SlideShare a Scribd company logo

2 20613 qualys_top_10_reports_vm

A
azfayel
Technology
1 of 17
Download to read offline
guide : The Top 10 Reports for Managing Vulnerabilities Top 10 Reports #1 Network Perimeter Map Report 4 #2 Unknown Internal Devices Report 5 #3 SANS Top 20 Vulnerabilities Report 7 #4 25 Most Vulnerable Hosts Report 8 #5 High Severity Technical Report 9 #6 Web Application Scan Report 10 #7 Vulnerability Trend Report 12 #8 Risk Analysis Report 13 #9 Open Tickets Report 15 #10 Executive Review - Remediation Report 16
The Top 10 Reports for Managing Vulnerabilities page 2 Introduction Most of us don’t think twice as we sweep the perimeter of our homes before retiring at night or leaving for work in the morning. Why would we want anything less for the security of our networks and systems? An open door, unlocked window, or our keys lying on top of the Effective vulnerability management also serves to communicate front door mat – these all represent openings for criminals (or the levels of IT risk to line-of-business owners and executives. IT even neighbors we know) to unravel the security fabric in our administrators and operational staff are able to resolve problems lives. In our IT infrastructure, open ports, available wireless more quickly and accurately. The reality today is that new access points and unpatched servers may result in the theft or vulnerabilities appear constantly and the ability to handle new compromise of critical customer data, along with the disruption flaws and misconfigurations requires an automated workflow and of business operations. While we often can manage the reporting structure. Pouring over extensive lists of raw vulnerabil- vulnerabilities around our homes by spending a few minutes ity data is of limited worth when trying to measure security levels. checking locks, etc., the task is much more difficult in a Instead, concise reports containing the severity and business distributed organization with tens or hundreds of thousands of criticality of vulnerabilities and IT assets are required. Further, networked devices. these allow access to proven remediation approaches and solutions. Security information needs to be collected, customized Vulnerabilities in the IT infrastructure environment consist of the and presented to company management, auditors and regulators, software flaws and configuration errors that are present in in addition to security professionals and system administrators. servers, desktops, notebooks, routers, wireless access points, networked printers and any other device with an IP address. The The audience for this paper includes security professionals and key benefits and advantages in implementing a lifecycle managers, systems and network administrators, IT operations approach to vulnerability management are the increased staff and others who must document, review and resolve protection across your environment before attacks occur and vulnerable networks. Out of literally hundreds of different the documented assurance that your networks (internal and vulnerability management reports available, this paper introduces external) are safe. The increased levels of security assure the 10 of the most important reports and uses reports generated by continuity of business across employees, customers and Qualys’ vulnerability management solution, QualysGuard, for partners. reference purposes. The reports are organized across the four key steps in the vulnerability management lifecycle shown below. Asset Discovery and Inventory Reports Asset Discovery and Inventory – Build and maintain an up-to-date repository of IT asset information, including business impact and asset groupings. Vulnerability Assessment – Test and document the effectiveness of both security policies and controls. Analysis and Correlation – Add business intelligence through graphing, trending and understanding the relationships between vulnerabilities and asset types. Remediation and Verification – Prioritize and resolve the vulnerability issues that are found and retest the assets for proof of correctness.
The Top 10 Reports for Managing Vulnerabilities page 3 Asset Discovery and Inventory Reports The first step in the quest for managing vulnerabilities is to find where they exist. But even before that is achieved, an up-to-date repository of assets must be built and maintained. This repository will include all hosts or devices with an IP address. The type of information populated in the repository includes hardware, software, applications, services and configurations. QualysGuard gathers all this information in a two step process. The first step is network mapping, which identifies which hosts are live. The result is an accurate baseline of all connected devices, be they servers, destops, notebooks, routers, wireless access points, etc. After mapping, the second phase is initiated. This consists of powerful scans which gather additional information to round out the asset inventory. It’s also important to determine the business impact for each asset. Business impact simply means the value a particular device has in relation to all others. All assets are not created equal; a test machine with individual access in a back room carries less risk of business interruption than a server with financial projections or personally identifiable information. Having current and accurate asset inventory information allows for greater accuracy when identifying which assets are impacted by a particular vulnerability. It reduces the time spent performing vulnerability scans as the vulnerability checks themselves are applied only on those devices where they may exist. The number of false positives (defined as reporting a vulnerability where one does not exist) is reduced by eliminating the unrealistic case of a Windows server reporting a vulnerability only found on Linux operating systems. Another benefit is in the remediation process. Efforts there will be more efficient when patches and fixes are applied to corresponding assets. While smaller organizations with Class C sized networks (up to 256 devices) may find they can complete the task of accounting for all devices attached to their network manually, this same approach will quickly spiral out of control when the networks total 10,000, 50,000 or 100,000+ devices across multiple subnets. The most time consuming task, however, lies in the appropriate classification of the assets once they have been identified. Since this is so arduous, companies without automation must decide which segment or subset of their assets to classify, often leaving out critical devices. Systems and networks are dynamic, they change and must be revisited. Rogue devices may added to the network without permissions and must be dealt with appropriately.
The Top 10 Reports for Managing Vulnerabilities page 4 #1 – Network Perimeter Map The Network Perimeter Map provides a view into the topology of your network for reference and documentation, by developing a baseline of each connected device. With each asset properly identified, users of QualysGuard may group them in any way they desire; by business unit, geography, platform, etc. These classifications are called asset groups. An asset may exist in multiple asset groups. Once discovered, a new device may be added to an existing asset group or a new asset group may be created. QualysGuard maps can be viewed in either graphical or text format. They show any device with an IP address that has been discovered; externally, or internally using an appliance. From within this report, users can drill down on a particular asset and view its detailed attributes, including what discovery method was used (DNS, ICMP, TCP, UDP or others), the domain name, the operating system and whether the asset may be scanned for vulnerabilities. Administrators can also initiate either on demand or scheduled scans for security assessments against specific asset groups. Figure 1: QualysGuard Network Perimeter Map
The Top 10 Reports for Managing Vulnerabilities page 5 #2 – Unknown Internal Devices This report lists all discovered devices which have not been approved by a company administrator. QualysGuard can detect rogue devices, including virtual hosts that could have possibly been placed on your network. This is important information to have when security administrators are reviewing the network to clean up and eliminate devices placed on the network for malicious purposes or simply those that pose additional risk because of missing patches, unwanted services, etc. This report should be run on daily basis to ensure maximum protection levels are upheld. Once discovered, scans are necessary to investigate the origin of these unknown devices. Lastly, the proper precautions must be taken to prevent further Figure 2: Unknown Devices Report Map Template exposure from occurring. Let’s have a look at two screenshots involved in generating an Unknown Device Report. Figure 2 shows the map report template used to generate the actual report. Note the filter options which include multiple Host Types to include. Only “Rogue” host type is selected for this particular report. It should be noted that the column “A” is empty in Figure 3. “A” stands for “Approved”. In this case, all of the devices in this report have yet to be approved by a systems administrator. Figure 3: Unknown Devices Report Results
