Presentation is loading. Please wait.

Presentation is loading. Please wait.

September 2, 2013 VM Evolution via API Parag Baxi, Technical Account Manager.

Published byLitzy Jenner Modified over 10 years ago

Similar presentations

Presentation on theme: "September 2, 2013 VM Evolution via API Parag Baxi, Technical Account Manager."— Presentation transcript:

1 September 2, 2013 VM Evolution via API Parag Baxi, Technical Account Manager

2 2 Vulnerability Management – Before Constant battle for IP Asset classification QualysGuard scan reports emailed Global metrics unavailable on security posture No administrator credentials

3 3 Vulnerability Management – After IT Assets in sync Reduced VM lifecycle Visibility in near real-time Biweekly authenticated scanning against all sites Users: Tuesday to Thursday, 10 AM - 4 PM Non-users: Friday, 10 PM - Sunday 10 PM Metrics for senior management and IT staff

4 4 Impact Increased awareness of security needs QGIR (QualysGuard Integration with Reporting) began at Customer in the second half of 2010. Increased effectiveness of QualysGuard VM

5 5 API integration with Configuration Management Database (CMDB) Hierarchy model Challenge: Asset Management Manual input No visibility on IT assets No visibility on ownership of assets Resulted in creating CMDB in shared Google Spreadsheet Problem: How to synchronize QualysGuard’s asset groups with the CMDB Google Spreadsheet?

6 6 Calculate static IP ranges and update the Google Spreadsheet. Have necessary information to create Asset Groups in QualysGuard. Create/Update asset groups in QualysGuard via API. Update host tracking information via QualysGuard API. Create/Update schedules for DHCP & static ranges. DHCP: Biweekly midweek from 10 AM to 4 PM. Static: Biweekly on weekends. Issues: No static IP ranges provided in CMDB Google Spreadsheet.. QualysGuard Asset Groups not in sync with Google Spreadsheet. QualysGuard-CMDB Integration

7 7 Remediation Workflow Automated Email Scan Reports Patch Report Remediation Policies Remediation Tickets API Custom Report Templates

8 8 Remediation Workflow Automated QGIR (QualysGuard Integration with Reporting)

9 9 Sample Reporting Issue

10 10 QualysGuard tickets are grouped by QID in Reporting. This enables easy patching. To further ease the administrative burden we utilize the patch report to consolidate vulnerabilities. QGIR tracks metrics against all offices fairly. All participating offices are given the same time frame and opportunity to remediate vulnerabilities. Further rounds supersede existing tickets. All unresolved Reporting tickets from the previous round are marked incomplete and the remaining vulnerabilities will be included in the new round. Create the tickets into Reporting, a JIRA ITIL-aligned implementation. With patching tool’s ability to patch multiple hosts for the same vulnerability, it makes sense to group by QID. Store the vulnerabilities and associated Reporting tickets in a separate database to allow for proper verification. QualysGuard vulnerabilities of the same QID for the same office are assembled into a CSV containing pertinent information. QGIR Workflow – Issue Vulnerabilities

11 11 QGIR Verify Workflow QGIR verification will reopen all QGIR Reporting issues that still have vulnerable hosts. For example, lets say Site A had 2 QGIR tickets in Reporting, and each of those QGIR tickets had 10 vulnerable hosts. If one host in both QGIR tickets was not fixed for either vulnerability then both tickets will be reopened. QGIR will verify that all hosts in each ticket that was marked resolved has, in fact, removed the vulnerability.

12 12 QGIR Verify Workflow – Attachments

13 13 QGIR Verify – Decommissioned Hosts QGIR verification will reopen all QGIR Reporting issues that still have vulnerable hosts. Therefore, all QualysGuard remediation tickets associated with decommissioned hosts must be removed. Note the search by NetBIOS name is not an exact search. It will return remediation tickets containing the NetBIOS name. For example, a NetBIOS search of “USNYSMITHGE1” will also return tickets associated with hostname, “USNYSMITHGE11”. Remove these false positives by parsing the resulting XML file. QualysGuard will not report a very real, but previously discovered vulnerability on a replacement host with the decomissioned IP/hostname. The ticket must be deleted.

14 14 Parag Baxi, CISA, CISM, CISSP, CRISC, PMP Employee, Qualys Senior Security Engineer, Ogilvy & Mather Architected ITIL-aligned worldwide VM QualysGuard implementation with heavy emphasis on automation, ROI and security best practices. Over 10 years of enterprise experience at UMDNJ, EDS, HP Enterprise Services (consultancy for The Federal Reserve Bank of New York), and Google. Advocate and active contributor of the Qualys community. Published open-source QualysGuard integration code. B.S. degree in Computer Science from Rutgers University. Thank you!

Download ppt "September 2, 2013 VM Evolution via API Parag Baxi, Technical Account Manager."

Similar presentations

Conducting your own Data Life Cycle Audit

Conducting your own Data Life Cycle Audit
From the eyes of an Administrator A general overview of e-CFunds Administrative Site, including navigation and exploring the features of this powerful.

From the eyes of an Administrator A general overview of e-CFunds Administrative Site, including navigation and exploring the features of this powerful.
Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
1 Capability Set - Detail. 2 Common Content Problems Content Mayhem –File management and storage confusion Content Multiplication –Editing déjà vu - same.

1 Capability Set - Detail. 2 Common Content Problems Content Mayhem –File management and storage confusion Content Multiplication –Editing déjà vu - same.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
Govern the Flow of Data: Moving from Chaos to Control

Govern the Flow of Data: Moving from Chaos to Control
Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.

Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.
IT Asset Management Status Update 02/15/2010. 2 Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.
1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.

1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.
Tivoli Service Request Manager

Tivoli Service Request Manager
1 Contract Inactivation & Replacement Fly-in Action ( Continue to Page Down/Click on each page…) Electronic Document Access (EDA)

1 Contract Inactivation & Replacement Fly-in Action ( Continue to Page Down/Click on each page…) Electronic Document Access (EDA)
“The Honeywell Web-based Corrective Action Solution”

“The Honeywell Web-based Corrective Action Solution”
Request Tracker IT Partners Conference Oliver Thomas 19 April 2005.

Request Tracker IT Partners Conference Oliver Thomas 19 April 2005.
1 Remediation Workflow Automated Email Scan Reports Patch Report Remediation Policies Remediation Tickets API Custom Report Templates.

1 Remediation Workflow Automated Scan Reports Patch Report Remediation Policies Remediation Tickets API Custom Report Templates.
Request Tracker 4 (RT4) Implementation Project

Request Tracker 4 (RT4) Implementation Project
CA's Management Database (MDB): The EITM Foundation -WO108SN.

CA's Management Database (MDB): The EITM Foundation -WO108SN.
SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.

SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.
LYDIA HARKEY EIR ACCESSIBILITY OFFICER TEXAS A&M UNIVERSITY COMMERCE FALL 2014 1 Implementing Accessibility Strategically at Your Organization.

LYDIA HARKEY EIR ACCESSIBILITY OFFICER TEXAS A&M UNIVERSITY COMMERCE FALL Implementing Accessibility Strategically at Your Organization.

Similar presentations

Ads by Google