Integrating Qualys into the patch and vulnerability management processes

  • 1,328 views
Uploaded on

A short presentation for Qualys Secure London Dec 2011.

A short presentation for Qualys Secure London Dec 2011.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,328
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
16
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Areas support each other, all feed into SIEM and GRC

Transcript

  • 1. INTEGRATING QUALYS INTOTHE PATCH ANDVULNERABILITY MANAGEMENTPROCESSESVladimir JirasekBlog: JirasekOnSecurity.comBio: About.me/jirasek10th Nov 2011
  • 2. About me• Security professional (11 years)• Founding member and steering group member of (Common Assurance Maturity Model) CAMM (common- assurance.com)• Director, CSA UK & Ireland• I love reading books: thrillers (Clive Cussler) and business management (Jo Owen)
  • 3. I will cover topics today• How Qualys fits into the Security technology stack• Experiences from Qualys implementations• Integration into IT operations processes• Using MSSP
  • 4. Security technology stack and Qualys • Feed into the SIEM• Metrics from Qualys and Threat enterprise portal intelligence GRC • Pattern matching in Information & Event Configuration Identity, Entitlement, Acce Mgmt compliance Cryptography Data Security • Web application scanning ss Application Security • Browser Check Host Security • Patch assessment • Configuration Network Security compliance Physical Security • SSL Server test
  • 5. Experiences with Qualys• Easy deployment of non- • Configuration authenticated scanning compliance – manual• Resistance from IT configuration. Start small admins to give and grow controls root/server admin • Limited Oracle credentials compliance scanning• Do not scan through adoption firewalls • Vulnerability reporting –• CMDB usually treat vulnerabilities as inaccurate – using quality issues Qualys map/scan to • Browser check – populate excellent tool but requires user action
  • 6. MSSP and Qualys• Outsourcing just Qualys to MSSP low value• Tools need to be used by IT Ops• MSSP add value when vulnerability data correlated with information sources • Firewall rules • Routing • Threat intelligence • CMDB – business criticality • IDS data • Anit-malware status
  • 7. Integration into IT ops processes• Security is a quality aspect• Map security criticality levels to those in Ops change/incident process• Responsibility for patching and correction of non- compliance sits with the asset owner• But the risk management and escalation sits with security team – risk sign-off based on risk level