Qualys ThreatPROTECT Presentation at RSA Conference 2016
•Download as PPTX, PDF•
1 like•493 views
Tim White, Director of Product Management at Qualys, presented on Qualys ThreatPROTECT at RSA Conference 2016. Qualys ThreatPROTECT helps InfoSec professionals automatically prioritize the vulnerabilities that pose the greatest risk to the organization. Start a free trial: https://www.qualys.com/forms/trials/threatprotect/ Contact Qualys for more information: 800.745.4355 https://www.qualys.com/company/contacts
Recommended
More Related Content
More from Qualys
More from Qualys (11)
Recently uploaded
Recently uploaded (20)
Qualys ThreatPROTECT Presentation at RSA Conference 2016
- 1. Qualys ThreatPROTECT Tim White, Director of Product Management, Qualys
- 2. Overwhelmed with Vulnerabilities 2 0 1 2 3 4 5 6 7 8 9 2010 2011 2012 2013 2014 2015 VulnerabilitiesPublished (1000’s)
- 3. Where to Start? "Organizations would need access to all threat intelligence indicators in order for the information to be helpful—a Herculean task" Verizon Data Breach Report - 2015 3
- 4. Introducing ThreatPROTECT Quickly identify the most important assets and vulnerabilities requiring remediation 4
- 5. Realtime Threat Intelligence Attributes Exploit Public Zero Day Actively Attacked High Lateral Movement 5 Easy Exploit No Patch High Data Loss Denial of Service
- 7. Roadmap Expanded Views of Intel Data Customize Threat Intel Attributes Expanded template library Additional Datapoints and Widgets for Dashboards Exposure/Risk Rollup Integration: - iDefense - Remediation Ticketing - Continuous Monitoring Countermeasures and Compensating Controls 7
Editor's Notes
- ~5000 vulns/year, last few years increasing significantly Qualys reported 58% increase in Microsoft patches in 2015 26442 QID’s in Qualys KB Today Critical issues remain unaddressed for longer exposure periods Not all Common Vulnerabilities and Exposures (CVEs) are created equal. According to the 2015 Verizon Data Breach Investigations Report: Half of the CVEs exploited within a month 10 CVEs account for almost 97 percent of exploits, per the report. Must prioritize remediation efforts to have an immediate and measurable impact on risk reduction. Requires not only accurately identifying vulnerabilities , but also understanding a variety of point-in-time factors that contribute significantly to the overall risk exposure. For example, publicly available exploits that are actively being leveraged by attackers present greater threat exposure compared to less well-known and automated vulnerabilities. Actionable security intelligence with organizational context leads to better countermeasures against the threats that matter most
- "Ten CVEs account for almost 97% of the exploits observed in 2014" "A CVE being added to Metasploit is probably the single most reliable predictor of exploitation in the wild."
- Built on the Qualys Cloud Platform, ThreatPROTECT correlates data from - vulnerability scans and agents threatPROTECT correlates this data with Real-time Threat Indicators (RTI) ElasticSearch, Help rapidly find & prioritize response easy-to-understand dashboard provide a holistic and contextual view of an organization’s threat exposure. provides clear insight into which vulnerabilities to fix first helps customers to rapidly find and prioritize responses to vulnerabilities based on these RTIs according to the level of threat seen in the wild. Key Features: Actionable Threat Intelligence Data Native Integration with VM Integrates with AssetView and the Qualys Platform Completely Customizable Advanced Search and Drill Through Capabilities With ThreatPROTECT, customers can visualize, prioritize and take action to minimize exposure from vulnerabilities related to the threats that matter most.
- Define RTIs standalone basis or cascaded with each other to prioritize efforts for patching, or to select compensating controls to reduce exposure when patches are not available. can be combined with additional information about the environment from other modules such as AssetView™. allowing mine asset information to prioritize remediation to the most important assets with the greatest threat exposure. Where From? - Qualys Research Labs - Mention laws of vulns This includes information on Robust Real-time Threat data from external sources attacks, exploits and exploits kits. Lateral movement and other info gathered many of the RTIs for years now for internal use to prioritize vulnerability signature development 2 Billion annual Qualys scans 100 billion detections are data points collected per vulnerability accurate, timely and actionable information aggregated from multiple reliable data sources to prioritize and shrink flood of security alerts. Qualys has partnerships Core Security, Exploit Database, Immunity, TrendMicro, VeriSign iDefense and others Current RTIs provided by the new service include: Zero Day - Active attack has been observed in the wild but there is no patch from the vendor. Exploit Public - Exploit Knowledge is well known and a working exploitation code is publically available. Potential of active attacks is very high. Actively Attacked - Active attacks have been observed in the wild. If there are no patches, Qualys will mark it as zero day in addition to actively attacked. High Lateral Movement - After a successful compromise, attacker has high potential to compromise other machines in the network. Easy Exploit - The attack can be carried out easily and requires little skills or does not require additional information. High Data Loss - Successful exploitation will result in massive data loss on the host. Denial of Service - Successful exploitation will result in denial of service. No Patch - Vendor has not provides an official fix. Malware - Malware has been associated with this vulnerability. Exploit Pack - Exploit Pack has been associated with this vulnerability.