QualysGuard Malware Detection Service – Enterprise Edition
1. QualysGuard Malware Detection
®
Service – Enterprise Edition
Marek Skalicky, CISM, CRISC
Regional Account Manager for Central & Adriatic Eastern Europe
2. Why MDS?
Thousands of sites are infected
daily
“Malvertising”- Exploits hidden
inside legitimate looking ads
Malware propagates to the
visitors of the site
Unknown malware is hard to
recognize
Do you know if your site is
serving Malware?
1
3. MDS Benefits
Avoid your site from being blacklisted
0-day defense
Prevents visitors from getting infected
Brand reputation
Protects against a loss of revenue
SaaS - Nothing to install or download
2
4. MDS service tiers
• Single site
• Domain and email address of user must match
• 5 scans
Free • No scheduled scans, no support
• 30 day trial
• Up to 20 sites, 1000 pages per site
Enterprise • Sites can be be “unvalidated”- users sign terms and agreement
Edition Trial • After 30 days, gets downgraded to Free version
• 1000 pages by default
• More blocks can be purchased (consult your TAM)
Enterprise
Edition
3
5. MDS activity
1. Enter URL
You plug in your URL 2. We breadth crawl URL (we stay in the
domain)
3. We do both behavioral and static
analysis
4. Qualys will email user if Malware is
found.
Qualys Virtual
Machine Farm
4
6. MDS Analysis - Static
Encoded JavaScript
Document.write with obfuscation
Web Bugs
Vulnerable Control Instantiation
Character encoding on inline frames
5
7. MDS Analysis - Behavioral
Microsoft Windows registry keys being written
Rogue processes being started
Programs being installed and started
Files being written to disk
6