Corey  Bodzin  VP  of  Product  Management  -­‐    Network  Threat  Intelligence  

QualysGuard  Con2nuous  Monitoring  

The  QualysGuard  Pla>orm  

2   *In Beta

Vulnerability Management

Policy Compliance

Customizable Questionnaires

PCI DSS

Web Application Scanning

Malware Detection

Web Application Firewall

Web Application Log Analysis

Continuous Monitoring

*   *  *  

Asset Management

VMVMAMAMCMCM PCIPCI PCPC QSQS MDSMDS LMLMWASWAS WAFWAF* *

Rapid  EvoluEon  of  Corporate  Networks  and  of  the  Threat  Landscape  

Our  Challenge…    Build  Security  Into  this    New  Infrastructure                                                              

and  Make  it  Invisible  

Corporate Networks

Private Clouds

Internet

SaaS

PaaS/IaaS

Attack Kits

Targeted Attacks Social

Networking

Zero Days

Mobile Threats

Phishing

QualysGuard

Changes  ResulEng  from  this  EvoluEon  

Your  perimeter  is  your  business  Walmart  UK  eCommerce  Grew  18%  in  20131  Global  eCommerce  grew  from  $10B  to  $13B  in  2013  

The  Internet  is  a  dangerous  place  to  do  business  $11.5M  avg.  annualized  organizaEonal  cost,  up  26%  from  20122  £27B  annual  cost  to  the  UK  economy  in  2011  

BeAer  monitoring  reduces  the  risk  and  cost  OrganizaEons  efficient  at  detecEon  saved  nearly  $4  million  per  year3  

4  

1  –  internetRetailer,    2  –  InfoSec  InsEtute,    3  –  Ponemon  InsEtute  

What  is  Needed  to  Drive  Security?  

5  

Your  security  team  should  have  tools  at  least  as  good  as  your  aAackers.  

 

Con2nuous  Assessment  

Comprehensive  Analysis  

Timely  Ac2on  

 

TradiEonal  Approach  ..  §  Periodic  Scanning

§  Review  and  act  based  on  staEc  reports  

§  Sort/prioriEze  through  heaps  of  data  

 

Then  wait  unEl  the  next  Eme  you  scan  and  repeat  the  enEre  process  again  and  again  –  simply  doesn’t  Scale    

 

Leaving  plenty  of  Eme  for  hackers  ...  

   

1.  Scan 2.  Report

3.  Repeat

7  

1+  Billion  Scans  Per  Year  

Installed  Sohware  

VulnerabiliEes  

Open  Ports  

SSL  CerEficates  

far  more  than  just  vulnerability  data.  

Web  App  Bugs  

Malware  

Compliance  and  ConfiguraEon  

Web  ApplicaEon  Firewall  Events  

Qualys  ConEnuous  Perimeter  Monitoring  

8  

How  ConEnuous  Monitoring  Works  

Leverage  Exis2ng  Scans  Nothing  new  required  –  just  scan  as  normal  Leverage  Qualys’  global  cloud  infrastructure  scale  as  needed  

Define  Your  Needs  Whitelists  and  blacklists  of  ports,  OSes,  cerEficate  providers,  etc.  Important  changes  –  new  hosts  added,  cerEficates  nearing  expiraEon,  etc.  

Inform  Via  Alerts  Distribute  email  alerts  to  any  users  or  systems  that  need  to  know  Alerts  sent  as  ohen  as  every  5  minutes  or  grouped  every  day/week  

9  

Configure  Assets  to  Monitor  

10  

Determine  Baselines  and  ViolaEons  

11  

Alert  Analysts,  Admins,  and  Stakeholders  

12  

ConEnuously  Monitor  AcEvity  

13  

Why  is  ConEnuous  Monitoring  Unique?  

Truly  Con2nuous  Monitoring  Scan  as  ohen  as  needed  with  only  a  browser  required  No  addiEonal  costs  for  taps,  span  ports,  or  addiEonal  infrastructure  

Automated  Analysis  Define  how  your  business  works;  the  system  with  then  find  vulnerabiliEes,  misconfiguraEons,  and  process  problems  automaEcally.  

Alerts  Drive  Ac2on  Timely  and  targeted  alerts  to  ensure  you’re  informed  and  protected  

14  

What  Makes  Qualys  Unique  

15  

Cloud  Based  Architecture  

Easy  to  Use  –  Easy  to  Deploy  

High  Accuracy  –  No  Hidden  Costs  

Large  and  Growing  Community  

New  Services  in  the  Making    

 

A  highly  scalable  Pla>orm  that  allows  Qualys  to  maintain  significant  investments  in  infrastructure  and  engineering,  delivering  lower  TCO  and  the  best  customer  sa2sfac2on  

 cbodzin@qualys.com

Thank  You