QualysGuard InfoDay 2013 - Nové funkce QG


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Users now have the option to leverage their existing Quest One Privileged Password Manager (formerly e-DMZ PAR) for their QualysGuard authenticated scans – for both vulnerability scans and compliance scans of Windows and Unix hosts. How it works: In order to retrieve the password from Quest, the scanning engine authenticates to the Quest server using the credentials provided in the vault record, and then searches for the System Name provided in the Windows/Unix authentication record to get the password. A single exact match of the system name must be found in order for authentication to be successful. Follow these steps to create and deploy a Quest Vault:1) Go to the vaults list. Go to Scans > Authentication and then select New > Authentication Vaults. 2) Create a new Quest Vault authentication record. Select New > Quest Vault. 3) Enter the vault record definition. Enter vault record details including a vault title, the IP address of the Quest server where the vault is stored, the port number where the Quest server is running, the user name to be used, and the encryption key that is required to access the vault. Be sure to click Save. 4) Select the Authentication Vault option in authentication records. You can select a vault in Windows and Unix records. In the Login Credentials section, select “Authentication Vault” and the vault type “Quest Server”. In the fields provided enter the user name for the system user account to be used, the title of the Quest Vault record you created in your QualysGuard account, and the name of the managed system that contains the password to be used for authenticated scans. 5) Launch a scan. To launch a vulnerability scan, go to VM > Scans and then select New > Scan or select New > Schedule Scan to schedule it for later. To launch a compliance scan, go to PC > Scans and then select New > Scan or select New > Schedule Scan to schedule it.
  • Using the Quick Actions menu, you can pull a report for the specific vulnerability listed from iDefense. This allows you to see your asset groups at the most risk. You can also get a list of the impacted hosts for this particular vulnerability. Introducing Microsoft Patch Tuesday Predictions (Beta) We are pleased to announce the launch of the QualysGuard Vulnerability Predictive Analytics Engine (Beta). The Predictive Analytics Engine provides users with vulnerability predictions and analyzes whether systems are vulnerable to attacks without the need to perform a new scan. A complimentary new dashboard widget called “New MS Patch Releases” leverages the Predictive Analytics Engine for Microsoft Patch Tuesday vulnerabilities to give users a preview into the risk of the most recent vulnerabilities associated with Microsoft security bulletins, also without the need to perform scans. Please contact your Technical Account Manager to learn more about the Beta program. New MS Patch Releases New MS Patch Releases is a new dashboard widget that is available to complement the service. Tip: If the New MS Patch Releases widget does not appear on your dashboard, click the Configure link next to “Dashboard” and select it in the Dashboard Setup. KnowledgeBase Predictions The Predictive Analytics Engine also makes predictions for many more vulnerabilities in the KnowledgeBase. Go to KnowledgeBase > Predictions to explore all the available vulnerabilities that can be predicted and their impact on your host assets. How it Works As new vulnerabilities are inserted in the KnowledgeBase on an ongoing basis, some of them can be predicted based on an analysis of the current host scan results within your account without the need to perform a new scan. These host scan details are used to make predictions: operating system, software installed and software version installed. The Predictive Analytics Engine assigns a confidence level to predictions, Likely or Potential, and when hosts with predicted vulnerabilities are scanned and they are detected the confidence level will be changed to Confirmed .
  • QualysGuard InfoDay 2013 - Nové funkce QG

    1. 1. www.rac.cz RiskAnalysisConsultants V060420 Nové funkce v Qualysu RAC QualysGuard InfoDay 2012 1
    2. 2. www.rac.cz RiskAnalysisConsultants V060420 Nové funkce v Qualysu RAC QualysGuard InfoDay 2012 2
    3. 3. www.rac.cz RiskAnalysisConsultants V060420 RAC QualysGuard InfoDay 2012 3 Testování s autentizací V současné době převládající typ testování 2013 přibyla podpora dalších platforem Podpora dalších typů autentizací Některé autentizace pouze pro PC testování Testování s autentizací
    4. 4. www.rac.cz RiskAnalysisConsultants V060420 RAC QualysGuard InfoDay 2012 4 Testování s autentizací Jsou nutné vysoká práva, nejlépe domain admin či root Nedůvěra zákazníků při ukládání hesel a přístupových informací do „Cloudu“ Řešení – použití externích úložišť pro autentizaci První platforma, která byla k dispozici - Cyber Ark 2013 doplněna podpora dalších platforem pro úschovu přístupových údajů Authentication Vaults
    5. 5. Authentication Vaults • In large organizations where thousands of machines are scanned regularly for vulnerabilities, managing passwords is a challenge. • Some organizations are reluctant to let their credentials leave the network
    6. 6. Vault Integration: How it works 1. User launches a trusted scan from the Qualys SOC 2. The Scanner Appliance (SA) get the credentials from the Vault 3. The SA scans the target using the credentials (Windows and Unix) 4. Scan results are exported to the Qualys SOC
    7. 7. www.rac.cz RiskAnalysisConsultants V060420 Rerun Report RAC QualysGuard InfoDay 2011 7 Přidán ekvivalent funkce u scanu a mapování
    8. 8. www.rac.cz RiskAnalysisConsultants V060420 Non-Running Linux Kernel Filtering RAC QualysGuard InfoDay 2011 8 Testování zranitelností kernelů UNIXu Často je nainstalováno více kernelů Qualys zobrazuje zranitelnosti i pro neběžící kernely Možnost vypnutí
    9. 9. www.rac.cz RiskAnalysisConsultants V060420 Support for SAML RAC QualysGuard InfoDay 2011 9 Podpora standardu pro jednotné přihlášení Single Sign On Security Assertion Markup Language v2.0 Nutno aktivovat přes support
    10. 10. www.rac.cz RiskAnalysisConsultants V060420 Rozšířené odstranění neplatných IP RAC QualysGuard InfoDay 2011 10
    11. 11. www.rac.cz RiskAnalysisConsultants V060420 Virtual Appliance – instalace pomocí Wizard RAC QualysGuard InfoDay 2012 11
    12. 12. www.rac.cz RiskAnalysisConsultants V060420 RAC QualysGuard InfoDay 2012 12 Standard (OVA) VMware vCenter Server (+ESXi or ESX), VMware ESXi; ESX, VMware Workstation; Player; Fusion, Oracle VM VirtualBox, Citrix XenServer VMDK older VMware platforms lacking support for OVA and OVF formats Microsoft Hyper-V Microsoft Windows 2008 R2, Windows 2008, Windows 2012, Windows 8 Amazon Machine Image Amazon EC2-Classic, Amazon EC2-VPC VMware vApp VMware vCenter, VMware vCloud (with IP Pool) OVF 0.9 VMWare ESX/ESXi 3.5 Virtual Appliance – nové platformy
    13. 13. www.rac.cz RiskAnalysisConsultants V060420 Nové funkce v Qualysu RAC QualysGuard InfoDay 2012 13
    14. 14. www.rac.cz RiskAnalysisConsultants V060420 RAC QualysGuard InfoDay 2012 14 Přidány další platormy AIX 5-7, HPUX 11.iv1, HPUX 11.iv2, HPUX 11.iv3 CentOS 4-6, Debian GNU/Linux, SUSE Linux Enterprise 9, 10, 11, Ubuntu 9.x- 12.x Oracle Enterprise Linux 4.x, 5.x, 6.x, Red Hat Enterprise Linux 3, 4, 5.x, 6.x, openSUSE 10.x, openSUSE 11.x Cisco IOS 12.x, Cisco IOS 15.x IBM DB2 9.x, IBM HTTP Server 7.x IBM WebSphere Application Server 7.x Mac OS X 10.x Microsoft SQL Server 2000, 2005, 2008, 2012 MS IIS 6.0, MS IIS 7.x Oracle 9i, 10, 11g Solaris 8,9,10,11 VMWare ESX Server 3.x, VMWare ESX Server 4.x, VMware ESXi 4.x, VMware ESXi 5.x, VMware vFabric Web Server 5.x Windows 2000 Windows 2000 Active Directory Windows 2003 Active Directory Windows 2003 Server Windows 2008 Active Directory Windows 2008 Server Windows 2012 Server Windows 7, Windows 8, Windows Vista, Windows XP desktop Podpora platforem
    15. 15. www.rac.cz RiskAnalysisConsultants V060420 RAC QualysGuard InfoDay 2012 15 Další usnadnění vytváření politik Přehledný wizard pro jednotlivé možnosti tvoření politik Wizard
    16. 16. www.rac.cz RiskAnalysisConsultants V060420 RAC QualysGuard InfoDay 2012 16 Důležitá změna Dynamický obsah, velmi usnadňuje editaci Ve verzi 7.12 má být i on-line kontrola funkčnosti controls, bez nutnosti generovat report New Policy Editor
    17. 17. www.rac.cz RiskAnalysisConsultants V060420 Nové funkce v Qualysu RAC QualysGuard InfoDay 2012 17 Zero-Day Risk Analyzer
    18. 18. Windows 7 iDefense Feed Host A Host B Predictive Engine