The Top 10 Reports for Managing Vulnerabilities page 6 Vulnerability Assessment Reports Vulnerability assessment is the process of testing and documenting the effectiveness of both security policies and controls, by examining the network infrastructure for “known bads”. The assessments are performed across network devices and host systems, as well as the services and applications that run on top of them. Scan reports will show what vulnerabilities are present and where they are located, in order to direct administrators towards what needs fixing and in what priority order. This is the cornerstone for effective vulnerability management because this process identifies and communicates the software flaws, missing patches and misconfigura- tions that exist and pose security risks. In scanning live hosts, the mapping generated from the asset discovery step will be used. Asset discovery is the prelude to asset classifications, or groupings, which are further defined by business impact ratings. The severity assigned to each vulnerability will also be used to differentiate the flaws which present the highest danger of exposure. Included in the scan results is information describing the properties of the vulnerability, such as the impact, the type of device made vulnerable, cross references to external vulnerability classification systems (e.g. Bugtraq, CVSS, CVE) and links to other information sources. Also, solution recommendations are included to fix the exposure.
The Top 10 Reports for Managing Vulnerabilities page 7 #3 – SANS Top20 Vulnerabilities The third report in our Top 10 list is the SANS Top 20. In June, 2000, the SANS Institute, along with the FBI’s National Infrastructure Protection Center, began publishing a list of the most critical internet security vulnerabilities. The SANS Institute is a trusted source for information security training, certification and research. This list was quickly adopted by organizations worldwide as a standard guide for understanding and assessing for the most dangerous areas of exposures. The list is a consensus of the flaws that require immediate attention, and is developed by leading security experts from multiple countries across the globe. Nearly every year since its beginning, SANS has updated the list to reflect the changes in threat vectors, Figure 4: SANS Top 20 Report with Summary Vulnerability information noting the recent rise in client side, anti-virus and web application vulnerabilities. The QualysGuard SANS Top 20 Report shows the results of vulnerability scans derived from the SANS list. Figure 4 shows the total vulnerabilities found in this assessment, along with the average security risk score. Also note that Qualys offers a SANS Top 20 Scan at no charge to organizations who wish to register: http://sans20.qualys.com. More detail into the specific SANS vulnerabilities that have been identified through the scan is present in Figure 5. This detail includes descriptions, impact and recommended solution. Figure 5: SANS Top 20 Report with Detailed Vulnerability information
The Top 10 Reports for Managing Vulnerabilities page 8 #4 – 25 Most Vulnerable Hosts Across any organization, there are those systems that are in worse shape than others. Having a current listing of the hosts with the most critical flaws helps direct the efforts to resolve these issues and lowers the risk to the organization. QualysGuard delivers a ranking - beginning with the most vulnerable asset – based upon the security risk of the assets. QualysGuard determines the security risk from the number and severity of vulnerabilities found during the last scan of each host. Vulnerabilities are weighted on a scale of 1 to 5, with 5 being the most severe. The business risk not only considers the security risk, but also factors in the business impact value placed on the asset. These business asset values are either Critical, High, Medium, Minor or Low. The 25 Most Vulnerable Hosts Report, as shown in Figure 6, lists those assets with the highest number of Severity 4 and 5 vulnerabilities. The hosts are listed in order beginning with the most vulnerable. The report details the number of Severity 4 and 5 vulnerabilities, the business risk and security risk ratings, and also all the asset groups associated with that host. Figure 6: 25 Most Vulnerable Hosts Report
The Top 10 Reports for Managing Vulnerabilities page 9 #5 – High Severity Technical Report Whenever full vulnerability reports are generated, there is a lot of information produced for each asset. While valuable, all this information takes time to digest. In some instances, time is of the essence and it is critical to quickly identify and resolve the most dangerous areas of exposure. In these cases, only the highest priority issues are able to garner scarce remediation resources, so only the most severe vulnerabilities are included here. This report presents information about the vulnerabilities with high severity levels only (4 and 5). As seen in Figure 7, only Figure 7: High Severity Report Summary Level 4 and 5 vulnerabilities are listed. The report template filters out all vulnerabilities with severity rankings below Level 4, as well as all potential vulnerabilities (defined as those that cannot be fully verified) and those vulnerabilities categorized as “information only”. Each high severity vulnerability may be viewed in depth for more specific information. This information includes the name, the date first detected and last detected, the port it where it was discovered, the vulnerability identifier, category, and last update, plus other details. It also lists the status (new, active, ignore, etc.). Figure 8 is an example of this detailed information for a Level 5 Microsoft IIS vulnerability with a status of “New”. Figure 8: High Severity Vulnerability Details
The Top 10 Reports for Managing Vulnerabilities page 10 #6 – Web Application Scan According to the SANS website at http://www.sans.org/top20, the number of vulnerabilities discovered in open source and custom web applications has grown to account for almost 50% of all vulnerabilities now discovered. The danger here manifests itself when trusted sites are transformed into masked areas used for phishing and other scams. Some of the web application vulnerabilities important to identify and remediate are cross site scripting, SQL injection and remote code execution. As a result, regularly scanning your Web applications is critical IT security component. As web application vulnerabilities are code related, frequent testing should occur during the development of applications as well as their actual deployment. Figure 9 shows how Web Application security threats can be proactively identified to prevent compromise. Figure 9: Web Application Scan Results
The Top 10 Reports for Managing Vulnerabilities page 11 Analysis and Correlation Reports After asset information has been gathered and vulnerabilities have been identified, further analysis is often necessary to provide more insight into the security information. This is made feasible through the use of automated solutions to collect, store, compute and present the information through multiple views and in graphical formats. The vulnerability and asset information is kept in a repository where analytical engines can process it further. Examples of this advanced processing include presenting trends in vulnerabilities over time, and correlating known properties of a vulnerability (operating system, ports, services) with those of devices to see which are at highest risk for the presence of a specific vulnerability. As IT operations, systems administration and security move closer together for the goal of improved operational performance, it’s critical for these groups to share information and workflows. For example, IT operations (support staff, help desk personnel) can assist with remediation tasks such as system patching if they have the necessary information about what systems are affected and what software to deploy. This information, along with an assigned individual responsible for action and a date for completion, is summarized in trouble tickets created by QualysGuard. This trouble ticketing helps ensure the timely and proper follow-up to vulnerability and configuration issues, while coordinating the smooth integration of efforts across IT groups. The QualysGuard analysis capability extends into areas such as reviewing the length of time trouble tickets remain open, the number of open trouble tickets in total and by severity, the vulnerabilities by status and severity, and changes in the business risk of asset groups over time. Correlating the severity of a vulnerability with the business value of an asset is important when determining which systems need immediate remediation. This approach results in a better use of resources than one where the most severe vulnerabilities are all resolved concurrently, regardless of whether a machine is used in a test bed or in a live production environment. In addition to the Analysis and Correlation Reports shown here, executive dashboards are a way to view business intelligence and trend results. As long as the dashboards are current and adaptable to changing requirements, they provide “at-a-glance” insight into a company’s vulnerability and risk posture. Dashboards can easily track how long it takes to patch vulnerable systems, for example, or which servers consistently underperform relative to security policy. This aids managers in their understanding of how IT risk is being managed by security and administration teams.
