QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
•
0 j'aime•2,918 vues
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (17)
Similaire à QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
Similaire à QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014 (20)
Plus de Risk Analysis Consultants, s.r.o.
Plus de Risk Analysis Consultants, s.r.o. (20)
Dernier
Dernier (20)
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
- 1. Marek Skalicky, CISM, CRISC Managing Director for Central Eastern Europe Qualys GmbH September, 2013 QualysGuard RoadMap for H2-‐2013/H1-‐2014 Transforming IT Security & Compliance
- 2. Uses the Extensible QG Cloud PlaEorm 2 Expanding to Real-‐Time Big Data and CorrelaIon
- 3. Leveraging the PlaEorm New Services in Development ConInuous Perimeter Monitoring Alerts in real Ime of new vulnerabiliIes, misconfiguraIon and zero days (Q3’13 Beta) Mobile Device Security & Compliance Cloud Security Agent scalable to millions of devices (Q3’13 Beta-‐ on Windows) Web ApplicaIon AnalyIcs Big data correlaIon cloud backend to correlate all applicaIon info (Q1’14 Beta) Secure Web Gateway/URL/Content Filtering Based on the QualysGuard Cloud PlaEorm and Cloud Security Agent (Q1’14 Beta) Web Exploit/RemediaIon Console Verifies vulnerabiliIes, generates exploits and integrates with Burp Suite (Q4’13 Beta) Malware ProtecIon Services Alert on Malware Threats and APT (Q2’14 Beta) 3
- 4. ConInuous Perimeter Monitoring • New metaphor for Perimeter Security (Data/Event Driven)* • ConInuous network mapping and low profile vulnerability scanning of Internet Perimeter • Instant noIficaIon on any Perimeter fingerprint changes: • New IP discovered • New TCP/UDP port/service open • New version of OS or App • New vulnerability discovered *Launch at the Qualys Security Conference Sept 2013 4
- 5. Mobile Device Security & Compliance agent • First-‐Ime-‐ever Agent-‐based soluIon from Qualys (runs as SaaS) • Periodic Security & Compliance audit of mobile devices (plaEorms) configuraIon • Pilot version for Windows 7/8 plaEorms • Next version for Mac OS (H1-‐2014) • Android, iOS, Windows Mobile (H1-‐2014) 5
- 6. DETECTION PREVENTION REMEDIATION FORENSICS WebAppScanning MalwareDetection WebApplicationFirewall Exploits BURPSuiteSourceCode Log Analysis WEB APPS Qualys Strategy for Web App Security • Detec@on – WAS, MDS • Protec@on – WAF* • Monitoring/Forensics – Log Analysis* • Remedia@on – Interac4ve Tes4ng Tools* – Remedia4on Workflow* – SCA Correla4on* 6 *Services in development
- 7. DETECT ANALYZE PROTECT COMPLY Discovery Catolog VulnAppScanningMalwareDetection WebAppFirewall PCI OWASP WEB APPS Benefits of QG WAS Approach QualysGuard plaEorm delivers integrated soluIons • Distributed Scanning – Cloud/Internal/Virtual • Highly Automated – Integrated Browser • Accurate – Low False-‐PosiIve Rate • Integrated – Reuse QA Selenium FuncIonal TesIng Scripts 7
- 8. 8 Web ApplicaIon Scanning 3.0 Integrates Malware DetecIon and Burp Suite Large deployments at Microsoe and others
- 9. QG WAS Today Best PracIces Scanning SoluIon • Collabora@on – Involve all the ApplicaIon Stakeholders • Ease of Use – Dashboard/Wizards/Context sensiIve • Vulnerability Metrics – Tag based reporIng – Configurable Formats 9
- 10. QG WAS 3.0 Integrated Website Malware Monitoring • Malware Protec@on – Safeguard your website users and brand reputaIon • 4 Detec@on Techniques – AnIvirus – for documents – HeurisIc – ReputaIon – Behavioral • Addresses – Zero Day Risk 10
- 11. QG WAS 3.0 Aiack Proxy IntegraIon – Phase 1 • Store and manage – Burp scan data – Share safely • Act on Burp scan findings – Associate with web app – Mark as risk accepted, etc – Filter based on aiributes 11
- 12. QG WAS DirecIons in 2013/2014 Full Web App TesIng SoluIon • Addi@onal Interac@ve Tools Support (Burp/ZAP) – Store Manual Findings – Trend/Report with Automated findings – Complete Web App TesIng Picture – Send WAS Aiack Requests to aiack proxies • Remedia@on Workflow • SCA Correla@on 12
