QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014

  1. 1.   Marek  Skalicky,  CISM,  CRISC   Managing  Director  for  Central  Eastern  Europe   Qualys  GmbH                                                                                                                                September,  2013   QualysGuard     RoadMap  for  H2-­‐2013/H1-­‐2014   Transforming  IT  Security  &  Compliance  
  2. 2. Uses  the  Extensible  QG  Cloud  PlaEorm     2   Expanding  to  Real-­‐Time  Big  Data  and  CorrelaIon  
  3. 3.                Leveraging  the  PlaEorm                  New  Services  in  Development      ConInuous  Perimeter  Monitoring   Alerts  in  real  Ime  of  new  vulnerabiliIes,  misconfiguraIon  and  zero  days  (Q3’13  Beta)    Mobile  Device  Security  &  Compliance   Cloud  Security  Agent  scalable  to  millions  of  devices  (Q3’13  Beta-­‐  on  Windows)       Web  ApplicaIon  AnalyIcs   Big  data  correlaIon  cloud  backend  to  correlate  all  applicaIon  info  (Q1’14  Beta)     Secure  Web  Gateway/URL/Content  Filtering   Based  on  the  QualysGuard  Cloud  PlaEorm  and  Cloud  Security  Agent  (Q1’14  Beta)     Web  Exploit/RemediaIon  Console     Verifies  vulnerabiliIes,  generates  exploits  and  integrates  with  Burp  Suite  (Q4’13  Beta)     Malware  ProtecIon  Services   Alert  on  Malware  Threats  and  APT    (Q2’14  Beta)   3  
  4. 4. ConInuous   Perimeter   Monitoring       •  New  metaphor  for  Perimeter  Security     (Data/Event  Driven)*   •  ConInuous  network  mapping  and   low  profile  vulnerability  scanning  of   Internet  Perimeter   •  Instant  noIficaIon  on  any  Perimeter   fingerprint  changes:   •  New  IP  discovered   •  New  TCP/UDP  port/service  open   •  New  version  of  OS  or  App   •  New  vulnerability  discovered   *Launch  at  the  Qualys  Security  Conference  Sept  2013      4  
  5. 5. Mobile  Device  Security   &  Compliance  agent     •  First-­‐Ime-­‐ever  Agent-­‐based  soluIon  from  Qualys   (runs  as  SaaS)   •  Periodic  Security  &  Compliance  audit  of  mobile   devices  (plaEorms)  configuraIon   •  Pilot  version  for  Windows  7/8  plaEorms   •  Next  version  for  Mac  OS  (H1-­‐2014)   •  Android,  iOS,  Windows  Mobile  (H1-­‐2014)             5  
  6. 6. DETECTION PREVENTION REMEDIATION FORENSICS WebAppScanning MalwareDetection WebApplicationFirewall Exploits BURPSuiteSourceCode Log Analysis WEB APPS Qualys  Strategy  for  Web  App  Security   •  Detec@on   –  WAS,  MDS   •  Protec@on   –  WAF*   •  Monitoring/Forensics   –  Log  Analysis*   •  Remedia@on   –  Interac4ve  Tes4ng  Tools*   –  Remedia4on  Workflow*   –  SCA  Correla4on*   6   *Services in development
  7. 7. DETECT ANALYZE PROTECT COMPLY Discovery Catolog VulnAppScanningMalwareDetection WebAppFirewall PCI OWASP WEB APPS Benefits  of  QG  WAS  Approach   QualysGuard  plaEorm  delivers  integrated  soluIons   •  Distributed  Scanning   –  Cloud/Internal/Virtual   •  Highly  Automated   –  Integrated  Browser   •  Accurate   –  Low  False-­‐PosiIve  Rate   •  Integrated   –  Reuse  QA  Selenium     FuncIonal  TesIng  Scripts   7  
  8. 8. 8   Web  ApplicaIon  Scanning  3.0   Integrates  Malware  DetecIon  and  Burp  Suite   Large  deployments  at  Microsoe  and  others  
  9. 9. QG  WAS  Today   Best  PracIces  Scanning  SoluIon     •  Collabora@on   –  Involve  all  the  ApplicaIon   Stakeholders   •  Ease  of  Use   –  Dashboard/Wizards/Context   sensiIve   •  Vulnerability  Metrics   –  Tag  based  reporIng   –  Configurable  Formats   9  
  10. 10. QG  WAS  3.0   Integrated  Website  Malware  Monitoring   •  Malware  Protec@on   –  Safeguard  your  website   users  and  brand   reputaIon   •  4  Detec@on  Techniques   –  AnIvirus  –  for  documents   –  HeurisIc   –  ReputaIon   –  Behavioral   •  Addresses   –  Zero  Day  Risk   10  
  11. 11. QG  WAS  3.0   Aiack  Proxy  IntegraIon  –  Phase  1   •  Store  and  manage   –  Burp  scan  data     –  Share  safely   •  Act  on  Burp  scan  findings   –  Associate  with  web  app   –  Mark  as  risk  accepted,  etc   –  Filter  based  on  aiributes     11  
  12. 12. QG  WAS  DirecIons  in  2013/2014   Full  Web  App  TesIng  SoluIon       •  Addi@onal  Interac@ve  Tools   Support  (Burp/ZAP)   –  Store  Manual  Findings   –  Trend/Report  with  Automated   findings   –  Complete  Web  App  TesIng   Picture   –  Send  WAS  Aiack  Requests  to   aiack  proxies     •  Remedia@on  Workflow     •  SCA  Correla@on   12  