The Top 10 Reports for Managing Vulnerabilities page 12 #7 – Vulnerability Trend Report The vulnerability trend report is based upon a specific time period (established by the user) and displays the trends, increasing or decreasing, of vulnerabilities by severity and across categories (types of assets). As with all QualysGuard reports, permissions to create and view the Vulnerability Trend Report is controlled by the user account settings. In Figure 10 below, the trend report was configured for a four month analysis. Another section of the Vulnerability Trend Report (shown in Figure 11), graphs the changes in business risk by asset group over time. QualysGuard allows you to create as many groups as you like and group assets into specific business units in any Figure 10: Vulnerability Trend Summary way desired (by geography, by function, by platform, etc.). Figure 12 shows two more trending graphs for vulnerabilities found by QualysGuard scans. Users have the flexibility to customize graph formats (pie charts, bar charts, etc.). In the “Vulnerabilities by Severity over Time” graph, the total number of vulnerabilities has decreased from June to September. This was lead by a drop in the Severity 1, 4 and 5 vulnerabilities, which offset a rise in the Severity 2 and 3 vulnerabilities during this time. Figure 11: Vulnerability Trend Business Risk Graph Figure 12: Vulnerability Trending by Severity and Status
The Top 10 Reports for Managing Vulnerabilities page 13 #8 – Risk Analysis Report This report may be run prior to an actual vulnerability scan. The user directs a vulnerability to be correlated with the attributes of a specified host or asset group. Analysis is performed to determine the exposure level this asset contains. The more matches the vulnerability has with the asset, across attributes such as operating system, ports and services, the higher the risk level. The Risk Analysis Report identifies the hosts that are likely exposed to the specified vulnerability. By comparing vulnerability exploit data to known information from past scans, QualysGuard is able to determine whether hosts are likely to be at risk to a new vulnerability - even before a scan is launched! For example, if you receive new information on Microsoft’s Patch Tuesday, but cannot scan before the week-end to assess your environment, this report will deliver probabilities on which hosts will be most impacted in the interim. This information can then be used to develop an emergency action plan to protect you until full scanning and patching occurs. Figure 13: Risk Analysis Report
The Top 10 Reports for Managing Vulnerabilities page 14 Remediation and Validation Reports Of course, it’s not enough to simply identify the vulnerabilities or track their growth. The bottom line in the vulnerability management lifecycle is more results oriented – to resolve the causes of those software flaws or configuration errors. At this point is where remediation comes into primary focus. Even when new patches are available, there may be a delay in applying them due to the time required for implementation, or fears about the potential impact to the availability and performance of IT assets. An example of this behavior is found in the Conficker Worm. The Conficker Worm exploits the MS08-67 vulnerability in the Microsoft Windows Server Service. Even though Microsoft released the patch for MS08-67 in October, 2008, the number of PCs infected since that time is estimated to be in the range of 5 to 10 million, primarily on corporate and government computers. Coordination of remediation efforts, often by using an automated trouble ticketing system, helps organizations proactively manage what needs to be fixed, and by whom. Automated notifications and reports allow for the workflow required to keep remediation tasks on target and prevent gaps in protection. The prioritization by business impact ensures the most valuable systems are addressed first. Less critical assets then may be handled on regularly scheduled dates, such as a monthly patch or configuration change cycle. After patching or implementing other configuration changes, rescanning IP addresses is necessary to ensure the fix is complete and no other issues have been created as a result of the change. Accurate and timely reporting is important at this stage because remediation tasks are often performed by a different team than the security group which identified the exposure. IT security will most likely perform the scan. Then, systems administrators or IT operations staff (helpdesk, support) will implement the fix. Remediation and validation reports are useful to achieve better understanding of how quickly and thoroughly your organization responds and resolves security issues. When results are less than desired, improvements in the incident management process can be made.
The Top 10 Reports for Managing Vulnerabilities page 15 #9 – Open Tickets Report The QualysGuard native ticketing and remediation functions ensure outstanding issues are scheduled for completion and vulnerabilities are resolved before further damage is done. Each vulnerability is individually tracked until it is fixed. This automated remediation and trouble ticketing workflow generates tickets base on policy rules. These rules define specific criteria that trigger response actions when met. For example, a rule can be created such that a trouble ticket is opened whenever a Level 4 or 5 vulnerability is identified. The rule will establish the assigned individual, let’s say the administrator who ran the scan, and the time period (perhaps two days) for remediation. The ninth report in our Top 10 list is the Open Tickets. As seen below in Figure 14, this lists the tickets and may be sorted by ticket number, status, due date or others. Each ticket is assigned a unique number with general information, vulnerability details, remediation history and required actions. Each ticket owner is also listed. Viewers of this report have the option of drilling down into the report to gain additional information associated with the ticket, such as its history. Figure 14: Open Tickets Report QualysGuard further aids in the remediation process by delivering automated ticket notification emails. These notifications are sent to each user who has open trouble tickets assigned to them. The ticket statistics in the notification include the number of open tickets which are overdue (those past the scheduled resolution date) and the number which are not overdue, the tickets resolved and the tickets closed. A QualysGuard hyperlink is also included for recipients to easily click and check on the details of their assigned tickets.
The Top 10 Reports for Managing Vulnerabilities page 16 #10 – Executive Review – Remediation Report In addition to providing the detail by user of the status of open tickets, QualysGuard also makes available summary levels for reviewing trouble tickets. Users select which asset groups and which users to include in the report settings. Figure 15 below is an example of the trouble ticket statistics presented; you see not only the number of tickets resolved and still open (by severity level), but also view the number overdue and the average time in days for ticket resolution. These statistics are very useful when assessing the performance of the groups involved in vulnerability resolution, and deliver metrics to gauge improvements made over time. Figure 15: Remediation Report – Tickets by Severity and Open Tickets Figure 16 shows more ticket trending information in graphical format. These statistics are often required for weekly status meetings, presentations to management and to demonstrate achievement in Service Level Agreements (SLAs). You can see here the drastic increase in the number of open (and closed) tickets during the last week of this report, alerting executives “at-a-glance” to the increased activity. Figure 16: Remediation Report – Aggregate Ticket Changes
The Top 10 Reports for Managing Vulnerabilities page 17 Summary So there you have it – the Top 10 Reports for Managing Vulnerabilities. By looking across the complete lifecycle of vulnerability management, starting with asset discovery and ending with remediation and verification, the breadth and depth of the information to be gathered, analyzed, stored and communicated is seen in full force. This is what makes true vulnerability management different that just vulnerability scanning. And this lifecycle approach, along with well defined and customizable reporting, is what sets Qualys apart. By providing easy to understand reports, such as the Network Perimeter Map, the SANS Top 20 Report, the High Severity Technical Report and the Remediation Report, QualysGuard delivers thorough overviews to executives along with the detailed breakdown and analysis for IT security, systems administration and IT operations. By combining hosts into asset groups, assigning business impact weightings and calculating Security Risk and Business Risk metrics, QualysGuard provides a solution that is quick to deploy and easy to use, resulting in increased security posture and compliance with regulatory and standards requirements. USA – Qualys, Inc. • 1600 Bridge Parkway, Redwood Shores, CA 94065 • T: 1 (650) 801 6100 • sales@qualys.com UK – Qualys, Ltd. • Beechwood House, 2nd Floor, 10 Windsor Road, Slough, Berkshire, SL1 2EJ • T: +44 (0) 1753 872101 Germany – Qualys GmbH • München Airport, Terminalstrasse Mitte 18, 85356 München • T: +49 (0) 89 97007 146 France – Qualys Technologies • Maison de la Défense, 7 Place de la Défense, 92400 Courbevoie • T: +33 (0) 1 41 97 35 70 Japan – Qualys Japan K.K. • Pacific Century Place 8F, 1-11-1 Marunouchi, Chiyoda-ku, 100-6208 Tokyo • T: +81 3 6860 8296 United Arab Emirates – Qualys FZE • P.O Box 10559, Ras Al Khaimah, United Arab Emirates • T: +971 7 204 1225 www.qualys.com China – Qualys Hong Kong Ltd. • Suite 1901, Tower B, TYG Center, C2 North Rd, East Third Ring Rd, Chaoyang District, Beijing • T: +86 10 84417495 © Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners. 09/09

