QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
-
Upload
risk-analysis-consultants-sro -
Category
Technology
-
view
654 -
download
1
description
Transcript of QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014
![Page 1: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/1.jpg)
Marek Skalicky, CISM, CRISC
Managing Director for Central Eastern Europe
Qualys GmbH September, 2013
QualysGuard RoadMap for H2-‐2013/H1-‐2014
Transforming IT Security & Compliance
![Page 2: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/2.jpg)
Uses the Extensible QG Cloud PlaEorm
2
Expanding to Real-‐Time Big Data and CorrelaIon
![Page 3: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/3.jpg)
Leveraging the PlaEorm New Services in Development ConInuous Perimeter Monitoring
Alerts in real Ime of new vulnerabiliIes, misconfiguraIon and zero days (Q3’13 Beta) Mobile Device Security & Compliance Cloud Security Agent scalable to millions of devices (Q3’13 Beta-‐ on Windows) Web ApplicaIon AnalyIcs Big data correlaIon cloud backend to correlate all applicaIon info (Q1’14 Beta) Secure Web Gateway/URL/Content Filtering Based on the QualysGuard Cloud PlaEorm and Cloud Security Agent (Q1’14 Beta) Web Exploit/RemediaIon Console Verifies vulnerabiliIes, generates exploits and integrates with Burp Suite (Q4’13 Beta) Malware ProtecIon Services Alert on Malware Threats and APT (Q2’14 Beta)
3
![Page 4: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/4.jpg)
ConInuous Perimeter Monitoring
• New metaphor for Perimeter Security (Data/Event Driven)*
• ConInuous network mapping and low profile vulnerability scanning of Internet Perimeter
• Instant noIficaIon on any Perimeter fingerprint changes: • New IP discovered • New TCP/UDP port/service open • New version of OS or App • New vulnerability discovered
*Launch at the Qualys Security Conference Sept 2013
4
![Page 5: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/5.jpg)
Mobile Device Security & Compliance agent
• First-‐Ime-‐ever Agent-‐based soluIon from Qualys (runs as SaaS)
• Periodic Security & Compliance audit of mobile devices (plaEorms) configuraIon
• Pilot version for Windows 7/8 plaEorms • Next version for Mac OS (H1-‐2014) • Android, iOS, Windows Mobile (H1-‐2014)
5
![Page 6: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/6.jpg)
DETECTION PREVENTION
R
EMED
IATI
ON
F O R E N S I C S
Web App Scanning Malware Detection Web Application Firewall
Explo
its
BU
RP Su
ite
Sou
rce Co
de
Log Analysis
WEB APPS
Qualys Strategy for Web App Security
• Detec@on – WAS, MDS
• Protec@on – WAF*
• Monitoring/Forensics – Log Analysis*
• Remedia@on – Interac4ve Tes4ng Tools* – Remedia4on Workflow* – SCA Correla4on*
6
*Services in development
![Page 7: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/7.jpg)
DETECT ANALYZE
P
ROTE
CT
C O M P LY
Discovery Catolog Vuln App Scanning Malware Detection
W
eb Ap
p Fire
wall
PCI OWASP
WEB APPS
Benefits of QG WAS Approach QualysGuard plaEorm delivers integrated soluIons
• Distributed Scanning – Cloud/Internal/Virtual
• Highly Automated – Integrated Browser
• Accurate – Low False-‐PosiIve Rate
• Integrated – Reuse QA Selenium FuncIonal TesIng Scripts
7
![Page 8: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/8.jpg)
8
Web ApplicaIon Scanning 3.0 Integrates Malware DetecIon and Burp Suite
Large deployments at Microsoe and others
![Page 9: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/9.jpg)
QG WAS Today Best PracIces Scanning SoluIon
• Collabora@on – Involve all the ApplicaIon Stakeholders
• Ease of Use – Dashboard/Wizards/Context sensiIve
• Vulnerability Metrics – Tag based reporIng – Configurable Formats
9
![Page 10: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/10.jpg)
QG WAS 3.0 Integrated Website Malware Monitoring
• Malware Protec@on – Safeguard your website users and brand reputaIon
• 4 Detec@on Techniques – AnIvirus – for documents – HeurisIc – ReputaIon – Behavioral
• Addresses – Zero Day Risk
10
![Page 11: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/11.jpg)
QG WAS 3.0 Aiack Proxy IntegraIon – Phase 1
• Store and manage – Burp scan data – Share safely
• Act on Burp scan findings – Associate with web app – Mark as risk accepted, etc – Filter based on aiributes
11
![Page 12: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/12.jpg)
QG WAS DirecIons in 2013/2014 Full Web App TesIng SoluIon
• Addi@onal Interac@ve Tools Support (Burp/ZAP) – Store Manual Findings – Trend/Report with Automated findings
– Complete Web App TesIng Picture
– Send WAS Aiack Requests to aiack proxies
• Remedia@on Workflow • SCA Correla@on
