Vulnerability Management Best Practices - Qualys

1y ago
23 Views
2 Downloads
1.03 MB
20 Pages
Last View : 22d ago
Last Download : 6m ago
Upload by : Ellie Forte
Transcription

Vulnerability ManagementBest PracticesEric LevinVP Product Marketing, Qualys Inc.June 20041

Agenda Vulnerability Management Defined Vulnerability Management Goals Vulnerability Management Best Practices Enterprise Vulnerability Management SolutionRequirements QualysGuard At a Glance Questions / Answers2

Vulnerability Management Defined Vulnerability Management consists of the end-to-endprocesses from discovering your network, to assessingyour assets, analyzing the results and remediating yourexposures3

Vulnerability Management Defined by Gartner4

Vulnerability Management Goals Proactively identify vulnerabilities in hopes ofremediating them before they are exploitedmanually (hacker) or automatically (worm / virus) Accurately understand the risk to the enterpriseso mitigation can be prioritized– At any given point in time– Trending over time Augment, complement, & enhance other securitysolution investments (e.g. IDS, AV, FWs, etc.)5

Vulnerability Management Best Practices1. Know Your Network2. Automate– Assess Consistently– Assess Regularly3. Integrate4. Distribute Use– Individuals– Scan Engines5. Report on risk and vulnerabilities6

Step 1: Know your Network Map your network, discover your hosts– Much of the network risk is introduced by unknowndevices or devices that are not owned / companymanaged Examples: pseudo-appliances, consultant’s & contractor’slaptops, non-standard or approved IP devices Deploy vulnerability scanners where necessary– Don’t limit your ability to assess risk to your enterpriseby not having vulnerability scan engines where theyare required– Must put dedicated scanners on the Internet, in eachDMZ, and on the internal network7

Step 2: Automate - Assess Consistently VM can be used to secure your enterpriseproactively if you scan consistently Inconsistent scanning leads to false positives andfalse negatives Automation Ö Consistency– Scan for the same vulnerabilities (plus newvulnerabilities)– Scan the same ports / services– Scan at the same speed / network impact– Scan using the same scanner from the same networkvantage point8

Step 2: Automate - Assess Often Vulnerability Management can be a proactive securitysolution – if performed regularly– Must perform regular (e.g. weekly) assessments to react toaccurate and current vulnerability data– Automate your network discovery and vulnerability scan tasks Imbed Vulnerability Management in existing and newprocesses– Device build processes– Monthly maintenance processes– Change management processes 80% of Qualys customers run recurring scans at leastmonthly 60% of Qualys customers run recurring scans weekly9

Step 3: Integrate Your VM Solution Vulnerability data, when integrated with othersecurity and operations tools and information, canbe very powerful– Enhance your IDS investment; eliminate false positivesby integrating VM data with IDS data– Integrate your VM solution with your changemanagement / trouble ticketing solution or processes– Further automate patch application / patchmanagement / configuration management When missing patches or non-standard configurations arefound on select devices, automate the remediation– Integrate to perform network quarantine10

Step 4: Distribute Use - Individuals Enterprise Vulnerability Management tasksshould be performed by more than just thesecurity team Use ‘least privileges’ to assign select rights to:––––Internal AuditSystems and Network AdministratorsDesktop Management teamsTechnical and non-technical individuals11

Step 4: Distribute Use – Scan Engines Vulnerabilities must be assessed from theindependent 3rd party Internet perspective– ‘script kiddies’ are scanning you, shouldn’t you knowwhat they can see? Vulnerabilities must be assessed from the DMZs– Need localized, authenticated scanning of these assetsfor full knowledge of vulnerabilities Vulnerabilities must be assessed from the Internalnetwork– Majority of devices and least number of security layersreside here12

Step 5: Report on Vulnerabilities AND Risk Vulnerability Risk– Vulnerabilities are exposures on assets due to softwareweakness or device misconfiguration– Risk considers the value of the asset and the mitigatingfactors in place against the vulnerability Example: same critical windows patch missing on2 hosts; exploitable over port 80– Host 1: Corporate Web Server– Host 2: Joe User’s Laptop– The vulnerability on the 2 hosts are the same, but therisk to the organization is much higher on the corporateweb server13