Recommended

The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Panda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Security
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 

Recommended

The Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsThe Top 20 Cyberattacks on Industrial Control Systems
The Top 20 Cyberattacks on Industrial Control SystemsMuhammad FAHAD
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
Panda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Adaptive Defense - The evolution of malware
Panda Adaptive Defense - The evolution of malwarePanda Security
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Alienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienvault threat alerts in spiceworks
Alienvault threat alerts in spiceworksAlienVault
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
what is security
what is securitywhat is security
what is securityDedi Dwianto
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...Risk Analysis Consultants, s.r.o.
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackMountain States Engineering and Controls
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security LandscapeArrow ECS UK
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2David Spinks
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
BackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationBackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationJorge Orchilles
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaHanaysha
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 

More Related Content

What's hot

Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...Risk Analysis Consultants, s.r.o.
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security LandscapeArrow ECS UK
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalCMR WORLD TECH
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalJerome Chapolard
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 

What's hot (17)

Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
what is security
what is securitywhat is security
what is security
 
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
QualysGuard InfoDay 2013 - QualysGuard Security & Compliance Suite supporting...
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security Landscape
 
Panda Security - Adaptive Defense
Panda Security - Adaptive DefensePanda Security - Adaptive Defense
Panda Security - Adaptive Defense
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
Darktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digitalDarktrace enterprise immune system whitepaper_digital
Darktrace enterprise immune system whitepaper_digital
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Darktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_finalDarktrace_WhitePaper_Needle_final
Darktrace_WhitePaper_Needle_final
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 

Viewers also liked

BackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationBackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationJorge Orchilles
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drivekriggins
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaHanaysha
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
ITIL Foundation Training - A guide to beginners
ITIL Foundation Training - A guide to beginners ITIL Foundation Training - A guide to beginners
ITIL Foundation Training - A guide to beginners Celtem Learning
 
ITIL Foundation Training
ITIL Foundation TrainingITIL Foundation Training
ITIL Foundation Trainingstefanhenry
 
ITIL v3 Foundation Presentation
ITIL v3 Foundation PresentationITIL v3 Foundation Presentation
ITIL v3 Foundation PresentationWajahat Rajab
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overviewadabbas
 

