Qualys Corp Presentation

snowpeaschocolateManagement

Nov 18, 2013 (3 years and 4 months ago)

219 views

QualysGuard Suite
7.0

SaaS

Architecture and

Asset Management



Marek Skalicky, CISM, CRISC

Regional Account Manager for Central & Adriatic Eastern Europe





Qualys at a Glance

Software
-
as
-
a
-
Service
(SaaS)


Founded in 1999 to deliver a SaaS VM

Expanded the service as suite of SaaS

Security and Compliance offerings

Last round of funding in 2004

300 employees (50% R&D and
Operations)

5600+ global customers

50% of Fortune 100

34% of Fortune 500

18% Forbes Global 2000

US 65%, EMEA 30%, Asia 5%

9,000+ scanner appliances in 85
countries

600+ million IP scans in 2011










Highest possible rating of “Strong
Positive”

Largest market share

Highest possible rating of “Leader”

“The leading vendor”

“Market Share Leadership”

Global Market Adoption

By Forbes and Fortune Rankings

Forbes 100


51
%

Fortune 100


48
%

Fortune 500


34
%

Forbes 2000


19
%









Global Market Adoption



Insurance



Chemical





Internet



Retail



Technology



Consulting

Financial
Services

Global Market Adoption


continued



Media



Energ
y



Consumer



Healthcare



Manufacturing



Education



Transportation



Public Sector





Global Delivery Partners

Security Consulting Organizations





Managed Security Service Providers (MSSP)

7

QualysGuard ICT Security Management

Integrated
Suite
of ICT Security and Compliance
SaaS

services

ICT RISK

MANAGEMENT

Devices
& Applications
Risk
Assessment


Vulnerabilities

Exploits, Malware


Patches, Workarounds,
Virtual IDS/IDP Patches


Threats Protection

ICT ASSET

MANAGEMENT

ICT COMPLIANCE

MANAGEMENT

Devices & Applications

Discovery and Tagging


Business Value


Responsibility

Ownership


Continuous

Auditing

Devices & Applications

Configurations Audits


Internal
Policies

External Regulations


ICT Technological
controls checks


Non
-
technological
Questionnaires

ICT SECURITY INTELLIGENCE & MANAGEMENT PLATFORM

INTEGRATED DASHBOARDS AND REPORTS

QualysGuard® SaaS Applications


QualysGuard SaaS Technology Platform

Scanners & Collectors

Open APIs, Web Services & Integrations

Enterprise

SMB

Freemium Services

QualysGuard On Demand Portal

Analyze


Vulnerability Mgmt.

Web App Scan

Malware Detection

SSL Labs

Zero days analyzer


Monitor


Web Application Logs

Botnet Detection*






Comply


Policy Compliance

PCI Compliance

Qualys Seal

SCAP / FDCC

Compliance Mgmt*

Prevent


Web App. Firewall*





Asset Management Module

US SOC

EU SOC

Future SOC and PC

PC

PC

SOC

PC

PC

PC

PC

PC

PC

PC

PC

PC

PC

Private Clouds (PC)

US SOC

EU SOC

Security Operations Center (SOC)

QualysGuard Architecture Updates

Performing 600+ Million IP
scans
and maps per year

QualysGuard Global
Infrastructure

Virtual
vScanner

and Virtual Private SOC

10

World’s Largest global Vulnerability Management deployment at
Daimler


-

293 scanner appliances scanning over a million IPs in 80 locations

Performing 600+ Million IP
scans
and maps per year

QualysGuard SW
Virtual Scanner

QualysGuard SW
Virtual Private SOC

Private Cloud
-

@Customer HW SOC


Qualys Supplied
Hardware installed at customers premises

Core

Reports

Portal

Database
Layer



DB Audit Vault



Virtual Private DB


Infrastructure
Layer

Platform



High Availability



Secure Network



Redundant and Secure Network Core



Redundant Service Infrastructure



Redundant Database Infrastructure

Virtualized
Web and
Application
Layer



vmware


QualysGuard
API

Front Office UI

Back Office UI

Reporting

Distribution

JobD Bus

Monitoring

Logging

Private Cloud


Virtual SOC (Q2 2012)


Customer Supplied
Hardware Virtualization platform

Virtualized

Database Layer

Reports

Core

Portal



DB Audit Vault



Virtual Private DB

QualysGuard

API

Front Office UI

Back Office UI

Reporting

Distribution

JobD Bus

Virtualized Web and
Application Layer

Monitoring

Logging



vmware


Infrastructure
Layer

Customer Infrastructure

New QualysGuard Virtual Scanner

Running on Virtualized platforms including laptops

CONFIDENTIAL |

13

Supported Virtual Platforms:


Oracle Virtual Box (Open Source)



VMware
ESXi
, ESX, Workstation,
Player, Fusion,
vCenter
,
vSphere



Microsoft Hyper
-
V (Coming soon)



Citrix
XenServer

6.0 (Coming soon)


RESOURCES
-

MINIMUM


1 x
vCPU

core


1 GB RAM


1 x 40GB virtual HDD


RESOURCES
-

RECOMMENDED


2 x
vCPU

cores


4 GB RAM


1 x 40GB virtual HDD



Password Vaults Integration

Password Vaults Integration


For GQ authenticated scanning


Local encrypted credentials storage


Very easy to implement


1 day project including C
-
A
implementation


References:
Rabobank
, Discover, CNB


Password Vaults Technologies


Cyber
-
Ark PIM Suite


Thycotic

Secret Server


… others coming soon


1)
Download free SW Token


https://vipmobile.verisign.com/supportedphones.v





VeriSign

VIP Two
-
factor Authentication

2) Edit user settings in QG



3) Login with VeriSign VIP




Common User Experience Across all Applications


Interactive Dashboards





Context
-
based UI




Powerful Workflows





Actionable Menus & Filters


QualysGuard Web 2.0 UI

Dynamic and Role Based UI

16

QualysGuard Suite of Security

& Compliance Applications

17

QualysGuard Suite of
SaaS

Services

AUTOMATE



-

Asset Management
(ICT Asset Discovery, Tagging and Prioritization)

-

Risk Management
(
ICT Vulnerability Analyses, Remediation, Verification
)

-

Compliance Management
(ICT Configuration Standards and Audits)











… by
SaaS

Service on your request, demand, price and scope!

CONFIDENTIAL |

18

Powerful ability to manage,

search and tag assets


Organizing ICT Assets using Tags

-
Static and Dynamic asset tagging

-
Hierarchical asset tagging


Uses existing VM scan data


Integrated with existing QG apps.


Asset Tagging/Searching/Reporting
based on

-
platforms, applications, services

-
IT responsibility

-
Based on locality

-
Based on Business Processes


Qualys Asset Management

(patent pending)

CONFIDENTIAL |

19

Qualys Asset Management

Host tagging & Web application tagging

CONFIDENTIAL |

20

Qualys Asset Management

Reports by tags & User permissions by tags

CONFIDENTIAL |

21

Qualys Global Community

Join us at https://community.qualys.com

22

0
500
1000
1500
2000
2500
3000
3500
4000
4500
24-Jul
24-Aug
24-Sep
24-Oct
24-Nov
24-Dec
24-Jan
24-Feb
24-Mar
24-Apr
24-May
24-Jun
24-Jul
24-Aug
24-Sep
24-Oct
24-Nov
24-Dec
Total Members

http://www.csointerchange.org

CSO Interchange Events

Coming to a City Near You

23

http://www.qualys.com/qsc

Qualys Security Conferences ‘12

Las Vegas, Munich, London and Paris

24

Thank You

mskalicky@qualys.com