Enterprise Vulnerability Management SolutionRequirements Single solution for external and internal VM– Low TCO– Consolidated reporting Scaleable; easily deployable on distributed networks Network-based. Agents leave you exposed– With agents, it’s impossible to assess risk on all devices Rogue devices, non-standard devices, network devices) Maintenance Free, Auto-updating Accurate & Comprehensive Secure– Data encryption– No impact on security architecture Clientless Web Interface14

QualysGuard at a Glance Vulnerability Management solution available on demand Software-free, management free solution– Auto-updating– No software to install or maintain Industry’s most comprehensive VulnerabilityKnowledgeBase 3700 vulnerability signatures, updateddaily Most accurate vulnerability scanner with less than .003%false positive rate Centralized repository automatically consolidates andaggregates all VM data for reporting15

QualysGuard at a Glance Uniquely capable of vulnerability scanning from 3rd party Internet perspective, critical for assessing Internet riskInternal and localized DMZ vulnerability scanning usingsecure and hardened Scanner AppliancesRBAC model allows organizations to easily distribute VMtasksNon-intrusive / non-disruptive scanning with auto-throttlingintelligenceBuilt-in comprehensive remediation workflow‘Out of the Box’ XML API for seamless integration withother enterprise solutions16

Sample QualysGuardExecutive Report Summary chartsshow risk overtime Can choose whatdata isrepresented– Over what periodof time– Select assets toreport on– etc.17

Sample Technical Vulnerability Report18

Where do you go from here? Trial QualysGuard for FREEhttp://www.qualys.com/worm19

Q&AThank youelevin@qualys.com20

Vulnerability Management solution available on demand Software-free, management free solution - Auto-updating - No software to install or maintain Industry's most comprehensive Vulnerability KnowledgeBase 3700 vulnerability signatures, updated daily Most accurate vulnerability scanner with less than .003% false positive rate

Related Documents:

About this Guide About Qualys 5 About this Guide Welcome to Qualys Patch Management! We’ll help you get acquainted with the Qualys solutions for patching your systems using the Qualys Cloud Security Platform. About Qualys Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading p

Qualys CyberArk AIM Integration 4 . Preface Welcome to Qualys Cloud Platform! In this guide, we'll show you how to use the Qualys integration with CyberArk Application Identity Manager (AIM) for credential management . About Qualys . Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud -based security and

Qualys Gateway Service (QGS) is a packaged virtual appliance developed by Qualys that provides proxy services for Qualys Cloud Agent deployments that require proxy connectivity to connect agents to the Qualys Clo

Qualys Continuous Monitoring is a SaaS-based add-on purchase used with Qualys Vulnerability Management. Qualys CM provides powerful configuration options that scale to custom requirements of large enterprises. Three themes guide the configuration strategy for effective use of Qua

About this Guide About Qualys About this Guide Thank you for your interest in our revolutionary new Qualys Cloud Agent Platform. This new platform extends the Qualys Cloud Platform to continuously assess global IT infrastructure and applications using lightweight agents. All you have to do is install agents on your IT assets.

May 08, 2020 · the Qualys Cloud Agent, these systems can be easily enabled to deploy patches via the Qualys Cloud Platform, without the need to touch the client systems. Alternatively, a lightweight Qualys agent is deployed to the remote computers. Philippe Courtot, chairman and CEO, Qualys, said, “Than

Active Directory login and password. 3) Upon successful authentication, the web browser should be redirected to Qualys and a valid session should be opened with the expected user identity. 4) When logging out of Qualys, the web browser should be redirected to https://www.qualys.com or a custom logout URL provided by the customer.

Neurodidaktische Ansätze in Beste Freunde Folie Nr. 31 12.01.2017 Exkurs: Interhemisphärisches Lernen und Gehirnaktivierung 1. Das Gehirn wird immer nur dann „trainiert“, wenn es neue oder ungewohnte Tätigkeiten ausübt, d.h. Gehirn trainieren ist nicht automatisch lernen 2. Das beste Gehirntraining ist das Erlernen einer Sprache, da Sprache im gesamten Cortex verarbeitet wird 3 .