Viewers also liked (11)

BackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationBackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA Presentation
 
How To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb DriveHow To Build The Perfect Backtrack 4 Usb Drive
How To Build The Perfect Backtrack 4 Usb Drive
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
ITIL Foundation Training - A guide to beginners
ITIL Foundation Training - A guide to beginners ITIL Foundation Training - A guide to beginners
ITIL Foundation Training - A guide to beginners
 
ITIL Foundation Training
ITIL Foundation TrainingITIL Foundation Training
ITIL Foundation Training
 
ITIL PPT
ITIL PPTITIL PPT
ITIL PPT
 
ITIL v3 Foundation Presentation
ITIL v3 Foundation PresentationITIL v3 Foundation Presentation
ITIL v3 Foundation Presentation
 
ITIL v3 Foundation Overview
ITIL v3 Foundation OverviewITIL v3 Foundation Overview
ITIL v3 Foundation Overview
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
 

Similar to 2 20613 qualys_top_10_reports_vm

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...MohamedOmerMusa
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer OverviewScott Suhy
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAmazon Web Services
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdfMetaorange
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attackAnalynk Wireless, LLC
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsMiller Energy, Inc.
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackCTi Controltech
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securityCTi Controltech
 
8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptxMetaorange
 

Similar to 2 20613 qualys_top_10_reports_vm (20)

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
Globally.docx
Globally.docxGlobally.docx
Globally.docx
 
NetWatcher Customer Overview
NetWatcher Customer OverviewNetWatcher Customer Overview
NetWatcher Customer Overview
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...
 
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend MicroAWS Summit Auckland Platinum Sponsor presentation - Trend Micro
AWS Summit Auckland Platinum Sponsor presentation - Trend Micro
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
 
8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf8 Top Cybersecurity Tools.pdf
8 Top Cybersecurity Tools.pdf
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attack
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber security
 
8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx8 Top Cybersecurity Tools.pptx
8 Top Cybersecurity Tools.pptx
 

