Japan IT Week 2024 Brochure by 47Billion (English)
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
1. QualysGuard Suite 7.0
Updates and New features
Marek Skalicky, CISM, CRISC
Regional Account Manager for Central & Adriatic Eastern Europe
2. QualysGuard® SaaS Applications
Enterprise SMB Freemium Services
QualysGuard On Demand Portal
Analyze Comply Monitor Prevent
Vulnerability Mgmt. Policy Compliance Web Application Logs Web App. Firewall*
Web App Scan PCI Compliance Botnet Detection*
Malware Detection Qualys Seal
SSL Labs SCAP / FDCC
Zero days analyzer Compliance Mgmt*
QualysGuard SaaS Technology Platform
Scanners & Collectors Open APIs, Web Services & Integrations
3. QualysGuard Architecture Updates
Security Operations Center (SOC) Private Clouds (PC) Future SOC and PC
EU SOC
PC
PC
PC EU SOC
US SOC
PC PC
PC US SOC PC
PC PC
PC
SOC
PC
PC
New Backup SOCs in US and EU
4. QualysGuard Global
Infrastructure
Virtual vScanner and Virtual Private SOC
QualysGuard SW
Virtual Scanner
QualysGuard SW
Virtual Private SOC
World’s Largest global Vulnerability Management deployment at Daimler
- 293 scanner appliances scanning over a million IPs in 80 locations
Performing 600+ Million IP scan and maps per year
4
5. Private Cloud - @Customer HW SOC
Qualys Supplied Hardware installed at customers premises
Front Office UI Back Office UI QualysGuard API
Virtualized Web
Distribution Reporting JobD Bus • vmware and Application
Layer
Monitoring Logging
• DB Audit Vault
• Virtual Private DB Database Layer
Reports Core Portal
Platform • Redundant and Secure Network Core
• High Availability • Redundant Service Infrastructure Infrastructure
• Secure Network • Redundant Database Infrastructure Layer
6. Private Cloud – Virtual SOC (Q2 2012)
Customer Supplied Hardware Virtualization platform
Front Office UI Back Office UI QualysGuard API
• vmware Virtualized Web and
Distribution Reporting JobD Bus
Application Layer
Monitoring Logging
• DB Audit Vault Virtualized
• Virtual Private DB Database Layer
Reports Core Portal
Infrastructure
Layer
Customer Infrastructure
7. New QualysGuard Virtual Scanner
Running on Virtualized platforms including laptops
Supported Virtual Platforms:
• Oracle Virtual Box (Open Source)
• VMware ESXi, ESX, Workstation, Player,
Fusion, vCenter, vSphere
• Microsoft Hyper-V (Coming soon)
• Citrix XenServer 6.0 (Coming soon)
RESOURCES - MINIMUM
• 1 x vCPU core
• 1 GB RAM
• 1 x 40GB virtual HDD
RESOURCES - RECOMMENDED
• 2 x vCPU cores
• 4 GB RAM
• 1 x 40GB virtual HDD
CONFIDENTIAL | 7
8. Password Vaults Integration
Password Vaults Integration
For GQ authenticated scanning
Local encrypted credentials storage
Very easy to implement
1 day project including C-A
implementation
References: Rabobank, Discover, CNB
Password Vaults Technologies
Cyber-Ark PIM Suite
Thycotic Secret Server
… others coming soon
9. VeriSign VIP Two-factor Authentication
1) Download free SW Token 2) Edit user settings in QG
https://vipmobile.verisign.com/supportedphones.v
3) Login with VeriSign VIP
10. QualysGuard Web 2.0 UI
Dynamic and Role Based UI
Common User Experience Across all Applications
− Interactive Dashboards − Context-based UI
− Powerful Workflows − Actionable Menus & Filters
10
12. QualysGuard Suite of SaaS Services
AUTOMATE
- Asset Management (ICT Asset Discovery, Tagging and Prioritization)
- Risk Management (ICT Vulnerability Analyses, Remediation, Verification)
- Compliance Management (ICT Configuration Standards and Audits)
… by SaaS Service on your request, demand, price and scope!
