Où en sommes-nous, où va le marché?

Similar documents
Regaining Our Lost Visibility

Qualys Cloud Platform

Qualys Cloud Platform

Investor presentation. Philippe Courtot, Chairman and CEO Melissa Fisher, CFO

Investor presentation

Everything visible. Everything secure.

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Investor presentation. Philippe Courtot, Chairman and CEO Melissa Fisher, CFO

QLYS Analysts & Investors Day

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

Automating Security Practices for the DevOps Revolution

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Real-Time Vulnerability Management Operationalizing the VM process from detection to remediation

Qualys highlights its adaptability to digital transformation at QSC 17

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

SYMANTEC DATA CENTER SECURITY

Popular SIEM vs aisiem

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

API, DEVOPS & MICROSERVICES

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

CLOUD WORKLOAD SECURITY

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Integrated, Intelligence driven Cyber Threat Hunting

Cisco Tetration Analytics

Title DC Automation: It s a MARVEL!

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Self-driving Datacenter: Analytics

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

A10 HARMONY CONTROLLER

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Qualys Cloud Platform

The Why, What, and How of Cisco Tetration

AWS Reference Design Document

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

How to manage evolving threats on evolving ICT assets across Enterprise

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Architecting Microsoft Azure Solutions (proposed exam 535)

Vulnerability Management

Cisco Tetration Analytics

CyberPosture Intelligence for Your Hybrid Infrastructure

STATE OF MODERN APPLICATIONS IN THE CLOUD

Exam C Foundations of IBM Cloud Reference Architecture V5

SIEMLESS THREAT DETECTION FOR AWS

Securing the Modern Data Center with Trend Micro Deep Security

Securing Your Cloud Introduction Presentation

THE ACCENTURE CYBER DEFENSE SOLUTION

Enterprise Cloud One OS. One Click.

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Digital Renewable Ecosystem on Predix Platform from GE Renewable Energy

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Logging, Monitoring, and Alerting

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

DevOps CICD PopUp. Software Defined Application Delivery Fabric. Frey Khademi. Systems Engineering DACH. Avi Networks

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Murray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?

MEETING ISO STANDARDS

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

DevSecOps Shift Left Security. Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis

SIEM Solutions from McAfee

Reinvent Your 2013 Security Management Strategy

McAfee Cloud Workload Security Product Guide

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Unlocking the Power of the Cloud

The Intent based Data Center. Kim In-Sook Manager, ASEAN Data Center Architect Team Jan 11, 2018

A Risk Management Platform

Qualys Indication of Compromise

Automating the Top 20 CIS Critical Security Controls

How to Keep UP Through Digital Transformation with Next-Generation App Development

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Security Readiness Assessment

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

#techsummitch

Protecting organisations from the ever evolving Cyber Threat

Security. Made Smarter.

PSOACI Tetration Overview. Mike Herbert

La plateforme Cloud d Entreprise. Découvrez la vision et la stratégie de Nutanix.

Device Discovery for Vulnerability Assessment: Automating the Handoff

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

VMware Cloud on AWS Technical Deck VMware, Inc.

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Transcription:

18 QUALYS SECURITY CONFERENCE 2018 Où en sommes-nous, où va le marché? Rendre le monde plus sûr une appli à la fois Philippe Courtot Chairman et CEO - Qualys, Inc.

Nos débuts Qualys Cloud Platform 1.0 Les années Gestion des vulnérabilités 1999 à 2011 Énorme résistance à l'adoption du Cloud Grande échelle et industrialisation Première phase de consolidation des «best of breed» solutions 2 Conférence QSC France 2018 6 décembre 2018

Où en sommesnous aujourd'hui? Qualys Cloud Platform 2.0 Suite intégrée de solutions de sécurité et de conformité - 2012 à 2018 Ré-architecture majeure de notre back-end Consolidation des activités OPS, DevOps, Support Client et Product management et gros Investissement en Inde Extension de nos solutions + 10 applis et premières acquisitions technologiques 3 Conférence QSC France 2018 6 décembre 2018