Recently uploaded

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

2 20613 qualys_top_10_reports_vm

  • 1. guide : The Top 10 Reports for Managing Vulnerabilities Top 10 Reports #1 Network Perimeter Map Report 4 #2 Unknown Internal Devices Report 5 #3 SANS Top 20 Vulnerabilities Report 7 #4 25 Most Vulnerable Hosts Report 8 #5 High Severity Technical Report 9 #6 Web Application Scan Report 10 #7 Vulnerability Trend Report 12 #8 Risk Analysis Report 13 #9 Open Tickets Report 15 #10 Executive Review - Remediation Report 16
  • 2. The Top 10 Reports for Managing Vulnerabilities page 2 Introduction Most of us don’t think twice as we sweep the perimeter of our homes before retiring at night or leaving for work in the morning. Why would we want anything less for the security of our networks and systems? An open door, unlocked window, or our keys lying on top of the Effective vulnerability management also serves to communicate front door mat – these all represent openings for criminals (or the levels of IT risk to line-of-business owners and executives. IT even neighbors we know) to unravel the security fabric in our administrators and operational staff are able to resolve problems lives. In our IT infrastructure, open ports, available wireless more quickly and accurately. The reality today is that new access points and unpatched servers may result in the theft or vulnerabilities appear constantly and the ability to handle new compromise of critical customer data, along with the disruption flaws and misconfigurations requires an automated workflow and of business operations. While we often can manage the reporting structure. Pouring over extensive lists of raw vulnerabil- vulnerabilities around our homes by spending a few minutes ity data is of limited worth when trying to measure security levels. checking locks, etc., the task is much more difficult in a Instead, concise reports containing the severity and business distributed organization with tens or hundreds of thousands of criticality of vulnerabilities and IT assets are required. Further, networked devices. these allow access to proven remediation approaches and solutions. Security information needs to be collected, customized Vulnerabilities in the IT infrastructure environment consist of the and presented to company management, auditors and regulators, software flaws and configuration errors that are present in in addition to security professionals and system administrators. servers, desktops, notebooks, routers, wireless access points, networked printers and any other device with an IP address. The The audience for this paper includes security professionals and key benefits and advantages in implementing a lifecycle managers, systems and network administrators, IT operations approach to vulnerability management are the increased staff and others who must document, review and resolve protection across your environment before attacks occur and vulnerable networks. Out of literally hundreds of different the documented assurance that your networks (internal and vulnerability management reports available, this paper introduces external) are safe. The increased levels of security assure the 10 of the most important reports and uses reports generated by continuity of business across employees, customers and Qualys’ vulnerability management solution, QualysGuard, for partners. reference purposes. The reports are organized across the four key steps in the vulnerability management lifecycle shown below. Asset Discovery and Inventory Reports Asset Discovery and Inventory – Build and maintain an up-to-date repository of IT asset information, including business impact and asset groupings. Vulnerability Assessment – Test and document the effectiveness of both security policies and controls. Analysis and Correlation – Add business intelligence through graphing, trending and understanding the relationships between vulnerabilities and asset types. Remediation and Verification – Prioritize and resolve the vulnerability issues that are found and retest the assets for proof of correctness.
  • 3. The Top 10 Reports for Managing Vulnerabilities page 3 Asset Discovery and Inventory Reports The first step in the quest for managing vulnerabilities is to find where they exist. But even before that is achieved, an up-to-date repository of assets must be built and maintained. This repository will include all hosts or devices with an IP address. The type of information populated in the repository includes hardware, software, applications, services and configurations. QualysGuard gathers all this information in a two step process. The first step is network mapping, which identifies which hosts are live. The result is an accurate baseline of all connected devices, be they servers, destops, notebooks, routers, wireless access points, etc. After mapping, the second phase is initiated. This consists of powerful scans which gather additional information to round out the asset inventory. It’s also important to determine the business impact for each asset. Business impact simply means the value a particular device has in relation to all others. All assets are not created equal; a test machine with individual access in a back room carries less risk of business interruption than a server with financial projections or personally identifiable information. Having current and accurate asset inventory information allows for greater accuracy when identifying which assets are impacted by a particular vulnerability. It reduces the time spent performing vulnerability scans as the vulnerability checks themselves are applied only on those devices where they may exist. The number of false positives (defined as reporting a vulnerability where one does not exist) is reduced by eliminating the unrealistic case of a Windows server reporting a vulnerability only found on Linux operating systems. Another benefit is in the remediation process. Efforts there will be more efficient when patches and fixes are applied to corresponding assets. While smaller organizations with Class C sized networks (up to 256 devices) may find they can complete the task of accounting for all devices attached to their network manually, this same approach will quickly spiral out of control when the networks total 10,000, 50,000 or 100,000+ devices across multiple subnets. The most time consuming task, however, lies in the appropriate classification of the assets once they have been identified. Since this is so arduous, companies without automation must decide which segment or subset of their assets to classify, often leaving out critical devices. Systems and networks are dynamic, they change and must be revisited. Rogue devices may added to the network without permissions and must be dealt with appropriately.
  • 4. The Top 10 Reports for Managing Vulnerabilities page 4 #1 – Network Perimeter Map The Network Perimeter Map provides a view into the topology of your network for reference and documentation, by developing a baseline of each connected device. With each asset properly identified, users of QualysGuard may group them in any way they desire; by business unit, geography, platform, etc. These classifications are called asset groups. An asset may exist in multiple asset groups. Once discovered, a new device may be added to an existing asset group or a new asset group may be created. QualysGuard maps can be viewed in either graphical or text format. They show any device with an IP address that has been discovered; externally, or internally using an appliance. From within this report, users can drill down on a particular asset and view its detailed attributes, including what discovery method was used (DNS, ICMP, TCP, UDP or others), the domain name, the operating system and whether the asset may be scanned for vulnerabilities. Administrators can also initiate either on demand or scheduled scans for security assessments against specific asset groups. Figure 1: QualysGuard Network Perimeter Map
  • 5. The Top 10 Reports for Managing Vulnerabilities page 5 #2 – Unknown Internal Devices This report lists all discovered devices which have not been approved by a company administrator. QualysGuard can detect rogue devices, including virtual hosts that could have possibly been placed on your network. This is important information to have when security administrators are reviewing the network to clean up and eliminate devices placed on the network for malicious purposes or simply those that pose additional risk because of missing patches, unwanted services, etc. This report should be run on daily basis to ensure maximum protection levels are upheld. Once discovered, scans are necessary to investigate the origin of these unknown devices. Lastly, the proper precautions must be taken to prevent further Figure 2: Unknown Devices Report Map Template exposure from occurring. Let’s have a look at two screenshots involved in generating an Unknown Device Report. Figure 2 shows the map report template used to generate the actual report. Note the filter options which include multiple Host Types to include. Only “Rogue” host type is selected for this particular report. It should be noted that the column “A” is empty in Figure 3. “A” stands for “Approved”. In this case, all of the devices in this report have yet to be approved by a systems administrator. Figure 3: Unknown Devices Report Results
  • 6. The Top 10 Reports for Managing Vulnerabilities page 6 Vulnerability Assessment Reports Vulnerability assessment is the process of testing and documenting the effectiveness of both security policies and controls, by examining the network infrastructure for “known bads”. The assessments are performed across network devices and host systems, as well as the services and applications that run on top of them. Scan reports will show what vulnerabilities are present and where they are located, in order to direct administrators towards what needs fixing and in what priority order. This is the cornerstone for effective vulnerability management because this process identifies and communicates the software flaws, missing patches and misconfigura- tions that exist and pose security risks. In scanning live hosts, the mapping generated from the asset discovery step will be used. Asset discovery is the prelude to asset classifications, or groupings, which are further defined by business impact ratings. The severity assigned to each vulnerability will also be used to differentiate the flaws which present the highest danger of exposure. Included in the scan results is information describing the properties of the vulnerability, such as the impact, the type of device made vulnerable, cross references to external vulnerability classification systems (e.g. Bugtraq, CVSS, CVE) and links to other information sources. Also, solution recommendations are included to fix the exposure.
  • 7. The Top 10 Reports for Managing Vulnerabilities page 7 #3 – SANS Top20 Vulnerabilities The third report in our Top 10 list is the SANS Top 20. In June, 2000, the SANS Institute, along with the FBI’s National Infrastructure Protection Center, began publishing a list of the most critical internet security vulnerabilities. The SANS Institute is a trusted source for information security training, certification and research. This list was quickly adopted by organizations worldwide as a standard guide for understanding and assessing for the most dangerous areas of exposures. The list is a consensus of the flaws that require immediate attention, and is developed by leading security experts from multiple countries across the globe. Nearly every year since its beginning, SANS has updated the list to reflect the changes in threat vectors, Figure 4: SANS Top 20 Report with Summary Vulnerability information noting the recent rise in client side, anti-virus and web application vulnerabilities. The QualysGuard SANS Top 20 Report shows the results of vulnerability scans derived from the SANS list. Figure 4 shows the total vulnerabilities found in this assessment, along with the average security risk score. Also note that Qualys offers a SANS Top 20 Scan at no charge to organizations who wish to register: http://sans20.qualys.com. More detail into the specific SANS vulnerabilities that have been identified through the scan is present in Figure 5. This detail includes descriptions, impact and recommended solution. Figure 5: SANS Top 20 Report with Detailed Vulnerability information
  • 8. The Top 10 Reports for Managing Vulnerabilities page 8 #4 – 25 Most Vulnerable Hosts Across any organization, there are those systems that are in worse shape than others. Having a current listing of the hosts with the most critical flaws helps direct the efforts to resolve these issues and lowers the risk to the organization. QualysGuard delivers a ranking - beginning with the most vulnerable asset – based upon the security risk of the assets. QualysGuard determines the security risk from the number and severity of vulnerabilities found during the last scan of each host. Vulnerabilities are weighted on a scale of 1 to 5, with 5 being the most severe. The business risk not only considers the security risk, but also factors in the business impact value placed on the asset. These business asset values are either Critical, High, Medium, Minor or Low. The 25 Most Vulnerable Hosts Report, as shown in Figure 6, lists those assets with the highest number of Severity 4 and 5 vulnerabilities. The hosts are listed in order beginning with the most vulnerable. The report details the number of Severity 4 and 5 vulnerabilities, the business risk and security risk ratings, and also all the asset groups associated with that host. Figure 6: 25 Most Vulnerable Hosts Report
  • 9. The Top 10 Reports for Managing Vulnerabilities page 9 #5 – High Severity Technical Report Whenever full vulnerability reports are generated, there is a lot of information produced for each asset. While valuable, all this information takes time to digest. In some instances, time is of the essence and it is critical to quickly identify and resolve the most dangerous areas of exposure. In these cases, only the highest priority issues are able to garner scarce remediation resources, so only the most severe vulnerabilities are included here. This report presents information about the vulnerabilities with high severity levels only (4 and 5). As seen in Figure 7, only Figure 7: High Severity Report Summary Level 4 and 5 vulnerabilities are listed. The report template filters out all vulnerabilities with severity rankings below Level 4, as well as all potential vulnerabilities (defined as those that cannot be fully verified) and those vulnerabilities categorized as “information only”. Each high severity vulnerability may be viewed in depth for more specific information. This information includes the name, the date first detected and last detected, the port it where it was discovered, the vulnerability identifier, category, and last update, plus other details. It also lists the status (new, active, ignore, etc.). Figure 8 is an example of this detailed information for a Level 5 Microsoft IIS vulnerability with a status of “New”. Figure 8: High Severity Vulnerability Details
  • 10. The Top 10 Reports for Managing Vulnerabilities page 10 #6 – Web Application Scan According to the SANS website at http://www.sans.org/top20, the number of vulnerabilities discovered in open source and custom web applications has grown to account for almost 50% of all vulnerabilities now discovered. The danger here manifests itself when trusted sites are transformed into masked areas used for phishing and other scams. Some of the web application vulnerabilities important to identify and remediate are cross site scripting, SQL injection and remote code execution. As a result, regularly scanning your Web applications is critical IT security component. As web application vulnerabilities are code related, frequent testing should occur during the development of applications as well as their actual deployment. Figure 9 shows how Web Application security threats can be proactively identified to prevent compromise. Figure 9: Web Application Scan Results
  • 11. The Top 10 Reports for Managing Vulnerabilities page 11 Analysis and Correlation Reports After asset information has been gathered and vulnerabilities have been identified, further analysis is often necessary to provide more insight into the security information. This is made feasible through the use of automated solutions to collect, store, compute and present the information through multiple views and in graphical formats. The vulnerability and asset information is kept in a repository where analytical engines can process it further. Examples of this advanced processing include presenting trends in vulnerabilities over time, and correlating known properties of a vulnerability (operating system, ports, services) with those of devices to see which are at highest risk for the presence of a specific vulnerability. As IT operations, systems administration and security move closer together for the goal of improved operational performance, it’s critical for these groups to share information and workflows. For example, IT operations (support staff, help desk personnel) can assist with remediation tasks such as system patching if they have the necessary information about what systems are affected and what software to deploy. This information, along with an assigned individual responsible for action and a date for completion, is summarized in trouble tickets created by QualysGuard. This trouble ticketing helps ensure the timely and proper follow-up to vulnerability and configuration issues, while coordinating the smooth integration of efforts across IT groups. The QualysGuard analysis capability extends into areas such as reviewing the length of time trouble tickets remain open, the number of open trouble tickets in total and by severity, the vulnerabilities by status and severity, and changes in the business risk of asset groups over time. Correlating the severity of a vulnerability with the business value of an asset is important when determining which systems need immediate remediation. This approach results in a better use of resources than one where the most severe vulnerabilities are all resolved concurrently, regardless of whether a machine is used in a test bed or in a live production environment. In addition to the Analysis and Correlation Reports shown here, executive dashboards are a way to view business intelligence and trend results. As long as the dashboards are current and adaptable to changing requirements, they provide “at-a-glance” insight into a company’s vulnerability and risk posture. Dashboards can easily track how long it takes to patch vulnerable systems, for example, or which servers consistently underperform relative to security policy. This aids managers in their understanding of how IT risk is being managed by security and administration teams.
  • 12. The Top 10 Reports for Managing Vulnerabilities page 12 #7 – Vulnerability Trend Report The vulnerability trend report is based upon a specific time period (established by the user) and displays the trends, increasing or decreasing, of vulnerabilities by severity and across categories (types of assets). As with all QualysGuard reports, permissions to create and view the Vulnerability Trend Report is controlled by the user account settings. In Figure 10 below, the trend report was configured for a four month analysis. Another section of the Vulnerability Trend Report (shown in Figure 11), graphs the changes in business risk by asset group over time. QualysGuard allows you to create as many groups as you like and group assets into specific business units in any Figure 10: Vulnerability Trend Summary way desired (by geography, by function, by platform, etc.). Figure 12 shows two more trending graphs for vulnerabilities found by QualysGuard scans. Users have the flexibility to customize graph formats (pie charts, bar charts, etc.). In the “Vulnerabilities by Severity over Time” graph, the total number of vulnerabilities has decreased from June to September. This was lead by a drop in the Severity 1, 4 and 5 vulnerabilities, which offset a rise in the Severity 2 and 3 vulnerabilities during this time. Figure 11: Vulnerability Trend Business Risk Graph Figure 12: Vulnerability Trending by Severity and Status
  • 13. The Top 10 Reports for Managing Vulnerabilities page 13 #8 – Risk Analysis Report This report may be run prior to an actual vulnerability scan. The user directs a vulnerability to be correlated with the attributes of a specified host or asset group. Analysis is performed to determine the exposure level this asset contains. The more matches the vulnerability has with the asset, across attributes such as operating system, ports and services, the higher the risk level. The Risk Analysis Report identifies the hosts that are likely exposed to the specified vulnerability. By comparing vulnerability exploit data to known information from past scans, QualysGuard is able to determine whether hosts are likely to be at risk to a new vulnerability - even before a scan is launched! For example, if you receive new information on Microsoft’s Patch Tuesday, but cannot scan before the week-end to assess your environment, this report will deliver probabilities on which hosts will be most impacted in the interim. This information can then be used to develop an emergency action plan to protect you until full scanning and patching occurs. Figure 13: Risk Analysis Report
  • 14. The Top 10 Reports for Managing Vulnerabilities page 14 Remediation and Validation Reports Of course, it’s not enough to simply identify the vulnerabilities or track their growth. The bottom line in the vulnerability management lifecycle is more results oriented – to resolve the causes of those software flaws or configuration errors. At this point is where remediation comes into primary focus. Even when new patches are available, there may be a delay in applying them due to the time required for implementation, or fears about the potential impact to the availability and performance of IT assets. An example of this behavior is found in the Conficker Worm. The Conficker Worm exploits the MS08-67 vulnerability in the Microsoft Windows Server Service. Even though Microsoft released the patch for MS08-67 in October, 2008, the number of PCs infected since that time is estimated to be in the range of 5 to 10 million, primarily on corporate and government computers. Coordination of remediation efforts, often by using an automated trouble ticketing system, helps organizations proactively manage what needs to be fixed, and by whom. Automated notifications and reports allow for the workflow required to keep remediation tasks on target and prevent gaps in protection. The prioritization by business impact ensures the most valuable systems are addressed first. Less critical assets then may be handled on regularly scheduled dates, such as a monthly patch or configuration change cycle. After patching or implementing other configuration changes, rescanning IP addresses is necessary to ensure the fix is complete and no other issues have been created as a result of the change. Accurate and timely reporting is important at this stage because remediation tasks are often performed by a different team than the security group which identified the exposure. IT security will most likely perform the scan. Then, systems administrators or IT operations staff (helpdesk, support) will implement the fix. Remediation and validation reports are useful to achieve better understanding of how quickly and thoroughly your organization responds and resolves security issues. When results are less than desired, improvements in the incident management process can be made.
  • 15. The Top 10 Reports for Managing Vulnerabilities page 15 #9 – Open Tickets Report The QualysGuard native ticketing and remediation functions ensure outstanding issues are scheduled for completion and vulnerabilities are resolved before further damage is done. Each vulnerability is individually tracked until it is fixed. This automated remediation and trouble ticketing workflow generates tickets base on policy rules. These rules define specific criteria that trigger response actions when met. For example, a rule can be created such that a trouble ticket is opened whenever a Level 4 or 5 vulnerability is identified. The rule will establish the assigned individual, let’s say the administrator who ran the scan, and the time period (perhaps two days) for remediation. The ninth report in our Top 10 list is the Open Tickets. As seen below in Figure 14, this lists the tickets and may be sorted by ticket number, status, due date or others. Each ticket is assigned a unique number with general information, vulnerability details, remediation history and required actions. Each ticket owner is also listed. Viewers of this report have the option of drilling down into the report to gain additional information associated with the ticket, such as its history. Figure 14: Open Tickets Report QualysGuard further aids in the remediation process by delivering automated ticket notification emails. These notifications are sent to each user who has open trouble tickets assigned to them. The ticket statistics in the notification include the number of open tickets which are overdue (those past the scheduled resolution date) and the number which are not overdue, the tickets resolved and the tickets closed. A QualysGuard hyperlink is also included for recipients to easily click and check on the details of their assigned tickets.
  • 16. The Top 10 Reports for Managing Vulnerabilities page 16 #10 – Executive Review – Remediation Report In addition to providing the detail by user of the status of open tickets, QualysGuard also makes available summary levels for reviewing trouble tickets. Users select which asset groups and which users to include in the report settings. Figure 15 below is an example of the trouble ticket statistics presented; you see not only the number of tickets resolved and still open (by severity level), but also view the number overdue and the average time in days for ticket resolution. These statistics are very useful when assessing the performance of the groups involved in vulnerability resolution, and deliver metrics to gauge improvements made over time. Figure 15: Remediation Report – Tickets by Severity and Open Tickets Figure 16 shows more ticket trending information in graphical format. These statistics are often required for weekly status meetings, presentations to management and to demonstrate achievement in Service Level Agreements (SLAs). You can see here the drastic increase in the number of open (and closed) tickets during the last week of this report, alerting executives “at-a-glance” to the increased activity. Figure 16: Remediation Report – Aggregate Ticket Changes
  • 17. The Top 10 Reports for Managing Vulnerabilities page 17 Summary So there you have it – the Top 10 Reports for Managing Vulnerabilities. By looking across the complete lifecycle of vulnerability management, starting with asset discovery and ending with remediation and verification, the breadth and depth of the information to be gathered, analyzed, stored and communicated is seen in full force. This is what makes true vulnerability management different that just vulnerability scanning. And this lifecycle approach, along with well defined and customizable reporting, is what sets Qualys apart. By providing easy to understand reports, such as the Network Perimeter Map, the SANS Top 20 Report, the High Severity Technical Report and the Remediation Report, QualysGuard delivers thorough overviews to executives along with the detailed breakdown and analysis for IT security, systems administration and IT operations. By combining hosts into asset groups, assigning business impact weightings and calculating Security Risk and Business Risk metrics, QualysGuard provides a solution that is quick to deploy and easy to use, resulting in increased security posture and compliance with regulatory and standards requirements. USA – Qualys, Inc. • 1600 Bridge Parkway, Redwood Shores, CA 94065 • T: 1 (650) 801 6100 • sales@qualys.com UK – Qualys, Ltd. • Beechwood House, 2nd Floor, 10 Windsor Road, Slough, Berkshire, SL1 2EJ • T: +44 (0) 1753 872101 Germany – Qualys GmbH • München Airport, Terminalstrasse Mitte 18, 85356 München • T: +49 (0) 89 97007 146 France – Qualys Technologies • Maison de la Défense, 7 Place de la Défense, 92400 Courbevoie • T: +33 (0) 1 41 97 35 70 Japan – Qualys Japan K.K. • Pacific Century Place 8F, 1-11-1 Marunouchi, Chiyoda-ku, 100-6208 Tokyo • T: +81 3 6860 8296 United Arab Emirates – Qualys FZE • P.O Box 10559, Ras Al Khaimah, United Arab Emirates • T: +971 7 204 1225 www.qualys.com China – Qualys Hong Kong Ltd. • Suite 1901, Tower B, TYG Center, C2 North Rd, East Third Ring Rd, Chaoyang District, Beijing • T: +86 10 84417495 © Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners. 09/09