Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys

Copyright © 2014 Splunk, Inc.


Vulnerability Management leicht gemacht

mit Splunk und Qualys

Copyright © 2014 Splunk, Inc. 2

Ihr Webcast Team

Kai-Ping SeidenschnurSenior Sales Engineer

[email protected]

Thomas WendtTechnical Account Manager

[email protected]


Agenda

• Splunk kurzer Überblick• Qualys Vulnerability Management• Demo Qualys VM• Demo Auswertung mit Splunk• Q&A


GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases

Splunk: Platform For Machine Data

Report and

analyze

Custom dashboards

Monitor and alert

Ad hoc search

Splunk storage

Real-time

Machine Data

Sensors, Telematics, Storage, Servers, Security devices, Desktops, CDRs

DeveloperPlatform

Other Big Data stores

4


Splunk is Used Across IT and the Business

ITOps

Security ComplianceApp

MgmtWeb

Intelligence

Business Analytics

5


Splunk Security Use CasesMore than a SIEM; a Security Intelligence Platform

6

ITOperations

Application Delivery

Business Analytics

Industrial Data and

Internet of Things

Business Analytics

Industrial Data and

Internet of Things

Security, Compliance,

and Fraud

SECURITY &

COMPLIANCE REPORTING

MONITORING OF KNOWN

THREATS

ADVANCED THREAT

DETECTION

INCIDENT INVESTIGATIO

NS & FORENSICS

FRAUD DETECTION

INSIDER THREAT

AV CLEAN UP

VERIFICATION

USER ACTIVITY MONITORING

ALERT & MALWAREVALIDATIO

N

MALWARE & MALICIOUS CALLBACKS

EMAIL ATTACK DETECTION


120+ security appsSplunk App for Enterprise Security

Products: Splunk Enterprise + Apps

Palo Alto Networks

Qualys App FireEye

Blue Coat Proxy SGTHOR

Cisco Security Suite

Active Directory

F5 Security Juniper

Sourcefire

Snort

Asset Discovery

7

http://www.google.com/url?sa=i&rct=j&q=windows+image&source=images&cd=&cad=rja&docid=z3myVEI98mnMeM&tbnid=HNR7NeVJvUk-4M:&ved=0CAUQjRw&url=http://calibre-ebook.com/download&ei=mm8FUs3kCYe_igLupoHwDQ&bvm=bv.50500085,d.cGE&psig=AFQjCNHH3naLLWaYwHjBrfxvMl0XaMZUUg&ust=1376174358242651


Warum zeitnahes Patchen?


Qualys Introduction

Corporate PresentationThomas Wendt

Continuous Security for a Global World

11

Qualys at a Glance

6,700+ Customers 100+ Countries $108M 2013

Revenues

QualysGuard Cloud Platform & Suite of Integrated Solutions

Continuous and Unified View of Security and Compliance

Application Engines

ASSETDISCOVERY

NETWORKSECURITY

WEB APPSECURITY

THREATPROTECTION

COMPLIANCE

MONITORING

Passive Physical Virtual Cloud Mobile Agent

Sensors

Delivering Continuous SecurityWith a Cloud Oriented Architecture

Physical Data Centers

Virtual Data Centers

Remote Offices

Mobile Users

Cloud Data Centers

Qualys Cloud PlatformPrivate Cloud Version for Data Sovereignty

On Premise

Same Codebase

Qualys Managed

Disconnected (2015)On EC2 and AZURE (2015)

VMware ESX and ESXi

24x7x365 Monitoring and Support

Daily Vulnerability Feeds

Bi-quarterly Platform Updates

SOC

Platform Evolution

Vulnerability Management

Policy Compliance

PCI Compliance

Web Application Scanning

Web Application Firewall

16

http://www.ncircle.com/

Qualys Extensible Cloud Back-End

1+ Billion scans 50+ Billion detections400+ Billion security data points

2015 New Services Delivery

18

CONTINUOUS ASSET

DISCOVERY

NETWORKSECURITY

WEB APPSECURITY

THREATPROTECTION

COMPLIANCEMONITORING

Gartner (June) - Continuous Asset Discovery and Categorization Module with integration with CMDB (ServiceNow)