12
![Page 13: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/13.jpg)
QG WAS Release Timeline
WAS 2.1 Selenium
Authentication November
2011
WAS 2.2 APIs
January 2012
WAS 2.3 Selenium
Crawl Scripts
April 2012
WAS 2.3.1 Workflow
Enhancements July 2012
WAS 2.3.2 Web App
Management Oct 2012
WAS 2.4 Reporting
Enhancements Dec 2012
WAS 3.0 Malware Scanning and Burp
Scan Results Q2 2013
7 Releases Since November 2011
![Page 14: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/14.jpg)
QG WAS Roadmap US release targets (EU approx 15 days later)
WAS 3.0 Q2 2013
• Malware Scanning • Configure Malware
scanning of external websites
• Notify subscription owners when Malware identified
• Import Burp Pro Scanning Results • Store Burp and WAS
results in one place • Browse Burp Findings
WAS 3.1 Q2/Q3 2013
• Tree Control to display the site map (collapsable/drillable) • Current statuses • Create web app from
branch • Black list for branch • Filter views • Single (latest) scan for web
app level, scans have their own
• Dedicated Authentication Records
WAS 3.2 Q3 2013
• User Defined Vulnerability Definitions in Qualys • Users to define attributes
of vulnerabilities - by subscription
• Define description, impact, solution, severity level etc
• Enable user defined vulnerabilities and evidence to be associated with web app
• Detection API (tenative) • Limit scans to time limit
(user specifies end date/time)
![Page 15: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/15.jpg)
QG WAS Customers: • Use VM to discover vulnerabiliIes on OS,
TCP/UDP layer and Web Server Engines (IIS, Apache, … )
• Deploy virtual patches to WAF using the vulnerabiliIes idenIfied in WAS – WAS already supports Imperva, F5, Citrix
• Combine WAS and MDS scanning of sites • WAF to provide WAS/MDS with site resource
structure to ensure complete scanning coverage
• WA Log Analyzer integraIon – entering the SIEM in SaaS model
• WA SCA Analyzer integraIon -‐ Service Component Architecture assessment.
WAS
VM
QG Web App Security SoluIons Seamless integraIon with other Qualys services
15
MDS
WA LogA
WAF
WA SCA
![Page 16: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/16.jpg)
hip://www.qualys.com/waf
QG Web ApplicaIon Firewall (Beta 2 for Amazon EC/2 and VMware) § Hybrid Cloud WAF
– Provides protecIon against known and emerging web applicaIon threats, and helps increase web site performance through caching, compression and content opImizaIon, with no equipment needed.
§ Benefits – Zero/Low-‐footprint, low cost
deployment – Ease of use, ease of maintenance – Real-‐Ime aiack prevenIon
Virtual patching and applicaIon hardening
16
![Page 17: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/17.jpg)
• AYack detec@on and preven@on − Security policy enforcement − ApplicaIon hardening − Spam and malware detecIon − InformaIon leakage detecIon − ConInuous passive applicaIon
scanning
QG Web App Firewall Stop unwanted traffic and prevent informaIon leakage
17
![Page 18: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/18.jpg)
QualysGuard Private Cloud PlaEorm (VCE VBLOCK ImplementaIon)
18
24x7x365 Monitoring and Support
Daily Vulnerability Feeds
Bi-‐quarterly PlaEorm Updates SOC
VMware ESX and ESXi
§ VCE = VMware + Cisco + EMC plaEorm § Extends the reach of Qualys by
enabling MSSPs, large Enterprises, Government or Military agencies to deploy the QualysGuard Cloud plaEorm in their own data center.
§ Remotely provided by Qualys as SaaS
service: § Fully Connected § Semi Connected § Fully Disconnected
![Page 19: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/19.jpg)
19
Security Operations Center: 24x7x365 Operation, Administration and Maintenance (OAM)
Platform Software Update (iterations every 6 weeks)
QualysGuard Private Cloud Platform
Vulnerability Office Daily Updates
Qualys or customer IPsec VPN Endpoint
Optional customer firewall for filtering and logging
Qualys platform firewall filtering VPN access
Qualys platform firewall filtering service access
Optional customer access gateway or bastion host configured to suit customer authentication and logging requirements
Qualys platform IPS filtering service access
Qualys platform IPS filtering VPN access
Optionally customer can gate SOC access to the platform, only allowing access when required by Qualys through a change management request
Private Cloud OperaIon and Maintenance
![Page 20: QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-2013/H1-2014](https://reader033.fdocuments.in/reader033/viewer/2022051322/54559265af795998788b4939/html5/thumbnails/20.jpg)
Qualys Cloud Deployment Model
20