Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Analysis – The new Frontier of Security

Published byElwin Crawford Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerability Analysis – The new Frontier of Security"— Presentation transcript:

1 Vulnerability Analysis – The new Frontier of Security
QualysGuard Vulnerability Analysis – The new Frontier of Security by Tom Clare Director, Channel Marketing Dataway Seminar San Francisco, 26 June 2002

2 Agenda Company Background/Team Vulnerability Assessment QualysGuard
Product Family Internet Scanner Live Demonstration Product Enhancements Q&A

3 Qualys Company Background
Single focus on Vulnerability Assessment Highly Scalable Web Service Platform Most Comprehensive Vulnerability Database – Daily Updates Live since May 2000, run rate of 32,000+ scans per month 525+ customers growing at 25+ per month, includes: Adobe, Apple, HP, Siebel, Agilent, Cartier, L’Oreal, Bank of the West, First State Bank, Cincinnati Children’s Hospital, VeriSign, Web Power Associates, Tower Records, Broadwing, BASF, Generali… Founded in March 1999 90 Employees, 45 in R&D Global offices in US, France, Germany and UK $40M in funding Trident Capital, Deutch Bank ABS Ventures, Mercury Interactive and VeriSign Headquartered in Redwood Shores,CA

4 Why Does This Happen? Attack Firewall IDS Anti-Virus

5 Why Vulnerability Assessment ?
“99% of intrusions result from exploitation of known vulnerabilities or configuration errors where countermeasures were available” Source: 2001 CERT, Carnegie Mellon University “In 2001, more than 30 vulnerabilities were discovered each week” Source: 2001 Forrester Research (compared to 5 vulnerabilities discovered per week in 1998)

6 The worm.sdsc.edu Project
Experiment: Attaching and monitoring a “default installed” system on the Internet After 8 hours first probe for rpc vulnerabilities was detected Within a few days over 20 exploit attempts A few weeks later the system was completely compromised and a network sniffer was installed by an attacker

7 Vulnerability & Exploit Lifecycle
Early availability of detection capabilities is key to prevent intrusion and compromise Vulnerability Scanners adding detection signature Widespread Awareness Recent outbreaks of NIMDA and Code Red could have been prevented Selective Awareness First Discovery Advisory Release

8 Compromise is Costly Compromised systems may not be immediately identified To fully recover a compromised system, it must be taken offline Downtime of critical servers Time invested by administrators To restore the integrity of the system it must be validated Forensics may take days to complete Reinstall operating system and applications & all security patches Back-ups may contain altered data making it useless during recovery activities

9 Frequency Shift Automated worms, malicious code and multi-part viruses are making “security through obscurity” a bygone Vulnerability Assessment offers the most value to customers for today’s security threats Closes open doors that viruses frequently enter Verifies what firewall policy changes expose Provides an inventory of affected systems for IDS alerts Scans web site applications daily with latest VA tests Detects unknown rogue systems on networks Tools are evolving into online service architectures, constantly updated and ready Detection is shifting to prevention

10 (annual subscription)
Advancing VA Topic Freeware Tools Service Updates Provisioning ~monthly Manual download ~monthly/weekly Daily (2-4 times) Auto-update Expertise to use product High Medium Low Learning curve/start-up ~one week ~2-3 days < 1 Hour Knowledge transfer Difficult Moderate Easy Scalability for dist. & large networks Commitment None (both sides) 3-5 years (perpetual purchase) 1 year (annual subscription)

11 QualysGuard Product Family
Trial System Browser Check Internet Scanner Firewall Plug-in Intranet Scanner Enterprise Report Server Automated online trials with partner co-branding FREE Internet Explorer browser checks for over 400M users of IE True outside-in VA tests & remedies with Network mapping Check Point OPSEC Integration to scan visible systems after each firewall policy change LAN based inside scanning from self updating appliance (Beta June 2002) Internal report server database for large networks (Beta Q3) Centralized Vulnerability Assessment knowledge base leveraged for different users and locations, updated multiple times per day

12 QualysGuard Internet Scanner
Distributed, Secure & Scalable Infrastucture Internet Target Servers Hacker QualysGuard Data Center Data Base Browser Web Application New Vulnerabilities APIs Mgt Console Reports Distributed Scanners Important note: All communications between the browser, web application servers and database servers are secured using IDEA 128-bit encryption and a 768-bit RSA key for authentication.

