Embed Size (px)
DESCRIPTION
Citation preview
Marek Skalicky, CISM, CRISC
Managing Director for Central Eastern Europe
Qualys GmbH September, 2013
QualysGuard RoadMap for H2-‐2013/H1-‐2014
Transforming IT Security & Compliance
Uses the Extensible QG Cloud PlaEorm
2
Expanding to Real-‐Time Big Data and CorrelaIon
Leveraging the PlaEorm New Services in Development ConInuous Perimeter Monitoring
Alerts in real Ime of new vulnerabiliIes, misconfiguraIon and zero days (Q3’13 Beta) Mobile Device Security & Compliance Cloud Security Agent scalable to millions of devices (Q3’13 Beta-‐ on Windows) Web ApplicaIon AnalyIcs Big data correlaIon cloud backend to correlate all applicaIon info (Q1’14 Beta) Secure Web Gateway/URL/Content Filtering Based on the QualysGuard Cloud PlaEorm and Cloud Security Agent (Q1’14 Beta) Web Exploit/RemediaIon Console Verifies vulnerabiliIes, generates exploits and integrates with Burp Suite (Q4’13 Beta) Malware ProtecIon Services Alert on Malware Threats and APT (Q2’14 Beta)
3
ConInuous Perimeter Monitoring
• New metaphor for Perimeter Security (Data/Event Driven)*
• ConInuous network mapping and low profile vulnerability scanning of Internet Perimeter
• Instant noIficaIon on any Perimeter fingerprint changes: • New IP discovered • New TCP/UDP port/service open • New version of OS or App • New vulnerability discovered
*Launch at the Qualys Security Conference Sept 2013
4
Mobile Device Security & Compliance agent
• First-‐Ime-‐ever Agent-‐based soluIon from Qualys (runs as SaaS)
• Periodic Security & Compliance audit of mobile devices (plaEorms) configuraIon
• Pilot version for Windows 7/8 plaEorms • Next version for Mac OS (H1-‐2014) • Android, iOS, Windows Mobile (H1-‐2014)
5
DETECTION PREVENTION
R
EMED
IATI
ON
F O R E N S I C S
Web App Scanning Malware Detection Web Application Firewall
Explo
its
BU
RP Su
ite
Sou
rce Co
de
Log Analysis
WEB APPS
Qualys Strategy for Web App Security
• Detec@on – WAS, MDS
• Protec@on – WAF*
• Monitoring/Forensics – Log Analysis*
• Remedia@on – Interac4ve Tes4ng Tools* – Remedia4on Workflow* – SCA Correla4on*
6
*Services in development
DETECT ANALYZE
P
ROTE
CT
C O M P LY
Discovery Catolog Vuln App Scanning Malware Detection
W
eb Ap
p Fire
wall
PCI OWASP
WEB APPS
Benefits of QG WAS Approach QualysGuard plaEorm delivers integrated soluIons
• Distributed Scanning – Cloud/Internal/Virtual
• Highly Automated – Integrated Browser
• Accurate – Low False-‐PosiIve Rate
• Integrated – Reuse QA Selenium FuncIonal TesIng Scripts
7
8
Web ApplicaIon Scanning 3.0 Integrates Malware DetecIon and Burp Suite
Large deployments at Microsoe and others
QG WAS Today Best PracIces Scanning SoluIon
• Collabora@on – Involve all the ApplicaIon Stakeholders
• Ease of Use – Dashboard/Wizards/Context sensiIve
• Vulnerability Metrics – Tag based reporIng – Configurable Formats
9
QG WAS 3.0 Integrated Website Malware Monitoring
• Malware Protec@on – Safeguard your website users and brand reputaIon
• 4 Detec@on Techniques – AnIvirus – for documents – HeurisIc – ReputaIon – Behavioral
• Addresses – Zero Day Risk
10
QG WAS 3.0 Aiack Proxy IntegraIon – Phase 1
• Store and manage – Burp scan data – Share safely
• Act on Burp scan findings – Associate with web app – Mark as risk accepted, etc – Filter based on aiributes
11
QG WAS DirecIons in 2013/2014 Full Web App TesIng SoluIon
• Addi@onal Interac@ve Tools Support (Burp/ZAP) – Store Manual Findings – Trend/Report with Automated findings
– Complete Web App TesIng Picture
– Send WAS Aiack Requests to aiack proxies
• Remedia@on Workflow • SCA Correla@on
12
QG WAS Release Timeline
WAS 2.1 Selenium
Authentication November
2011
WAS 2.2 APIs
January 2012
WAS 2.3 Selenium
Crawl Scripts
April 2012
WAS 2.3.1 Workflow
