Your SlideShare is downloading. ×
0
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Managing risk and vulnerabilities in a business context

196

Published on

Cyber attacks have a direct impact on the bottom line, yet most organizations lack the visibility and understanding to manage IT risk from the business perspective. This presentation is from a webcast …

Cyber attacks have a direct impact on the bottom line, yet most organizations lack the visibility and understanding to manage IT risk from the business perspective. This presentation is from a webcast where a panel of experts examined how to shift from viewing IT risk in bits and bytes to having an impact on critical applications in the data center.

- Learn why and how more organizations are beginning to move ownership of IT risk to the business
- Understand how to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers
- Learn about the integration between Qualys and AlgoSec that enables business stakeholders to “own the risk”

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
196
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Managing Risk and Vulnerabilities in a Business Context
  • 2. Corey Bodzin VP of Product Management Qualys Nimmy Reichenberg VP of Strategy AlgoSec Kevin Beaver CISSP Principle Logic, LLC
  • 3. Tennyson would be impressed… • NVD 60,865 CVEs since 1999 • 7,322 published in 2013 alone • 385 Severity 5’s published by Qualys in 2013 • 4 iDefense Exclusive Zero-Day vulnerabilities in just February alone!
  • 4. “Risk and the accountability for risk acceptance are — and should be — owned by the business units creating and managing those risks.” - Paul Proctor, VP, Distinguished Analyst
  • 5. Severity Threat Path Analysis Asset Tagging CriƟcal ≠ Important Assume everything is “Hackable” VERY difficult to maintain with pace of change
  • 6. By server/ device 22% By network segment 30% By business application 48% What is your ideal method for prioritizing network vulnerabilities? Source: Examining the Impact of Security Management on the Business, AlgoSec, Oct 2013
  • 7. The Impact of the Cloud and SDN on IT Risk and Policy Management
  • 8. Integration between Qualys and AlgoSec
  • 9. QualysGuard Integrated Suite of Security & Compliance Solutions *In Beta Vulnerability Management Policy Compliance Customizable Questionnaires PCI DSS Web Application Scanning Malware Detection Web Application Firewall Web Application Log Analysis Continuous Monitoring * ** Asset Management * *
  • 10. Qualys Drives Visibility VMware ESX and ESXi Physical Scanners Browser Plugins Mobile Agents Virtual Scanners Hypervisor IaaS/PaaS Perimeter Scanners
  • 11. Analysis Drives Action Who is the owner? What business processes does it support? Are there regulatory requirements? Who is the last logged on user? Is there customer data present? What is the SLA for patching? Physical Scanners Mobile Agents
  • 12. Firewall Analyzer Security Policy Analysis & Audit FireFlow Security Policy Change Automation BusinessFlow Business Application Connectivity MgmtBusiness Applications Security Infrastructure Application Owners AlgoSec Security Management Suite SecurityNetwork Operations AlgoSec Security Management Suite
  • 13. Next Steps and Q&A Security Policy Management in the Data Center for Dummies: Available at www.algosec.com Read Kevin’s Books, blogs and columns at www.principlelogic.com/resources and blog.algosec.com/author/kbeaver Follow Kevin’s musings on Twittter at @kevinbeaver Request an Evaluation of the AlgoSec Suite: www.algosec.com/eval Visit us at www.qualys.com QualysGuard Free Trial www.qualys.com/trials For future webcasts visit us at www.qualys.com/webcasts
  • 14. Managing Risk and Vulnerabilities in a Business Context

×