3 MB application 27

Qualys Cloud Agent IT, Security, Compliance Apps AI VM PC Asset Inventory Vulnerability Management Policy Compliance Indication of Compromise Detection File Integrity Monitoring Upcoming IT App (Beta November 2018) Patch Management 28 QSC Conference, 2018 November 29, 2018

Try and Manage Apps on One Cloud Agent End the fight with IT to deploy security agents! Remove point-solution agents from your endpoints Consolidate security tools

Cloud Agent Extends Network Scanning No scan windows needed always collecting Find vulnerabilities faster Detect a fixed vulnerability faster Many new Apps only available on Agent Best for assets that can t be scanned Unable to get credentials / authentication failures Remote systems in branch offices / NAT Roaming user endpoints Cloud / Elastic deployments 30

Cloud Agent Adoption

Cloud Agent VM Usage and Growth Drivers 10,000,000s 100,000s 2016 Deploy on servers to overcome customer limitations with their network scanning - Auth issues - Scan windows - More frequent VM assessments 1,000,000 s 2017 - Increasing adoption for Servers - Initial adoption for end-users (WannaCry) - Early CA deployments in AWS and Azure 2018 - Growth in endpoint deployments (50-300K) - Growth in public cloud (AWS primarily) - Initial work to build CA into CI/CD/ DevOps pipelines 2019 - Visibility + Lightweight agent increases adoption - Increase endpoints - Increase in public cloud - Capture migration from on-premise servers to public cloud

Cloud Agent CPU Tuning - Linux AWS EC2 VM: < 1.2% CPU peak usage for less than 15 mins not allowed to scan nano, micro, or small instances using network scanning 0.5% CPU when idle / heartbeat AWS t2.micro instance running Cloud Agent London 16 November 2017 33

Cloud Agent CPU Tuning - Windows Tunable CPU Limit Example: 8% configured max on 1-core (Effective: <2% on 4-core) London 16 November 2017 34

Cloud Native Collect Provider Metadata AWS EC2 accountid amiid availabilityzone hostname hostnamepublic instanceid instancetype kernelid macaddress privateipaddress publicipaddress region reservationid securitygroupids securitygroups subnetid VPCId Microsoft Azure dnsservers ipv6 location macaddress name offer ostype privateipaddress publicipaddress publisher resourcegroupname tags subnet subscriptionid version vmid vmsize Google Compute Platform hostname instanceid macaddress machinetype network privateipaddress projectid projectidno publicipaddress zone Agent collects metadata locally

Cloud Provider Metadata (AWS EC2 example) accountid 383031258652 ami-id ami-d874e0a0 ami-launch-index 2 availabilityzone us-west-2a hostname ip-172-31-36-214.us-west-2.compute.internal imageid ami-d874e0a0 instance-id i-03e86d77745bb2bba instancetype t2.micro local-hostname ip-172-31-36-214.us-west-2.compute.internal local-ipv4 172.31.36.214 mac 06:26:0c:74:c5:9a privateip 172.31.36.214 profile default-hvm public-hostname ec2-18-236-81-63.us-west-2.compute.amazonaws.com public-ipv4 18.236.81.63 region us-west-2 reservation-id r-06e5580c2918a00ba security-groups launch-wizard-2

Cloud Instance Metadata Merge and Agent Dynamic License Management EC2 Connector Available now aws.ec2.accountid aws.ec2.availabilityzone aws.ec2.hostname aws.ec2.hostnamepublic aws.ec2.imageid aws.ec2.instanceid d aws.ec2.instancestate aws.ec2.instancetype aws.ec2.kernelid aws.ec2.privatedns aws.ec2.privateipaddress aws.ec2.publicdns aws.ec2.publicipaddress aws.ec2.region.code aws.ec2.region.name aws.ec2.spotinstance aws.ec2.subnetid aws.ec2.vpcid Automatically merge on Instance ID (Nov 2018) Automated Rules (Dec 2018) When instancestate = TERMINATED, then remove Cloud Agent license 37 Cloud Agent Available now aws.ec2.accountid aws.ec2.availabilityzone aws.ec2.hostname aws.ec2.imageid aws.ec2.instanceid aws.ec2.instancetype d aws.ec2.kernelid aws.ec2.privatedns aws.ec2.privateipaddress aws.ec2.publicdns aws.ec2.publicipaddress aws.ec2.region.code aws.ec2.region.name aws.ec2.subnetid aws.ec2.vpcid

Integrate Cloud Agent into DevOps Use Cases for DevOps Build Cloud Agent into gold image or auto-deploy with CI/CD self-service results from Qualys API/UI & integrations Get vulnerability and configuration posture of OS and application along the DevOps pipeline Fix/verify security issues before going into production Use Cases for Security End-to-end lifecycle tracking development, deployment, production, decommission Same Cloud Agent across cloud, onpremise, endpoint, hybrid Single platform as DevOps tools evolve Qualys Container Security, Jenkins integration, API automation, more 38

Cloud Agent Microsoft Azure Integration 39

40

41

42

Vulnerability Spread at Speed of DevOps Red Hat 7.4 Marketplace Image

Auto-Deploy Qualys Cloud Agent

Vulnerability Results

Threat Protection Exploitability!

Cloud Agent Roadmap Agent Releases Mac 1.7.2 released Aug 29 Linux 2.1 upgrade from 2.0 (FIM) released Aug 29 Linux 2.2 Dec rollout for Policy Compliance UDCs Windows 2.1.1 rollout started Oct 17 / complete Oct 22 https://www.qualys.com/documentation/release-notes/ Features Cloud Provider Metadata (AWS, Azure, GCP) available EC2 Connector / Cloud Agent merge available Nov Windows agent to support Patch Management Beta Dec - Policy Compliance UDCs (Windows / Linux / AIX ) Dec Agent Lifecycle Management (Public cloud State-based w/ Connector / Any asset using Time-based)

18 QUALYS SECURITY CONFERENCE 2018 Thank You Chris Carlson ccarlson@qualys.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback