0
 
Marek	
  Skalicky,	
  CISM,	
  CRISC	
  
Managing	
  Director	
  for	
  Central	
  Eastern	
  Europe	
  
Qualys	
  GmbH	...
Uses	
  the	
  Extensible	
  QG	
  Cloud	
  PlaEorm	
  
	
  
2	
  
Expanding	
  to	
  Real-­‐Time	
  Big	
  Data	
  and	
 ...
 	
  	
  	
  	
  	
  	
  	
  Leveraging	
  the	
  PlaEorm	
  
	
  	
  	
  	
  	
  	
  	
  	
  New	
  Services	
  in	
  Dev...
ConInuous	
  
Perimeter	
  
Monitoring	
  
	
  
	
  
•  New	
  metaphor	
  for	
  Perimeter	
  Security	
  	
  
(Data/Even...
Mobile	
  Device	
  Security	
  
&	
  Compliance	
  agent	
  
	
  
•  First-­‐Ime-­‐ever	
  Agent-­‐based	
  soluIon	
  fr...
DETECTION
PREVENTION
REMEDIATION
FORENSICS
WebAppScanning MalwareDetection
WebApplicationFirewall
Exploits
BURPSuiteSource...
DETECT
ANALYZE
PROTECT
COMPLY
Discovery Catolog
VulnAppScanningMalwareDetection
WebAppFirewall PCI OWASP
WEB APPS
Benefits	...
8	
  
Web	
  ApplicaIon	
  Scanning	
  3.0	
  
Integrates	
  Malware	
  DetecIon	
  and	
  Burp	
  Suite	
  
Large	
  depl...
QG	
  WAS	
  Today	
  
Best	
  PracIces	
  Scanning	
  SoluIon	
  	
  
•  Collabora@on	
  
–  Involve	
  all	
  the	
  App...
QG	
  WAS	
  3.0	
  
Integrated	
  Website	
  Malware	
  Monitoring	
  
•  Malware	
  Protec@on	
  
–  Safeguard	
  your	
...
QG	
  WAS	
  3.0	
  
Aiack	
  Proxy	
  IntegraIon	
  –	
  Phase	
  1	
  
•  Store	
  and	
  manage	
  
–  Burp	
  scan	
  ...
QG	
  WAS	
  DirecIons	
  in	
  2013/2014	
  
Full	
  Web	
  App	
  TesIng	
  SoluIon	
  	
  
	
  
•  Addi@onal	
  Interac...
QG	
  WAS	
  Release	
  Timeline	
  
	
  
WAS 2.1
Selenium
Authentication
November
2011
WAS 2.2
APIs
January
2012
WAS 2.3
...
QG	
  WAS	
  Roadmap	
  
US	
  release	
  targets	
  (EU	
  approx	
  15	
  days	
  later)	
  
WAS 3.0
Q2 2013
•  Malware ...
QG WAS Customers:
•  Use	
  VM	
  to	
  discover	
  vulnerabiliIes	
  on	
  OS,	
  
TCP/UDP	
  layer	
  and	
  Web	
  Serv...
hip://www.qualys.com/waf	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  QG	
  Web	
  ApplicaIon	
  Firewa...
•  AYack	
  detec@on	
  and	
  
preven@on	
  
−  Security	
  policy	
  enforcement	
  
−  ApplicaIon	
  hardening	
  
−  S...
QualysGuard	
  Private	
  Cloud	
  PlaEorm	
  
(VCE	
  VBLOCK	
  ImplementaIon)	
  
18	
  
24x7x365	
  Monitoring	
  and	
...
19	
  
Security Operations Center: 24x7x365
Operation, Administration and Maintenance (OAM)
Platform Software Update (iter...
Qualys	
  Cloud	
  Deployment	
  Model	
  
20	
  
Thank You
mskalicky@qualys.com
Transforming	
  IT	
  Security	
  &	
  Compliance	
  
Upcoming SlideShare
Loading in...5
×

QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014

479

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
479
On Slideshare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014"