Où allons-nous? Qualys Cloud Platform 3.0 Tableau de bord unique avec vue unifiée des ressources IT, de la sécurité & de la conformité - Arrivée sur le marché de l'ot et de l'iot 2019 à 2021 Nouvelle solution pour l'inventaire en continue des actifs IT globaux Encore plus de solutions intégrées couvrant l ensemble des actifs globaux Une nouvelle approche pour gérer et répondre aux incidents 4 Conférence QSC France 2018 6 décembre 2018

Où va le marché? L'irrésistible ascension des plateformes Cloud Systèmes informatiques en pleine évolution Consolidation majeure L'ère du Cloud est inéluctable et arrive au galop 2019 à 2021 De la protection des données à la cyber-résilience Intégrer la sécurité et non plus la rajouter Consolidation accélérée du marché 5 Conférence QSC France 2018 6 décembre 2018

18 QUALYS SECURITY CONFERENCE 2018 Merci de votre attention Philippe Courtot pcourtot@qualys.com

18 QUALYS SECURITY CONFERENCE 2018 Regaining Our Lost Visibility Sumedh Thakar Chief Product Officer, Qualys, Inc.

IT Transformation Infrastructure & Application

Digital Transformation Holistic Transformation of Business to Digital Cloud, Containers, IaaS, PaaS, OT, IIoT, IoT, Mobility, Web apps, APIs, Mobile Apps 10

Hybrid Cloud Overview Architecture Mobile Workforce Work Stations Clouds NETWORKS NETWORKS VMs BARE METAL VMs BARE METAL DB West Coast Datacenter East Coast Datacenter DB STORAGE STORAGE On-Premise

Containers Real game changer Hypervisor disappearing, bare metal is back Kubernetes Infrastructure-as-code Container-as-a-Service AWS Fargate AWS Lambda function-as-a-service, serverless! Kubefed? Priceline for Containers? 12

DevOps This is real and highly contagious Developer decides how infrastructure runs in production Speeds up significantly how fast code goes to production 13

On-Prem Shrinking Datacenter Footprint Increasing OT & IIoT Corp IT more distributed & mobile More IoT! 14

Enterprise Mobility!= BYoD Enterprise owned handheld devices Indispensable to modern business Running apps handling sensitive business & consumer data Mobile! 15

Web Apps & APIs Web Apps for the humans APIs for the inhumans Wide window into all your data 16

SaaS More aas everywhere No infrastructure to manage No Applications to code or manage 17

SaaS 18

Security

IBM PC AT 20

November 13, 1984 PC Magazine about IBM PC AT The AT provides the first real system for allowing executives to sleep at night: A hard-to-duplicate tubular key locks all but key holders out of the system 21

34 years later No magic key = No sleep at night! Same challenges x 10 No visibility across global hybrid infrastructure Still need to do Vulnerability & Configuration management Still need to monitor integrity of systems(?) More data incoming into SIEM deployments Basically no visibility to respond Compliance demands on new infrastructure 22

23

Future of Security Transparent Orchestration Built-in Automation the only real solution Starts in DevOps New generation of Security Analytics platforms 24

Qualys

Qualys Platform Approach Embracing our own Digital Transformation Massive expansion of backend for visibility 620 Billion security datapoints indexed Comprehensive coverage of sensors scanners, agents, cloud connectors, container sensors, passive sniffers and mobile agents 26

Qualys Platform Approach Extending solutions into remediation & response Building dedicated Data science team Rapid expansion of R&D org Key technology acquisitions & Investments 27

Acquisitions & Investments Nevis Passive Scanning & Secure Access Control Netwatcher Event Correlation Platform 1Mobility Enterprise Mobility Layered Insight Built-in Runtime Container Security 42Crunch Investment API Security Frog 1 Frog 2 28

ASSET MANAGEMENT Qualys Cloud Apps AI Asset Inventory Maintain full, instant visibility of all your global IT assets SYN CMDB Sync Synchronize asset information from Qualys into ServiceNow CMDB CI Cloud Inventory Inventory of all your cloud assets across AWS, Azure, GCP and others CRI Certificate Inventory Inventory of TLS/SSL digital certificates on a global scale IT SECURITY VM Vulnerability Management TP Threat Protection CM Continuous Monitoring Continuously detect and protect against Pinpoint your most critical threats Alerts you in real time about network attacks, anytime, anywhere and prioritize patching irregularities IOC Indication of Compromise Continuously monitor endpoints to detect suspicious activity CS Container Security Discover, track, and continuously protect containers CRA Certificate Assessment Assess all your digital certificates for TLS/ SSL vulnerabilities COMPLIANCE MONITORING PC Policy Compliance Assess security configurations of IT systems throughout your network PCI PCI Compliance Automate, simplify and attain PCI compliance quickly FIM File Integrity Monitoring Log and track file changes across global IT systems SCA Security Configuration Assessment Automate configuration assessment of global IT assets CSA Cloud Security Assessment SAQ Security Assessment Questionnaire Get full visibility and control across all public cloud instances Minimize the risk of doing business with vendors and other third parties WEB APPLICATION SECURITY WAS Web Application Scanning Secure web applications with end-to-end protection WAF Web Application Firewall Block attacks and virtually patch web application vulnerabilities 29

Q4 2018 more apps to come PM Patch Management beta AM Global IT Asset Management (managed assets) GA 2018 2019 PAS Passive Network Senor (unmanaged assets) beta 30

2019 even more apps to come! Secure Enterprise Mobility Secure Access Control API Security Software Composition Analysis Breach and Attack Simulation Security Data Lake & Correlation Platform 31

Unified Dashboards 32

DEMO

It s the Platform! (a real one)

Cloud Platform Environment Security at scale on hybrid clouds 15+ products providing comprehensive suite of security solutions 10,300+ customers 7 shared cloud platforms across North America, Europe & Asia 70+ private clouds platforms deployed globally... on-prem, AWS, Azure, GCP 16+ PB storage and 16,000 cores 36

Cloud Platform Highlights 1+ trillion security events annually 3+ billion scans annually 2.5+ billion messages daily across Kafka clusters 620+ billion data points indexed in our Elasticsearch clusters Unprecedented 2-second visibility 37

Qualys Cloud Platform Sensors, Data Platform, Microservices, DevOps UI Portal API Application Services / Shared Services / Stream & Batch Processing / Reporting / Analytics Service Service Service Service Service... Qualys Streaming Data Backbone 38 Cloud Agents Passive Scanners Scanners Appliances Virtual Scanners Internet Scanners

Qualys Sensor Platform Scalable, self-updating & centrally managed Physical Virtual Cloud/Container Cloud Agents Passive API Legacy data centers Corporate infrastructure Continuous security and compliance scanning Private cloud infrastructure Virtualized Infrastructure Continuous security and compliance scanning Commercial IaaS & PaaS clouds Pre-certified in market place Fully automated with API orchestration Continuous security and compliance scanning Light weight, multiplatform On premise, elastic cloud & endpoints Real-time data collection Continuous evaluation on platform for security and compliance Passively sniff on network Real-time device discovery & identification Identification of APT network traffic Extract malware files from network for analysis Integration with Threat Intel feeds CMDB Integration Log connectors 39

Data Platform-as-a-Service Right database for the right use case Highly scalable architecture Predictable performance at scale Distributed and fault-tolerant Multi-datacenter support Open-source Commodity hardware 40

