Axa Assurance Maroc - Insurer Innovation Award 2024
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
1.
Marek
Skalicky,
CISM,
CRISC
Managing
Director
for
Central
Eastern
Europe
Qualys
GmbH
September,
2013
QualysGuard
RoadMap
for
H2-‐2013/H1-‐2014
Transforming
IT
Security
&
Compliance
2. Uses
the
Extensible
QG
Cloud
PlaEorm
2
Expanding
to
Real-‐Time
Big
Data
and
CorrelaIon
3.
Leveraging
the
PlaEorm
New
Services
in
Development
ConInuous
Perimeter
Monitoring
Alerts
in
real
Ime
of
new
vulnerabiliIes,
misconfiguraIon
and
zero
days
(Q3’13
Beta)
Mobile
Device
Security
&
Compliance
Cloud
Security
Agent
scalable
to
millions
of
devices
(Q3’13
Beta-‐
on
Windows)
Web
ApplicaIon
AnalyIcs
Big
data
correlaIon
cloud
backend
to
correlate
all
applicaIon
info
(Q1’14
Beta)
Secure
Web
Gateway/URL/Content
Filtering
Based
on
the
QualysGuard
Cloud
PlaEorm
and
Cloud
Security
Agent
(Q1’14
Beta)
Web
Exploit/RemediaIon
Console
Verifies
vulnerabiliIes,
generates
exploits
and
integrates
with
Burp
Suite
(Q4’13
Beta)
Malware
ProtecIon
Services
Alert
on
Malware
Threats
and
APT
(Q2’14
Beta)
3
4. ConInuous
Perimeter
Monitoring
• New
metaphor
for
Perimeter
Security
(Data/Event
Driven)*
• ConInuous
network
mapping
and
low
profile
vulnerability
scanning
of
Internet
Perimeter
• Instant
noIficaIon
on
any
Perimeter
fingerprint
changes:
• New
IP
discovered
• New
TCP/UDP
port/service
open
• New
version
of
OS
or
App
• New
vulnerability
discovered
*Launch
at
the
Qualys
Security
Conference
Sept
2013
4
5. Mobile
Device
Security
&
Compliance
agent
• First-‐Ime-‐ever
Agent-‐based
soluIon
from
Qualys
(runs
as
SaaS)
• Periodic
Security
&
Compliance
audit
of
mobile
devices
(plaEorms)
configuraIon
• Pilot
version
for
Windows
7/8
plaEorms
• Next
version
for
Mac
OS
(H1-‐2014)
• Android,
iOS,
Windows
Mobile
(H1-‐2014)
5
8. 8
Web
ApplicaIon
Scanning
3.0
Integrates
Malware
DetecIon
and
Burp
Suite
Large
deployments
at
Microsoe
and
others
9. QG
WAS
Today
Best
PracIces
Scanning
SoluIon
• Collabora@on
– Involve
all
the
ApplicaIon
Stakeholders
• Ease
of
Use
– Dashboard/Wizards/Context
sensiIve
• Vulnerability
Metrics
– Tag
based
reporIng
– Configurable
Formats
9
10. QG
WAS
3.0
Integrated
Website
Malware
Monitoring
• Malware
Protec@on
– Safeguard
your
website
users
and
brand
reputaIon
• 4
Detec@on
Techniques
– AnIvirus
–
for
documents
– HeurisIc
– ReputaIon
– Behavioral
• Addresses
– Zero
Day
Risk
10
11. QG
WAS
3.0
Aiack
Proxy
IntegraIon
–
Phase
1
• Store
and
manage
– Burp
scan
data
– Share
safely
• Act
on
Burp
scan
findings
– Associate
with
web
app
– Mark
as
risk
accepted,
etc
– Filter
based
on
aiributes
11
12. QG
WAS
DirecIons
in
2013/2014
Full
Web
App
TesIng
SoluIon
• Addi@onal
Interac@ve
Tools
Support
(Burp/ZAP)
– Store
Manual
Findings
– Trend/Report
with
Automated
findings
– Complete
Web
App
TesIng
Picture
– Send
WAS
Aiack
Requests
to
aiack
proxies
• Remedia@on
Workflow
• SCA
Correla@on
12
13. QG
WAS
Release
Timeline
WAS 2.1
Selenium
Authentication
November
2011
WAS 2.2
APIs
January
2012
WAS 2.3
Selenium
Crawl
Scripts
April 2012
WAS 2.3.1
Workflow
Enhancements
July 2012
WAS 2.3.2
Web App
Management
Oct 2012
WAS 2.4
Reporting
Enhancements
Dec 2012
WAS 3.0
Malware
Scanning
and Burp
Scan
Results
Q2 2013
7 Releases Since November 2011
14. QG
WAS
Roadmap
US
release
targets
(EU
approx
15
days
later)
WAS 3.0
Q2 2013
• Malware Scanning
• Configure Malware
scanning of external
websites