Enhancements July 2012
WAS 2.3.2 Web App
Management Oct 2012
WAS 2.4 Reporting
Enhancements Dec 2012
WAS 3.0 Malware Scanning and Burp
Scan Results Q2 2013
7 Releases Since November 2011
QG WAS Roadmap US release targets (EU approx 15 days later)
WAS 3.0 Q2 2013
• Malware Scanning • Configure Malware
scanning of external websites
• Notify subscription owners when Malware identified
• Import Burp Pro Scanning Results • Store Burp and WAS
results in one place • Browse Burp Findings
WAS 3.1 Q2/Q3 2013
• Tree Control to display the site map (collapsable/drillable) • Current statuses • Create web app from
branch • Black list for branch • Filter views • Single (latest) scan for web
app level, scans have their own
• Dedicated Authentication Records
WAS 3.2 Q3 2013
• User Defined Vulnerability Definitions in Qualys • Users to define attributes
of vulnerabilities - by subscription
• Define description, impact, solution, severity level etc
• Enable user defined vulnerabilities and evidence to be associated with web app
• Detection API (tenative) • Limit scans to time limit
(user specifies end date/time)
QG WAS Customers: • Use VM to discover vulnerabiliIes on OS,
TCP/UDP layer and Web Server Engines (IIS, Apache, … )
• Deploy virtual patches to WAF using the vulnerabiliIes idenIfied in WAS – WAS already supports Imperva, F5, Citrix
• Combine WAS and MDS scanning of sites • WAF to provide WAS/MDS with site resource
structure to ensure complete scanning coverage
• WA Log Analyzer integraIon – entering the SIEM in SaaS model
• WA SCA Analyzer integraIon -‐ Service Component Architecture assessment.
WAS
VM
QG Web App Security SoluIons Seamless integraIon with other Qualys services
15
MDS
WA LogA
WAF
WA SCA
hip://www.qualys.com/waf
QG Web ApplicaIon Firewall (Beta 2 for Amazon EC/2 and VMware) § Hybrid Cloud WAF
– Provides protecIon against known and emerging web applicaIon threats, and helps increase web site performance through caching, compression and content opImizaIon, with no equipment needed.
§ Benefits – Zero/Low-‐footprint, low cost
deployment – Ease of use, ease of maintenance – Real-‐Ime aiack prevenIon
Virtual patching and applicaIon hardening
16
• AYack detec@on and preven@on − Security policy enforcement − ApplicaIon hardening − Spam and malware detecIon − InformaIon leakage detecIon − ConInuous passive applicaIon
scanning
QG Web App Firewall Stop unwanted traffic and prevent informaIon leakage
17
QualysGuard Private Cloud PlaEorm (VCE VBLOCK ImplementaIon)
18
24x7x365 Monitoring and Support
Daily Vulnerability Feeds
Bi-‐quarterly PlaEorm Updates SOC
VMware ESX and ESXi
§ VCE = VMware + Cisco + EMC plaEorm § Extends the reach of Qualys by
enabling MSSPs, large Enterprises, Government or Military agencies to deploy the QualysGuard Cloud plaEorm in their own data center.
§ Remotely provided by Qualys as SaaS
service: § Fully Connected § Semi Connected § Fully Disconnected
19
Security Operations Center: 24x7x365 Operation, Administration and Maintenance (OAM)
Platform Software Update (iterations every 6 weeks)
QualysGuard Private Cloud Platform
Vulnerability Office Daily Updates
Qualys or customer IPsec VPN Endpoint
Optional customer firewall for filtering and logging
Qualys platform firewall filtering VPN access
Qualys platform firewall filtering service access
Optional customer access gateway or bastion host configured to suit customer authentication and logging requirements
Qualys platform IPS filtering service access
Qualys platform IPS filtering VPN access
Optionally customer can gate SOC access to the platform, only allowing access when required by Qualys through a change management request
Private Cloud OperaIon and Maintenance
Qualys Cloud Deployment Model
20
