Managing Risk and Vulnerabilities
in a Business Context
Corey BodzinVP of Product Management
Qualys
Nimmy ReichenbergVP of Strategy
AlgoSec
Kevin BeaverCISSP
Principle Logic, LLC
Tennyson would be impressed…
• NVD 60,865 CVEs since 1999
• 7,322 published in 2013 alone
• 385 Severity 5’s published by Qualys in 2013
• 4 iDefense Exclusive Zero-Day vulnerabilities in
just February alone!
“Risk and the accountability for risk
acceptance are — and should be —
owned by the business units creating
and managing those risks.”- Paul Proctor, VP, Distinguished Analyst
Severity Threat Path Analysis Asset Tagging
Cri!cal ≠ ImportantAssume everything is
“Hackable”
VERY difficult to maintain
with pace of change
Byserver/device22%
By network segment
30%
By business application
48%
What is your ideal method for prioritizing network vulnerabilities?
Source: Examining the Impact of Security
Management on the Business, AlgoSec, Oct 2013
The Impact of the Cloud and SDN
on IT Risk and Policy Management
Integration between
Qualys and AlgoSec
QualysGuard Integrated Suite
of Security & Compliance Solutions
*In Beta
Vulnerability
Management
Policy
Compliance
Customizable
QuestionnairesPCI
DSS
Web Application
Scanning
Malware
DetectionWeb Application
FirewallWeb Application
Log Analysis
Continuous
Monitoring
* **
Asset
Management
* *
Qualys Drives Visibility
VMware ESX and ESXi
Physical Scanners
BrowserPlugins
MobileAgents
VirtualScanners
Hypervisor
IaaS/PaaS
PerimeterScanners
Analysis Drives Action
Who is the owner?What business processes does it support?Are there regulatory requirements?
Who is the last logged on user?Is there customer data present?What is the SLA for patching?
Physical Scanners
MobileAgents
Firewall Analyzer
Security Policy
Analysis & Audit
FireFlow
Security Policy
Change Automation
BusinessFlow
Business Application
Connectivity MgmtBusiness Applications
Security Infrastructure
Application Owners
AlgoSec Security Management Suite
SecurityNetwork Operations
AlgoSec Security Management Suite
Next Steps and Q&A
Security Policy
Management in the
Data Center for
Dummies:
Available at
www.algosec.com
Read Kevin’s Books, blogs and
columns at
www.principlelogic.com/resources
and blog.algosec.com/author/kbeaver
Follow Kevin’s musings on
Twittter at @kevinbeaverRequest an Evaluation of the
AlgoSec Suite:
www.algosec.com/eval
Visit us at
www.qualys.com
QualysGuard Free Trial
www.qualys.com/trials
For future webcasts visit us at
www.qualys.com/webcasts
Managing Risk and Vulnerabilities
in a Business Context
Top Related