How to reduce business risks
by implementing VULNERABILITY MANAGEMENT process?

 Edvinas Pranculis MM, CISA, CISM
 Regiona...
Agenda


 Risk Management

 Vulnerability Management

 QualysGuard & SaaS Model

 Q&A
Risk Management Process
  How to treat risk?

                       Risk Treatment Techniques


                         ...
Defining Risk & Risk Mitigation
What is most effective way to reduce risk?

                                   Risk Mitiga...
Need for Vulnerability Management

  Vulnerabilities on                        Sources of Vulnerabilities
  network are GO...
Key to Security?
Fixing problems before bad guys find them…

                              Hacking Linux Exposed



      ...
Security + Compliance
Lifecycle Workflow




Under this new paradigm, a system is deemed out of compliance if it is:

  Vu...
Security + Compliance
Delivered as a Service




       Bringing Security and Compliance Audits in a Single Solution,
    ...
Reporting
Communicate and consult




                                              And Delivering it as a Service




   ...
QualysGuard Global Infrastructure
Security + Compliance




                                                           End...
QualysGuard Adoption
by Industry Verticals                                     Page 2 of 2

      Media        Energy/Util...
QualysGuard Adoption
by Industry Verticals                                          Page 1 of 2


     Insurance       Fin...
Qualys Strategic Partners
Global Partner Network



        Media
Benefits of Vulnerability Management


   Vulnerability management gives you control and
   visibility to manage your netw...
Q&A




                 Thank You
                  epranculis@qualys.com

 Please visit www.qualys.com for a 14-day FREE...
Upcoming SlideShare
Loading in...5
×

Qualis how+to+reduce+business+risks+by+implementing+vulnerability+management+process+~20100413

808

Published on

Reducing Business Risks By Implementing A Vulnerability Management Process

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
808
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Qualis how+to+reduce+business+risks+by+implementing+vulnerability+management+process+~20100413

  1. 1. How to reduce business risks by implementing VULNERABILITY MANAGEMENT process? Edvinas Pranculis MM, CISA, CISM Regional Account Manager – Eastern Europe & Central Asia
  2. 2. Agenda Risk Management Vulnerability Management QualysGuard & SaaS Model Q&A
  3. 3. Risk Management Process How to treat risk? Risk Treatment Techniques Risk Transference Risk Acceptance / Tolerance Risk Mitigation / Reduction Risk Avoidance Risk Containment * AS/NZS 4360:2004
  4. 4. Defining Risk & Risk Mitigation What is most effective way to reduce risk? Risk Mitigation Techniques Reduce Threats EFFECTIVENESS Reduce Vulnerabilities Reduce Asset Value Detect Recover Level of Risk = f (BI, LoT, LoV)
  5. 5. Need for Vulnerability Management Vulnerabilities on Sources of Vulnerabilities network are GOLD to cyber criminals: Programming errors Unintentional mistakes – Provide unauthorized entry to Intentional malware software networks Improper system configurations – Can expose confidential information, Remote users sidestepping fuel stolen identities, violate privacy perimeter security laws, or paralyze operations Rising attacks through viewing – Exposure is extreme for networks popular websites with vulnerable devices connected Flaws in algorithms by IP etc.
  6. 6. Key to Security? Fixing problems before bad guys find them… Hacking Linux Exposed “… the countermeasure that will protect you, should a hacker scan your machines with a scanner, is to scan your own systems first. Make sure to address any problems and then a scan by a hacker will give him no edge…”
  7. 7. Security + Compliance Lifecycle Workflow Under this new paradigm, a system is deemed out of compliance if it is: Vulnerable to attacks Improperly configured In violation of internal policies or external regulations
  8. 8. Security + Compliance Delivered as a Service Bringing Security and Compliance Audits in a Single Solution, Operationalising it and Delivering it as a Service NO SOFTWARE TO INSTALL AND MAINTAIN
  9. 9. Reporting Communicate and consult And Delivering it as a Service The Security + Compliance Conundrum Leveraging CobIT, ISO, ITIL and NIST Security & Compliance Frameworks
  10. 10. QualysGuard Global Infrastructure Security + Compliance End to End Security Annual Volume of Scans: 500+ millions IP audit scans with 7,000 scanner appliances in over 85 countries The world's largest VM enterprise deployment at a Forbes Global 50 with 220+ scanner appliances deployed in 52 countries scanning ~700 000 IPs
  11. 11. QualysGuard Adoption by Industry Verticals Page 2 of 2 Media Energy/Utilities Consumer Products Health Care Manufacturing Education Transportation Government
  12. 12. QualysGuard Adoption by Industry Verticals Page 1 of 2 Insurance Financial Services Financial Services Chemical Portals/Internet Retail Technology Consulting
  13. 13. Qualys Strategic Partners Global Partner Network Media
  14. 14. Benefits of Vulnerability Management Vulnerability management gives you control and visibility to manage your networks security effectively and document compliance Vulnerability management is PROACTIVE approach to security
  15. 15. Q&A Thank You epranculis@qualys.com Please visit www.qualys.com for a 14-day FREE trial - NO SOFTWARE TO INSTALL OR MAINTAIN -
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×