  1. 1.   Marek  Skalicky,  CISM,  CRISC   Managing  Director  for  Central  Eastern  Europe   Qualys  GmbH                                                                                                                                September,  2013   QualysGuard     RoadMap  for  H2-­‐2013/H1-­‐2014   Transforming  IT  Security  &  Compliance  
  2. 2. Uses  the  Extensible  QG  Cloud  PlaEorm     2   Expanding  to  Real-­‐Time  Big  Data  and  CorrelaIon  
  3. 3.                Leveraging  the  PlaEorm                  New  Services  in  Development      ConInuous  Perimeter  Monitoring   Alerts  in  real  Ime  of  new  vulnerabiliIes,  misconfiguraIon  and  zero  days  (Q3’13  Beta)    Mobile  Device  Security  &  Compliance   Cloud  Security  Agent  scalable  to  millions  of  devices  (Q3’13  Beta-­‐  on  Windows)       Web  ApplicaIon  AnalyIcs   Big  data  correlaIon  cloud  backend  to  correlate  all  applicaIon  info  (Q1’14  Beta)     Secure  Web  Gateway/URL/Content  Filtering   Based  on  the  QualysGuard  Cloud  PlaEorm  and  Cloud  Security  Agent  (Q1’14  Beta)     Web  Exploit/RemediaIon  Console     Verifies  vulnerabiliIes,  generates  exploits  and  integrates  with  Burp  Suite  (Q4’13  Beta)     Malware  ProtecIon  Services   Alert  on  Malware  Threats  and  APT    (Q2’14  Beta)   3  
  4. 4. ConInuous   Perimeter   Monitoring       •  New  metaphor  for  Perimeter  Security     (Data/Event  Driven)*   •  ConInuous  network  mapping  and   low  profile  vulnerability  scanning  of   Internet  Perimeter   •  Instant  noIficaIon  on  any  Perimeter   fingerprint  changes:   •  New  IP  discovered   •  New  TCP/UDP  port/service  open   •  New  version  of  OS  or  App   •  New  vulnerability  discovered   *Launch  at  the  Qualys  Security  Conference  Sept  2013      4  
  5. 5. Mobile  Device  Security   &  Compliance  agent     •  First-­‐Ime-­‐ever  Agent-­‐based  soluIon  from  Qualys   (runs  as  SaaS)   •  Periodic  Security  &  Compliance  audit  of  mobile   devices  (plaEorms)  configuraIon   •  Pilot  version  for  Windows  7/8  plaEorms   •  Next  version  for  Mac  OS  (H1-­‐2014)   •  Android,  iOS,  Windows  Mobile  (H1-­‐2014)             5  
  6. 6. DETECTION PREVENTION REMEDIATION FORENSICS WebAppScanning MalwareDetection WebApplicationFirewall Exploits BURPSuiteSourceCode Log Analysis WEB APPS Qualys  Strategy  for  Web  App  Security   •  Detec@on   –  WAS,  MDS   •  Protec@on   –  WAF*   •  Monitoring/Forensics   –  Log  Analysis*   •  Remedia@on   –  Interac4ve  Tes4ng  Tools*   –  Remedia4on  Workflow*   –  SCA  Correla4on*   6   *Services in development
  7. 7. DETECT ANALYZE PROTECT COMPLY Discovery Catolog VulnAppScanningMalwareDetection WebAppFirewall PCI OWASP WEB APPS Benefits  of  QG  WAS  Approach   QualysGuard  plaEorm  delivers  integrated  soluIons   •  Distributed  Scanning   –  Cloud/Internal/Virtual   •  Highly  Automated   –  Integrated  Browser   •  Accurate   –  Low  False-­‐PosiIve  Rate   •  Integrated   –  Reuse  QA  Selenium     FuncIonal  TesIng  Scripts   7  
  8. 8. 8   Web  ApplicaIon  Scanning  3.0   Integrates  Malware  DetecIon  and  Burp  Suite   Large  deployments  at  Microsoe  and  others  
  9. 9. QG  WAS  Today   Best  PracIces  Scanning  SoluIon     •  Collabora@on   –  Involve  all  the  ApplicaIon   Stakeholders   •  Ease  of  Use   –  Dashboard/Wizards/Context   sensiIve   •  Vulnerability  Metrics   –  Tag  based  reporIng   –  Configurable  Formats   9  
  10. 10. QG  WAS  3.0   Integrated  Website  Malware  Monitoring   •  Malware  Protec@on   –  Safeguard  your  website   users  and  brand   reputaIon   •  4  Detec@on  Techniques   –  AnIvirus  –  for  documents   –  HeurisIc   –  ReputaIon   –  Behavioral   •  Addresses   –  Zero  Day  Risk   10  
  11. 11. QG  WAS  3.0   Aiack  Proxy  IntegraIon  –  Phase  1   •  Store  and  manage   –  Burp  scan  data     –  Share  safely   •  Act  on  Burp  scan  findings   –  Associate  with  web  app   –  Mark  as  risk  accepted,  etc   –  Filter  based  on  aiributes     11  
  12. 12. QG  WAS  DirecIons  in  2013/2014   Full  Web  App  TesIng  SoluIon       •  Addi@onal  Interac@ve  Tools   Support  (Burp/ZAP)   –  Store  Manual  Findings   –  Trend/Report  with  Automated   findings   –  Complete  Web  App  TesIng   Picture   –  Send  WAS  Aiack  Requests  to   aiack  proxies     •  Remedia@on  Workflow     •  SCA  Correla@on   12  
  13. 13. QG  WAS  Release  Timeline     WAS 2.1 Selenium Authentication November 2011 WAS 2.2 APIs January 2012 WAS 2.3 Selenium Crawl Scripts April 2012 WAS 2.3.1 Workflow Enhancements July 2012 WAS 2.3.2 Web App Management Oct 2012 WAS 2.4 Reporting Enhancements Dec 2012 WAS 3.0 Malware Scanning and Burp Scan Results Q2 2013 7 Releases Since November 2011
  14. 14. QG  WAS  Roadmap   US  release  targets  (EU  approx  15  days  later)   WAS 3.0 Q2 2013 •  Malware Scanning •  Configure Malware scanning of external websites •  Notify subscription owners when Malware identified •  Import Burp Pro Scanning Results •  Store Burp and WAS results in one place •  Browse Burp Findings WAS 3.1 Q2/Q3 2013 •  Tree Control to display the site map (collapsable/ drillable) •  Current statuses •  Create web app from branch •  Black list for branch •  Filter views •  Single (latest) scan for web app level, scans have their own •  Dedicated Authentication Records WAS 3.2 Q3 2013 •  User Defined Vulnerability Definitions in Qualys •  Users to define attributes of vulnerabilities - by subscription •  Define description, impact, solution, severity level etc •  Enable user defined vulnerabilities and evidence to be associated with web app •  Detection API (tenative) •  Limit scans to time limit (user specifies end date/ time)
  15. 15. QG WAS Customers: •  Use  VM  to  discover  vulnerabiliIes  on  OS,   TCP/UDP  layer  and  Web  Server  Engines  (IIS,   Apache,  …  )   •  Deploy  virtual  patches  to  WAF  using  the   vulnerabiliIes  idenIfied  in  WAS   –  WAS  already  supports  Imperva,  F5,  Citrix   •  Combine  WAS  and  MDS  scanning  of  sites   •  WAF  to  provide  WAS/MDS  with  site  resource   structure  to  ensure  complete  scanning   coverage   •  WA  Log  Analyzer  integraIon  –  entering  the   SIEM  in  SaaS  model   •  WA  SCA  Analyzer  integraIon  -­‐  Service   Component  Architecture  assessment.   WAS VM QG  Web  App  Security  SoluIons   Seamless  integraIon  with  other  Qualys  services   15   MDS WA LogA WAF WA SCA
  16. 16. hip://www.qualys.com/waf                                QG  Web  ApplicaIon  Firewall                                  (Beta  2  for  Amazon  EC/2  and  VMware)    §  Hybrid  Cloud  WAF   –  Provides  protecIon  against  known   and  emerging  web  applicaIon   threats,  and  helps  increase  web   site  performance  through  caching,   compression  and  content   opImizaIon,  with  no  equipment   needed.   §  Benefits   –  Zero/Low-­‐footprint,  low  cost   deployment     –  Ease  of  use,  ease  of  maintenance   –  Real-­‐Ime  aiack  prevenIon   Virtual  patching  and  applicaIon   hardening   16  
  17. 17. •  AYack  detec@on  and   preven@on   −  Security  policy  enforcement   −  ApplicaIon  hardening   −  Spam  and  malware  detecIon   −  InformaIon  leakage  detecIon   −  ConInuous  passive  applicaIon   scanning   QG  Web  App  Firewall   Stop  unwanted  traffic  and  prevent  informaIon  leakage 17  
  18. 18. QualysGuard  Private  Cloud  PlaEorm   (VCE  VBLOCK  ImplementaIon)   18   24x7x365  Monitoring  and  Support   Daily  Vulnerability  Feeds   Bi-­‐quarterly  PlaEorm  Updates  SOC   VMware  ESX  and  ESXi   §  VCE  =    VMware  +  Cisco  +  EMC  plaEorm     §  Extends  the  reach  of  Qualys  by   enabling  MSSPs,  large  Enterprises,   Government  or  Military  agencies     to  deploy  the  QualysGuard  Cloud   plaEorm  in  their  own  data  center.   §  Remotely  provided  by  Qualys  as  SaaS   service:   §  Fully  Connected   §  Semi  Connected   §  Fully  Disconnected    
  19. 19. 19   Security Operations Center: 24x7x365 Operation, Administration and Maintenance (OAM) Platform Software Update (iterations every 6 weeks) QualysGuard Private Cloud Platform Vulnerability Office Daily Updates Qualys or customer IPsec VPN Endpoint Optional customer firewall for filtering and logging Qualys platform firewall filtering VPN access Qualys platform firewall filtering service access Optional customer access gateway or bastion host configured to suit customer authentication and logging requirements Qualys platform IPS filtering service access Qualys platform IPS filtering VPN access Optionally customer can gate SOC access to the platform, only allowing access when required by Qualys through a change management request Private  Cloud  OperaIon  and  Maintenance  
  20. 20. Qualys  Cloud  Deployment  Model   20  
  21. 21. Thank You mskalicky@qualys.com Transforming  IT  Security  &  Compliance  
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×