13 Inference Based Vulnerability Scanning
Non-intrusive with no impact on the availability or integrity of a host being scanned Modular, inference-based scanning with over 100 specific modules Scans 300+ applications on 20+ platforms and operating systems (commercial and open source) Over Internet vulnerability tests, growing at per week Set Of Facts Knowledge Base Test Test Test New Facts

14 Live Demonstration Network Mapping Vulnerability Scanning
Detail Reporting Dynamic Reports CVE Database Configuration Options Account Maintenance

15 QualysGuard Features Scalability, Reliability and Speed
Enterprise level scanning – Class C & B Networks Comprehensive database of vulnerabilities with aggregated signatures and patches Graphical and Actionable Reporting Network Discovery for Large Networks 90+% OS detection correctness Minimizing false positives Full set of extensible XML APIs to fully integrate into the security process

16 Extending the Platform: Intranet Scanner
QualysGuard Platform Internet Web Application Servers Database Servers Firewall Intranet Scanner Customers Browser Distributed Scanners

17 QualysGuard for Check Point
Monitors firewall policy changes Automatically scans updated firewalls Analyzes results with previous assessment Produces trend analysis results (+/-) Results/Reports with trend summary & URL report links Firewall log entries including trend summary Online Detail & Differential HTML reports

18 How it Works Internet QualysGuard for Check Point 1 2 3 4
Scan Engines VPN-1/FireWall-1 Enforcement Point Internet Admin GUI Management Server 3 Scan & analyze results Firewall Policy Analysis 4 & log summary results Admin Log 1 Firewall policy change 5 Online reports QualysGuard Firewall Plug-In 2 Detect change & signal scan FireWall-1 Qualys Platform Company Network Remote Office Network OPSEC Integration into the firewall policy change cycle

19 Graphical HTML Reports
Report Type Summary Trend Analysis Severity Scale, Vulnerability Title, First & Last Detected, Duration (Lifespan) Status (Active/Fixed)

20 OPSEC Integration OPSEC Framework Policy Editor MGMT Server OMI
OMI – Object Management Interface Ability to read policy status information ELA – Event Logging API Ability to write log entries to firewall log Policy Editor VPN-1 FireWall-1 MGMT Server Firewall Plug-In Windows NT/2000 QG.conf - Mgmt Server IP Policy DB VPN-1 FireWall-1 ELA OMI Firewall Log VPN-1 FireWall-1 VPN-1 / FireWall-1

21 Summary Vulnerability Assessment offers the most value to customers for today’s security threats Closes open doors that viruses frequently enter Verifies what firewall policy changes expose Provides an inventory of affected systems for IDS alerts Scans web site applications daily with latest VA tests Detects rogue systems unknown to administrators In 2001, 99% of incidents and exposures utilized a known vulnerability where a counter measure was available (CERT) Tools are evolving into online service architectures, constantly updated and ready Detection is shifting to prevention

22 support@qualys.com www.qualys.com
Q&A

Download ppt "Vulnerability Analysis – The new Frontier of Security"

Similar presentations

The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.

Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
1 Storage Today Victor Hatridge – CIO Nashville Electric Service (615) 747-3735.

1 Storage Today Victor Hatridge – CIO Nashville Electric Service (615)
ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.

ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
1 Presentation ISS Security Scanner & Retina by Adnan Khairi 100183586.

1 Presentation ISS Security Scanner & Retina by Adnan Khairi
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Virtual Machine Management

Virtual Machine Management
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Similar presentations

Ads by Google