CONFIDENTIAL | 12
13. Qualys Asset Management
(patent pending)
Powerful ability to manage,
search and tag assets
− Organizing ICT Assets using Tags
- Static and Dynamic asset tagging
- Hierarchical asset tagging
− Uses existing VM scan data
− Integrated with existing QG apps.
Asset Tagging/Searching/Reporting
based on
- platforms, applications, services
- IT responsibility
- Based on locality
- Based on Business Processes
CONFIDENTIAL | 13
16. QualysGuard Suite of SaaS Services
AUTOMATE
- Asset Management (ICT Asset Discovery, Tagging and Prioritization)
- Risk Management (ICT Vulnerability Analyses, Remediation, Verification)
- Compliance Management (ICT Configuration Standards and Audits)
… by SaaS Service on your request, demand, price and scope!
CONFIDENTIAL | 16
17. Qualys Vulnerability Management
New UI and Asset Tagging
Market leader since 2008
Gartner, IDC, Forrester, Frost & Sullivan
SC Magazine best Vulnerability Mgt
solution 6 years in a row
Full VM Cycle
• Free and unlimited network discovery
• Discover, group, & prioritize network assets
• Identify vulnerabilities, exploits, malware,
patches, & unsupported technologies
• Prioritize, execute & audit remediation
• Automate reporting, trending, & alerting
13,000+ signatures covering 55K+
vulnerabilities, updated daily
18. Zero-Day Analyzer for VM
GA – April in Europe
Zero-Day Analyzer for VM
Allows customers to analyze zero-day threats
and estimate their impact on their assets and
critical systems based on information
collected from previous scan results.
Benefits
Latest signatures for iDefense exclusive zero-
day threats
Customizable alerting and email notifications
Actionable data with estimates about what
systems are at risk
http://www.qualys.com/zero-day
18
19. QualysGuard Suite of SaaS Services
AUTOMATE
- Asset Management (ICT Asset Discovery, Tagging and Prioritization)
- Risk Management (ICT Vulnerability Analyses, Remediation, Verification)
- Compliance Management (ICT Configuration Standards and Audits)
… by SaaS Service on your request, demand, price and scope!
CONFIDENTIAL | 19
20. Qualys Policy Compliance Management
New UI and Asset Tagging
New Consultant customs Reports
Golden Image Policy
2300+ controls over 50 platforms
User controls for Win/Unix
21. Customizable Questionnaires for PC
Beta available
Custom Questionnaires
Enables customers to easily build
questionnaires using the Unified Compliance
Framework (UCF), as well as leverage
existing business process workflows to
evaluate controls, gather documents and
evidence and validate compliance.
Benefits
Automation of manual assessments
Ability to define/customize audit work flow
Industry leading policy repository of nearly
1000 standards and regulations via UCF
http://www.qualys.com/forms/questionnaires/
21
22. Free Premium Services and Qualys
Open-Source research activities
“QualysGuard Freemium Suite”
CONFIDENTIAL | 22
23. New Qualys FreeScan for Web Sites
5 External Scans for your
Perimeter and Web site:
• IP Vulnerability Scan
• Web Application Vulnerability
• Web Application Malware scan
• Full Reporting functionality
Register here: http://www.qualys.com/forms/freescan/
24. Free BrowserCheck Business Edition
Audit state of browsers
security in the enterprise
• Simple & Scalable
• Multiple platform & browsers
• Multiple Browser Plugins
• Centralized Reporting
• No SW/HW to install!
Register here: http://www.qualys.com/forms/browsercheck-
business-edition/
25. Free SSL Lab Audit Service
Audit implementation of
SSL protocol on you Web
• Certificate Validity and Trust
• SSL Protocol version support
• Encryption Cipher Strength
• Encryption Key Exchange
• SOLUTION description
• Risk of Attack description
Register here: http://www.ssllabs.com
26. Qualys Global Community
Join us at https://community.qualys.com
Total Members
4500
4000
3500
3000
2500
2000
1500
1000
500
0
24.7
24.8
24.9
24.1
24.2
24.3
24.4
24.5
24.6
24.7
24.8
24.9
24.10
24.11
24.12
24.10
24.11
24.12
26