Presentation is loading. Please wait.

Presentation is loading. Please wait.

Qualys Vulnerabilities, Statistics and… Malware ?

Published byCason Rix Modified over 9 years ago

Similar presentations

Presentation on theme: "Qualys Vulnerabilities, Statistics and… Malware ?"— Presentation transcript:

1 Qualys Vulnerabilities, Statistics and… Malware ?
Wolfgang Kandek CTO Qualys, Inc.

2 Qualys Basics Founded to automate Vulnerability Assessments
Software as a Service (SaaS) with: Internet based shared scanners Scanner Appliances for internal scanning Webportal for data access

3 VIP 2-factor or Client certificate strong authentication options

4 VIP 2-factor or Client certificate strong authentication options

5 Qualys Basics Founded to automate Vulnerability Assessments
Software as a Service (SaaS) with: Internet based shared scanners Scanner Appliances for internal scanning Webportal for data access 270 employees (140 in Engineering) 5000+ customers

6

7 IDC 2011 Report

8 Frost & Sullivan 2010 Report
Frost & Sullivan: Vulnerability Management Market Leadership Report - Nov 2010

9 Laws of Vulnerabilities
M IPs scanned, 2M vulnerabilities Half-life – 30 days Prevalence – 50 % renewal annually Persistence – unlimited for some Exploitation – 80 % available with 60 days M IPs scanned, 680M vulnerabilities, 72M+ vulnerabilities of critical severity

10 Laws of Vulnerabilities
Half-Life = 29.5 days

11 Laws of Vulnerabilities
M IPs scanned, 2M vulnerabilities Half-life – 30 days Prevalence – 50 % renewal annually Persistence – unlimited for some Exploitation – 80 % available with 60 days M IPs scanned, 680M vulnerabilities, 72M+ vulnerabilities of critical severity Difference by OS and Application

12 Laws of Vulnerabilities
12

13 Laws of Vulnerabilities
13

14 New Services Policy Compliance Web Application Scanning
Configuration checks Password length, installed SW, access rights 20 technologies, 2000 controls Web Application Scanning Web Application Catalog Batch oriented production scanning

15 New Research Activities
Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal HoneyNet Research Portal

16 Blind Elephant Web App Fingerprinter
Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc

17 Blind Elephant Web App Fingerprinter

18 Blind Elephant Web App Fingerprinter

19 Blind Elephant Web App Fingerprinter
Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc Goals: accuracy, speed, low resource usage Results

20 Blind Elephant Web App Fingerprinter
1 Million “.com” domains

21 Blind Elephant Web App Fingerprinter

22 Blind Elephant Web App Fingerprinter

23 Blind Elephant Web App Fingerprinter
Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc Goals: accuracy, speed, low resource usage Results Available at: blindelephant.sourceforge.net

24 New Research Activities
Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection System

25 Neptune Malware Detection System
Visit/crawl web site with: Virtualized Machine Vulnerable, but instrumented OS Vulnerable, but instrumented Browser Configuration VMware Internet Explorer 6 on Windows XP Detours + Custom Hooks Log everything Detect malicious intent early, avoid infection

26 Neptune Malware Detection System
Static Detection Analyze inputs for known exploit patterns, signature based Pro: efficient and fast, signatures easily updated and shared Con: false positives, defeated by obfuscation, known threats only Behavioral Detection Monitor the browser process, check for anomalous activity Pro: false positives low, immune to obfuscation and detect new threats Con: success required, false negatives, expensive Reputation and AV checks (pluggable: Google, Trend)

27 Neptune Malware Detection System
UI version Focus on end-user, website owner Daily scheduled scans, alerts

28 Neptune Malware Detection System
UI version Focus on end-user, website owner Daily scheduled scans, alerts

29 Neptune Malware Detection System
UI version Focus on end-user, website owner Daily scheduled scans, alerts API version Focus on bulk user, integration, research Single URLs, Maps, or site with crawling

30 Neptune Malware Detection System
UI version Focus on end-user, website owner Daily scheduled scans, alerts API version Focus on bulk user, integration, research Single URLs, Maps, or site with crawling Available: qualys.com/stopmalware Contact: for API access

31 New Research Activities
Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA

32 BrowserCheck https://browsercheck.qualys.com
Security check for Browsers and Plug-ins End user focus, free and easy to use

33 BrowserCheck

34 BrowserCheck https://browsercheck.qualys.com
Security check for Browsers and Plug-ins End user focus, free and easy to use 200,000 visits – Jul 2010 / Jan 2011 IE, Firefox, Safari, Chrome, Opera Windows, Mac OS X and Linux

35 BrowserCheck

36 BrowserCheck Stats

37 BrowserCheck Stats

38 BrowserCheck Stats

39 BrowserCheck Stats

40 BrowserCheck Stats

41 BrowserCheck Stats Operating System: Browser: Plug-in: ? Country:
Windows XP – 47 % Windows 7 – 32 % Browser: IE 8 – 36 % Firefox 3.6 – 34 % Plug-in: ? Country:

42 BrowserCheck Stats

43 BrowserCheck Stats

44 New Research Activities
Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall

45 Ironbee – Web App Firewall
Open source effort led by Ivan Ristic Author of mod_security WAF technology renewed Focus on accuracy and usability WAS and MDS (neptune) integration Available at: SSL Labs – SSL usage statistics V2 is coming

46 New Research Activities
Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal

47 Dissect – Malware portal
Led by Rodrigo Branco - Team in Brazil, Malware and Vulnerability Research Malware exchange system up and running Malware analysis in alpha Static analysis Runtime analysis on virtual and real machines Integration with Neptune MDS coming in Community oriented effort Contact:

48 New Research Activities
Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal HoneyNet Research Portal

49 Honeynet Nemean Networks acquisition
University of Wisconsin research team Paul Barford - Honeynet/Signature/IDS system Global Honeynet Effort Centralized Signature generation – open-source Snort/Suricata plug-ins – open-source

50 Contacts Wolfgang Kandek – wkandek@qualys.com
Amit Deshmukh –

Download ppt "Qualys Vulnerabilities, Statistics and… Malware ?"

Similar presentations

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)
Www.accessdata.com Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)

Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.

Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
The Free IT Management App & Community. What Do I Have? How Do I Keep Track of Everything? Is Everything Working? How Do I Fix IT? IT Admin What IT Pros.

The Free IT Management App & Community. What Do I Have? How Do I Keep Track of Everything? Is Everything Working? How Do I Fix IT? IT Admin What IT Pros.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.

WORKDAY TECHNOLOGY Stan Swete CTO - Workday 1.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Spiceworks Overview Enterprise Business Group Jul-2015.

Spiceworks Overview Enterprise Business Group Jul-2015.
Secure Private Cloud Storage for Business. The Market Trend File Sharing Any Device Any Where Public clouds are good enough to personal users but security.

Secure Private Cloud Storage for Business. The Market Trend File Sharing Any Device Any Where Public clouds are good enough to personal users but security.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Similar presentations

Ads by Google