View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
About me• Security professional (11 years)• Founding member and steering group member of (Common Assurance Maturity Model) CAMM (common- assurance.com)• Director, CSA UK & Ireland• I love reading books: thrillers (Clive Cussler) and business management (Jo Owen)
I will cover topics today• How Qualys fits into the Security technology stack• Experiences from Qualys implementations• Integration into IT operations processes• Using MSSP
Security technology stack and Qualys • Feed into the SIEM• Metrics from Qualys and Threat enterprise portal intelligence GRC • Pattern matching in Information & Event Configuration Identity, Entitlement, Acce Mgmt compliance Cryptography Data Security • Web application scanning ss Application Security • Browser Check Host Security • Patch assessment • Configuration Network Security compliance Physical Security • SSL Server test
Experiences with Qualys• Easy deployment of non- • Configuration authenticated scanning compliance – manual• Resistance from IT configuration. Start small admins to give and grow controls root/server admin • Limited Oracle credentials compliance scanning• Do not scan through adoption firewalls • Vulnerability reporting –• CMDB usually treat vulnerabilities as inaccurate – using quality issues Qualys map/scan to • Browser check – populate excellent tool but requires user action
MSSP and Qualys• Outsourcing just Qualys to MSSP low value• Tools need to be used by IT Ops• MSSP add value when vulnerability data correlated with information sources • Firewall rules • Routing • Threat intelligence • CMDB – business criticality • IDS data • Anit-malware status
Integration into IT ops processes• Security is a quality aspect• Map security criticality levels to those in Ops change/incident process• Responsibility for patching and correction of non- compliance sits with the asset owner• But the risk management and escalation sits with security team – risk sign-off based on risk level