• Notify subscription owners
when Malware identified
• Import Burp Pro Scanning
Results
• Store Burp and WAS
results in one place
• Browse Burp Findings
WAS 3.1
Q2/Q3 2013
• Tree Control to display the
site map (collapsable/
drillable)
• Current statuses
• Create web app from
branch
• Black list for branch
• Filter views
• Single (latest) scan for web
app level, scans have their
own
• Dedicated Authentication
Records
WAS 3.2
Q3 2013
• User Defined Vulnerability
Definitions in Qualys
• Users to define attributes
of vulnerabilities - by
subscription
• Define description, impact,
solution, severity level etc
• Enable user defined
vulnerabilities and
evidence to be associated
with web app
• Detection API (tenative)
• Limit scans to time limit
(user specifies end date/
time)
15. QG WAS Customers:
• Use
VM
to
discover
vulnerabiliIes
on
OS,
TCP/UDP
layer
and
Web
Server
Engines
(IIS,
Apache,
…
)
• Deploy
virtual
patches
to
WAF
using
the
vulnerabiliIes
idenIfied
in
WAS
– WAS
already
supports
Imperva,
F5,
Citrix
• Combine
WAS
and
MDS
scanning
of
sites
• WAF
to
provide
WAS/MDS
with
site
resource
structure
to
ensure
complete
scanning
coverage
• WA
Log
Analyzer
integraIon
–
entering
the
SIEM
in
SaaS
model
• WA
SCA
Analyzer
integraIon
-‐
Service
Component
Architecture
assessment.
WAS
VM
QG
Web
App
Security
SoluIons
Seamless
integraIon
with
other
Qualys
services
15
MDS
WA
LogA
WAF
WA
SCA
16. hip://www.qualys.com/waf
QG
Web
ApplicaIon
Firewall
(Beta
2
for
Amazon
EC/2
and
VMware)
§ Hybrid
Cloud
WAF
– Provides
protecIon
against
known
and
emerging
web
applicaIon
threats,
and
helps
increase
web
site
performance
through
caching,
compression
and
content
opImizaIon,
with
no
equipment
needed.
§ Benefits
– Zero/Low-‐footprint,
low
cost
deployment
– Ease
of
use,
ease
of
maintenance
– Real-‐Ime
aiack
prevenIon
Virtual
patching
and
applicaIon
hardening
16
17. • AYack
detec@on
and
preven@on
− Security
policy
enforcement
− ApplicaIon
hardening
− Spam
and
malware
detecIon
− InformaIon
leakage
detecIon
− ConInuous
passive
applicaIon
scanning
QG
Web
App
Firewall
Stop
unwanted
traffic
and
prevent
informaIon
leakage
17
18. QualysGuard
Private
Cloud
PlaEorm
(VCE
VBLOCK
ImplementaIon)
18
24x7x365
Monitoring
and
Support
Daily
Vulnerability
Feeds
Bi-‐quarterly
PlaEorm
Updates
SOC
VMware
ESX
and
ESXi
§ VCE
=
VMware
+
Cisco
+
EMC
plaEorm
§ Extends
the
reach
of
Qualys
by
enabling
MSSPs,
large
Enterprises,
Government
or
Military
agencies
to
deploy
the
QualysGuard
Cloud
plaEorm
in
their
own
data
center.
§ Remotely
provided
by
Qualys
as
SaaS
service:
§ Fully
Connected
§ Semi
Connected
§ Fully
Disconnected
19. 19
Security Operations Center: 24x7x365
Operation, Administration and Maintenance (OAM)
Platform Software Update (iterations every 6 weeks)
QualysGuard Private
Cloud Platform
Vulnerability Office
Daily Updates
Qualys or customer
IPsec VPN Endpoint
Optional customer
firewall for filtering
and logging
Qualys platform
firewall filtering VPN
access
Qualys platform
firewall filtering
service access
Optional customer access gateway or
bastion host configured to suit customer
authentication and logging requirements
Qualys platform IPS
filtering service
access
Qualys platform IPS
filtering VPN access
Optionally customer can gate SOC access to the
platform, only allowing access when required by
Qualys through a change management request
Private
Cloud
OperaIon
and
Maintenance