- 13. QG WAS Release Timeline WAS 2.1 Selenium Authentication November 2011 WAS 2.2 APIs January 2012 WAS 2.3 Selenium Crawl Scripts April 2012 WAS 2.3.1 Workflow Enhancements July 2012 WAS 2.3.2 Web App Management Oct 2012 WAS 2.4 Reporting Enhancements Dec 2012 WAS 3.0 Malware Scanning and Burp Scan Results Q2 2013 7 Releases Since November 2011
- 14. QG WAS Roadmap US release targets (EU approx 15 days later) WAS 3.0 Q2 2013 • Malware Scanning • Configure Malware scanning of external websites • Notify subscription owners when Malware identified • Import Burp Pro Scanning Results • Store Burp and WAS results in one place • Browse Burp Findings WAS 3.1 Q2/Q3 2013 • Tree Control to display the site map (collapsable/ drillable) • Current statuses • Create web app from branch • Black list for branch • Filter views • Single (latest) scan for web app level, scans have their own • Dedicated Authentication Records WAS 3.2 Q3 2013 • User Defined Vulnerability Definitions in Qualys • Users to define attributes of vulnerabilities - by subscription • Define description, impact, solution, severity level etc • Enable user defined vulnerabilities and evidence to be associated with web app • Detection API (tenative) • Limit scans to time limit (user specifies end date/ time)
- 15. QG WAS Customers: • Use VM to discover vulnerabiliIes on OS, TCP/UDP layer and Web Server Engines (IIS, Apache, … ) • Deploy virtual patches to WAF using the vulnerabiliIes idenIfied in WAS – WAS already supports Imperva, F5, Citrix • Combine WAS and MDS scanning of sites • WAF to provide WAS/MDS with site resource structure to ensure complete scanning coverage • WA Log Analyzer integraIon – entering the SIEM in SaaS model • WA SCA Analyzer integraIon -‐ Service Component Architecture assessment. WAS VM QG Web App Security SoluIons Seamless integraIon with other Qualys services 15 MDS WA LogA WAF WA SCA
- 16. hip://www.qualys.com/waf QG Web ApplicaIon Firewall (Beta 2 for Amazon EC/2 and VMware) § Hybrid Cloud WAF – Provides protecIon against known and emerging web applicaIon threats, and helps increase web site performance through caching, compression and content opImizaIon, with no equipment needed. § Benefits – Zero/Low-‐footprint, low cost deployment – Ease of use, ease of maintenance – Real-‐Ime aiack prevenIon Virtual patching and applicaIon hardening 16
- 17. • AYack detec@on and preven@on − Security policy enforcement − ApplicaIon hardening − Spam and malware detecIon − InformaIon leakage detecIon − ConInuous passive applicaIon scanning QG Web App Firewall Stop unwanted traffic and prevent informaIon leakage 17
- 18. QualysGuard Private Cloud PlaEorm (VCE VBLOCK ImplementaIon) 18 24x7x365 Monitoring and Support Daily Vulnerability Feeds Bi-‐quarterly PlaEorm Updates SOC VMware ESX and ESXi § VCE = VMware + Cisco + EMC plaEorm § Extends the reach of Qualys by enabling MSSPs, large Enterprises, Government or Military agencies to deploy the QualysGuard Cloud plaEorm in their own data center. § Remotely provided by Qualys as SaaS service: § Fully Connected § Semi Connected § Fully Disconnected
- 19. 19 Security Operations Center: 24x7x365 Operation, Administration and Maintenance (OAM) Platform Software Update (iterations every 6 weeks) QualysGuard Private Cloud Platform Vulnerability Office Daily Updates Qualys or customer IPsec VPN Endpoint Optional customer firewall for filtering and logging Qualys platform firewall filtering VPN access Qualys platform firewall filtering service access Optional customer access gateway or bastion host configured to suit customer authentication and logging requirements Qualys platform IPS filtering service access Qualys platform IPS filtering VPN access Optionally customer can gate SOC access to the platform, only allowing access when required by Qualys through a change management request Private Cloud OperaIon and Maintenance
- 20. Qualys Cloud Deployment Model 20
- 21. Thank You mskalicky@qualys.com Transforming IT Security & Compliance