Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
QUALYS SECURITY CONFERENCE 2020
Prateek BhajankaVP, Product Management | VMDRQualys, Inc.
Vulnerability Management Detection & Response(VMDR)
“A Vulnerability is only as bad as the Threat exploiting it
and the Impact
on the organization”
Qualys Security Conference2
Challenges with Vulnerability Management
Overwhelming number of vulnerabilities
No Vulnerability to Patch correlation
CVSS and CVE being too skewed
Vulnerability Assessment as a feature
Penetration testing being used Interchangeably with VM
No Single platform
Qualys Security Conference3
CVSS Confession
Vulnerability Management Lifecycle
Vulnerability Management
Threat Risk and Prioritization
Patch Management
Asset Inventory
Do you know what all your assets are and where they are?
Do you know the type and amount of open vulnerabilities?
Can you prioritize remediation based on threat intelligence?How can you deploy patches to close high-
impact vulnerabilities?
PeopleProcess
Tools
WannaCry Timeline and Remediation
0
100
200
300
400
500
600
700
3/14
3/21
3/28
4/44/1
14/1
84/2
55/2 5/9
5/16
5/23
THO
USA
NDS EternalBlue
ExploitWannaCryMS17-010 Patch Release
Authenticated Scan / Agent Detection
New Remote DetectionRemediation from
VM/Patch processes
Flat Remediation
“Emergency”
Patching
One solution to Discover, Assess, Prioritize and Patch critical vulnerabilities
Asset DiscoveryDetect known and unknown assetsWorkflow to add an unmanaged asset as a managed asset
Asset InventoryHardware, operating system, and application inventory for all assets
Asset Normalization and Categorization
Normalize Inventory data by common attributesCategorize by vendor, version, type
Vulnerability ManagementDetect vulnerabilities by QIDCVE-to-QID mappingCVSSv2 and CVSSv3 base scores
Security Configuration AssessmentCIS BenchmarksSecurity-related misconfigurations
PrioritizationUsing real-time threat contextReal-world exploitsProof of ConceptsExploit categorizationExploit severity
Machine Learning
Contextual Awareness
RemediationAutomatically correlate vulnerabilities to patchesEnd-to-end User Interface workflowsFit-for-purpose visualizations and recommendationsOrchestration for remediation
QUALYS SECURITY CONFERENCE 2020
Prioritization Engine –Machine LearningPython and Tensor FlowDataset of 120,000+ Vulnerabilities
132 Vulnerability FeaturesLive Exploits / POCsHistorical Threat PatternsHistorical Vulnerable Software/VendorDark Web and Social Media ReferencesQualys Security ResearchersLearns New Patterns and Intelligence Daily
Qualys Security Conference14
“The more time you spend on activities with low impact,the less time you have for higher impact activities”
Qualys Security Conference15
Qualys Insights
VulnPriority Score
Dark Web & Social Media
Exploits/Threat Feeds
120K + Vulnerabilities
ML Model
Contextual Awareness
Your Network is Unique to You
External Facing AssetsNetwork Reachability / Cloud Security GroupsZero-Trust Networking / BeyondCorpBusiness / Customer ApplicationsData Sensitivity and Data Access GovernanceAsset System Configuration Security Control Validation
Qualys Security Conference17
Asset Summary
Qualys Asset Vuln Priority Score
Asset Exposure
Security Controls
Vuln Priority Score
Correlation Engine
VMDR comes with much more
Unlimited Cloud AgentsUnlimited Container SensorsUnlimited Passive SensorsCertificate InventoryCloud InventoryContainer InventoryMobile Device Inventory
Qualys Security Conference19
Available February 2020
Asset CategorizationAsset NormalizationConfiguration AssessmentCIS BenchmarksContinuous MonitoringPatch Detection and CVE Correlation
VMDRConcept Demo
Industry terms or Acronyms
RBVM - Risk based approach to VMTCVM - Threat Centric Vulnerability Prioritization or ManagementVPT - Vulnerability Prioritization TechnologiesTVM - Threat and Vulnerability ManagementSecurity PostureASM - Attack Surface ManagementPenetration Testing
November 20-21, 2019Qualys Security Conference21