  13. 13. QG  WAS  Release  Timeline     WAS 2.1 Selenium Authentication November 2011 WAS 2.2 APIs January 2012 WAS 2.3 Selenium Crawl Scripts April 2012 WAS 2.3.1 Workflow Enhancements July 2012 WAS 2.3.2 Web App Management Oct 2012 WAS 2.4 Reporting Enhancements Dec 2012 WAS 3.0 Malware Scanning and Burp Scan Results Q2 2013 7 Releases Since November 2011
  14. 14. QG  WAS  Roadmap   US  release  targets  (EU  approx  15  days  later)   WAS 3.0 Q2 2013 •  Malware Scanning •  Configure Malware scanning of external websites •  Notify subscription owners when Malware identified •  Import Burp Pro Scanning Results •  Store Burp and WAS results in one place •  Browse Burp Findings WAS 3.1 Q2/Q3 2013 •  Tree Control to display the site map (collapsable/ drillable) •  Current statuses •  Create web app from branch •  Black list for branch •  Filter views •  Single (latest) scan for web app level, scans have their own •  Dedicated Authentication Records WAS 3.2 Q3 2013 •  User Defined Vulnerability Definitions in Qualys •  Users to define attributes of vulnerabilities - by subscription •  Define description, impact, solution, severity level etc •  Enable user defined vulnerabilities and evidence to be associated with web app •  Detection API (tenative) •  Limit scans to time limit (user specifies end date/ time)
  15. 15. QG WAS Customers: •  Use  VM  to  discover  vulnerabiliIes  on  OS,   TCP/UDP  layer  and  Web  Server  Engines  (IIS,   Apache,  …  )   •  Deploy  virtual  patches  to  WAF  using  the   vulnerabiliIes  idenIfied  in  WAS   –  WAS  already  supports  Imperva,  F5,  Citrix   •  Combine  WAS  and  MDS  scanning  of  sites   •  WAF  to  provide  WAS/MDS  with  site  resource   structure  to  ensure  complete  scanning   coverage   •  WA  Log  Analyzer  integraIon  –  entering  the   SIEM  in  SaaS  model   •  WA  SCA  Analyzer  integraIon  -­‐  Service   Component  Architecture  assessment.   WAS VM QG  Web  App  Security  SoluIons   Seamless  integraIon  with  other  Qualys  services   15   MDS WA LogA WAF WA SCA
  16. 16. hip://www.qualys.com/waf                                QG  Web  ApplicaIon  Firewall                                  (Beta  2  for  Amazon  EC/2  and  VMware)    §  Hybrid  Cloud  WAF   –  Provides  protecIon  against  known   and  emerging  web  applicaIon   threats,  and  helps  increase  web   site  performance  through  caching,   compression  and  content   opImizaIon,  with  no  equipment   needed.   §  Benefits   –  Zero/Low-­‐footprint,  low  cost   deployment     –  Ease  of  use,  ease  of  maintenance   –  Real-­‐Ime  aiack  prevenIon   Virtual  patching  and  applicaIon   hardening   16  
  17. 17. •  AYack  detec@on  and   preven@on   −  Security  policy  enforcement   −  ApplicaIon  hardening   −  Spam  and  malware  detecIon   −  InformaIon  leakage  detecIon   −  ConInuous  passive  applicaIon   scanning   QG  Web  App  Firewall   Stop  unwanted  traffic  and  prevent  informaIon  leakage 17  
  18. 18. QualysGuard  Private  Cloud  PlaEorm   (VCE  VBLOCK  ImplementaIon)   18   24x7x365  Monitoring  and  Support   Daily  Vulnerability  Feeds   Bi-­‐quarterly  PlaEorm  Updates  SOC   VMware  ESX  and  ESXi   §  VCE  =    VMware  +  Cisco  +  EMC  plaEorm     §  Extends  the  reach  of  Qualys  by   enabling  MSSPs,  large  Enterprises,   Government  or  Military  agencies     to  deploy  the  QualysGuard  Cloud   plaEorm  in  their  own  data  center.   §  Remotely  provided  by  Qualys  as  SaaS   service:   §  Fully  Connected   §  Semi  Connected   §  Fully  Disconnected    
  19. 19. 19   Security Operations Center: 24x7x365 Operation, Administration and Maintenance (OAM) Platform Software Update (iterations every 6 weeks) QualysGuard Private Cloud Platform Vulnerability Office Daily Updates Qualys or customer IPsec VPN Endpoint Optional customer firewall for filtering and logging Qualys platform firewall filtering VPN access Qualys platform firewall filtering service access Optional customer access gateway or bastion host configured to suit customer authentication and logging requirements Qualys platform IPS filtering service access Qualys platform IPS filtering VPN access Optionally customer can gate SOC access to the platform, only allowing access when required by Qualys through a change management request Private  Cloud  OperaIon  and  Maintenance  
  20. 20. Qualys  Cloud  Deployment  Model   20  
  21. 21. Thank You mskalicky@qualys.com Transforming  IT  Security  &  Compliance