Data Platform-as-a-Service Kafka Elasticsearch Cassandra Redis Ceph Asynchronous, event-driven architecture Foundation for Qualys Cloud Platform Over 2.5 billion messages per day Search for anything Over 620 billion data points indexed Estimating about 1 trillion data points be year end Low latency storage Source of truth for data across multiple products In-memory cache Improved system performance for frequently accessed data Object storage Moving Oracle and in-house blob storage into Ceph 41

Microservices & Cloud Native Architectures Reduce risk and ship faster Change how we design and build applications and services Service Service Monoliths to microservices Well defined APIs Packaged in containers Deployed on elastic infrastructure 12-Factor apps CI/CD, Service Registry, Config Servers Service Service 42

DevOps Increased Efficiency Goal is to make software delivery vastly more efficient Supporting about 80 shared and private cloud deployments 43

Automation - Infrastructure as Code Treat systems running your software as if they themselves are software Automate Infra provisioning Configuration management Deployments.all using code 44

Monitoring Systems - Observability Centrally monitor across all platforms using a single-pane view End-to-end monitoring using Time series metrics Distributed tracing Log aggregation & analytics Alerting 45

Integrated Security - DevSecOps Built-in security practices across the DevOps lifecycle Qualys-on-Qualys Manage vulnerabilities Comply with policies Secure and shield web apps Validate file integrity Monitor systems 46

Qualys Cloud Platform Integrated Suite of Integrated Applications Suite of Applications CA AI VM CM TP FIM PC PCI SAQ IOC WAS WAF Shared Services Authentication Service Authorization Service Subscription Service Indexing Service Data Sync Service Tagging Service Messaging, Data, Analytics Platform Infrastructure and DevOps Toolchain Logging Monitoring Config Mgmt. Service Registry CI/CD Docker/ Kubernetes 47

ASSET MANAGEMENT Qualys Cloud Applications AI Asset Inventory Maintain full, instant visibility of all your global IT assets SYN CMDB Sync Synchronize asset information from Qualys into ServiceNow CMDB CI Cloud Inventory Inventory of all your cloud assets across AWS, Azure, GCP and others CRI Certificate Inventory of TLS/SSL digital certificates on a global scale IT SECURITY VM Vulnerability Management Threat Protection Continuous Monitoring Continuously detect and protect against attacks, anytime, anywhere TP Pinpoint your most critical threats and prioritize patching CM Alerts you in real time about network irregularities IOC Indication of Compromise Continuously monitor endpoints to detect suspicious activity CS Container Security Discover, track, and continuously protect containers CRA Certificate Assessment Assess all your digital certificates for TLS/ SSL vulnerabilities Patch Management (Beta) Select, manage, and deploy patches to remediate vulnerabilities COMPLIANCE MONITORING PC Policy Compliance Assess security configurations of IT systems throughout your network PCI PCI Compliance Automate, simplify and attain PCI compliance quickly FIM File Integrity Monitoring Log and track file changes across global IT systems SCA Security Configuration Automate Assessment configuration assessment of global IT assets CSA Cloud Security Assessment Get full visibility and control across all public cloud instances SAQ Security Assessment Questionnaire Minimize the risk of doing business with vendors and other third parties WEB APPLICATION SECURITY WAS Web Application Secure Scanning web applications with end-to-end protection WAF Web Application Firewall Block attacks and virtually patch web application vulnerabilities 48

Advanced Correlation & Analytics ML/AI Service Patterns Outlier Predictive SoC Orchestration & Automation Integration Playbooks Response UEBA User & Entity Behavior Analytics Threat Hunting Search Exploration Behavior Graph Security Analytics Anomaly Visualization Dashboard Advanced Correlation Actionable Insights Out-of-box Rules Qualys Security Data Lake Platform Data Ingestion Normalization Enrichment Governance CA VM AI PC IOC WAS WAF Network Security Server End Point Qualys Apps Apps Cloud Users IoT Qualys Quick Connectors 49

18 QUALYS SECURITY CONFERENCE 2018 Thank You Sumedh Thakar sthakar@qualys.com

51

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback