1. Continuous Security and Compliance Monitoring
for Global IT Assets
January 18, 2018
Chris Carlson
VP, Product Management
Qualys, Inc.

2. WannaCry: Observations of Qualys Threat Data
Inadequate Patching timing: high severity
vulnerabilities are taking 100+ days to
patch/configure/correct
Exploits and attacks patterns are speeding
up and taking
< 30 days on average (WannaCry was
distributed in 26 days)
2

3. WannaCry (MS17-010) and VM Scanning
Auth Scanning / Agent
EternalBlue released
New Auth Scanning / New
Agent Deployment
WannaCry Released
Organizations doing
continuous VM
assessment with
agent / authenticated
scanning
and
aggressively
patching
were much less
impacted by
WannaCry
3

4. The core IT service areas must be improved
Asset Identification, Monitoring all enterprise assets
Alert Speed, Triage Accuracy, Enabling effective response
Effective Vulnerability Remediation for real risks targeting
individual environments (emergency) vs. commodity risks
Asset & Configuration Management / Build Compliance
Network Architecture and Segmentation gaps – on-premise,
cloud and remote-users
Observations of Qualys Threat Data
4

5. How?
5

6. Transition from Point-in-Time Assessments
to
Continuous Security and Compliance Monitoring
6

7. Why? What factors are driving this?
• Rapidly reducing time from Vulnerability to Attack
• Attacks shifting to organized crime and ransomware
• Board-level / C-suite visibility and impact to security events
• Digital Transformation is creating an IT Transformation
Are you prepared?
7

8. Digital Transformation is Driving IT Transformation for
Organizations
Private Clouds
Enterprise On
Premise
Remote
End Users
Internet
Public Clouds
8

9. … But creates new Challenges for Security
Private Clouds
Enterprise On
Premise
Remote
End Users
Can’t scan remote users
Don’t know how many assets you have
Don’t know when those assets are running
Credential issues / Authentication failures
Monthly / weekly scanning too slow
9

10. End-to-end Security Architecture
Automated Continuous Monitoring & Response
Discovery
On-Prem
Cloud
Mobile Devices
OT/ICS
IoT
CMDB
Inventory
Prevention
Security Hygiene
Vulnerability
Assessment
Threat Prioritization
Patch Management
Configuration
Assessment
Detection
Endpoint Activity
Cloud Infra
Monitoring
Network Activity
Response
Security
Orchestration
Incident Response
Quarantine
NAC
10

11. Qualys Sensors
Scalable, self-updating & centrally managed
Physical
Legacy data
centers
Corporate
infrastructure
Continuous
security and
compliance
scanning
Virtual
Private cloud
infrastructure
Virtualized
Infrastructure
Continuous
security and
compliance
scanning
Cloud/Container
Commercial IaaS &
PaaS clouds
Pre-certified in market
place
Fully automated with
API orchestration
Continuous security
and compliance
scanning
Cloud Agents
Light weight, multi-
platform
On premise, elastic
cloud & endpoints
Real-time data
collection
Continuous evaluation
on platform for security
and compliance
Passive
Passively sniff on
network
Real-time device
discovery &
identification
Identification of APT
network traffic
Extract malware files
from network for
analysis
API
Integration with
Threat Intel feeds
CMDB Integration
Log connectors
11

12. Qualys Cloud Agent
Lightweight
Software Agent
(collects metadata only)
On-Premise
Servers,
Public Cloud,
Remote
Endpoints
Windows, Linux,
Mac,
AIX
Delivers Multiple
Security
Functions in one
Agent
12

13. Qualys Suite of
Applications
Central Management / API
Efficient Network Usage
(Delta Processing average)
Qualys
Platform
Cloud Agent
50 - 350 KB / day
Lightweight Metadata
Acquisition Resources
1% CPU (tunable)
3 MB applicationWindows, Linux, Mac, AIX
13

14. Cloud Agent Extends Network Scanning
No scan windows needed
Find vulnerabilities faster
Detect a fixed vulnerability faster
No firewall changes or network impact
Best for assets that can’t be scanned
Unable to get credentials / authentication failures
Remote / roaming user assets
Remote systems that can’t be scanned
Cloud / Elastic deployments
Servers sensitive to port scans
14

15. Try and Manage Apps on one Cloud Agent
End the fight with IT to deploy security agents!

16. DEMO
16

17. Selected Cloud Agent Deployments
Ecommerce Company
1,200,000 scope
(1M cloud + 150k users)
Financial Services 270,000 Windows (8K/wk)
Financial Services 25,000 user machines
Ecommerce 65,000 ~ 95,000 AWS
Oil Field Services 4,000 remote servers
Rx30 Pharmacy Management 4,500 servers/users/cloud
ACI Worldwide Payment Systems 1,500 servers/users
17

18. Global Pharmaceutical Company (Case Study)
Challenges • No vulnerability visibility of user endpoint machines
• Authenticated Scanning Failures on server machines
• Windows – 20% Failure rates
• Linux – 60% Failure rates
• Weekly scanning created gaps in reporting
• New IT initiative for AWS and Azure development difficult
to scan
• Deployed 75,000 Cloud Agents on user endpoints for
continuous visibility both on and off the network
• Deployed 20,000 Cloud Agents for on-premise servers to
overcome their authentication failures
• Cloud Agent finds new and fixed vulnerabilities faster than
scanning
• Building the Cloud Agent into gold cloud images
Solutions
Outcome
Customer
Global Pharmaceutical
Company
Industry
Pharmaceutical
Biopharmaceutical
Life Sciences
Qualys Applications
18

19. 1+ trillion
Security Events
3+ billion
IP Scans/Audits a Year
99.9996%
Six Sigma Scanning Accuracy
250+ billion
Data Points Indexed on
Elasticsearch Clusters
Single Pane of Glass
Via dynamic and customizable dashboards and centrally
managed, self-updating, integrated Cloud Apps
19

20. Thank You
qualys.com/trial
ccarlson@qualys.com
20