February - Continuous Monitoring of Critical Assets (Internal)March – Splunk IntegrationRSA (April) – Cloud Agent for VM (Windows servers and clients)

February – Progressive Scanning for large Web ApplicationsRSA (April) – Web Application Firewall 2.0 with virtual patching and dedicated hardware appliance

Gartner (June) - Log Management and Data Analytics ModuleBlackHat (July) – Advanced Malware Protection Service with sandboxing, automated malware analysis and asset correlation

RSA (April) – Cloud Agent for Policy Compliance

New Products

19

Cloud Agent Provides a new platform for continuous assessment of your security posture on laptops, workstations and servers, leveraging existing Qualys Cloud Suite applications such as VM, PC, and CM.

Log ManagementOur security-focused SIEM which aligns with our threat protection initiative, allowing for a single-pane of glass view of events captured by our various sensors.

Malware Protection ServiceOpens a new chapter for the detection of malware and the many advantages Qualys provides by correlating results with other data sources from the rich suite of products

Passive ScanningA new paradigm on asset discovery ensuring an accurate method for network discovery and automated asset classification dynamically re-building your logical platform while multiplying the feature set of options available in the Qualys platform

Updates run on a new cycle every weeks ensuring at the very minimum new version iterations every calendar year.

86

Continuous Perimeter MonitoringNew paradigm for VMData/Event Alerts

20

Qualys Cloud Agent PlatformVisibility Across Globally Distributed Networks

21

• Light-weight agent (1MB) for

on premise systems

dynamic cloud environments

mobile endpoints

built to scale to millions of devices

• Centrally managed, self updating

21

Unique Advantages of a Cloud Based Delivery Model

GLOBAL DELIVERYUNIFIED

BEST OF BREEDSOLUTIONS

CONTEXTUALCORRELATIONSPEED & ACCURACY

LOWER TCO

FASTER TIMETO MARKET

22

Thank You


Qualys Demo


ChallengesVulnerabillity Management is often a manuel proccess in OrganizationsVulnerability Management is most of the time seen as responsability of one departementOften priorities of other topics are on topThe risk is not always seen or properly scoredNo correlation of vulnerable systems to other security solutions


Splunk, The Platform For Machine Data

Report and

analyze

Custom dashboards

Monitor and alert

Ad hoc search

Real-time

Machine Data

26

DeveloperPlatform

Lookups & Context

Threatfeeds

Asset Info

EmployeeInfo

Datastores

Network Segments / Honeypots


Qualys App for Splunk Enterprise

Single pane of glass visual of Qualys scans & data

Built-in sample Reports/Dashboards

Search VM scan data and corresponding meta-data

Leverage Splunk search to find trends and correlate with other data sources


Splunk Demo


Qualys & SplunkReal-time monitoring of Vulnerability scans data in Splunk EnterpriseCorrelation of Qualys scan data with other data sources in Splunk– Improve Security Posture:

Risk scores, KSI– Mitigate against threat

vectors


Qualys & Splunk BenefitsSplunk Enterprise Security can be used as consistent, repeatable and measurable proccess. Vulnerability Management and awareness can be distributed to system owners for reaction and management with Security KPI‘s for monitoringAttacks from IDS/IPS Solutions against vulnerable systems can be correlated and risk can be made visible (you‘ll see a visualization from NASDAQ in a minute)


Sample Nasdaq - Heartbleed


Contact Us

Kai-Ping SeidenschnurSenior Sales Engineer

[email protected]

Thomas WendtTechnical Account Manager

[email protected]

Free Qualys Trial:www.qualys.com

Free Qualys Splunk App: Apps.splunk.com


Thank you!

Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys

Software

Transcript of Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys