![Page 1: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/1.jpg)
Introduction to QualysGuard
IT Risk SaaS Services
Marek Skalicky, CISM, CRISC
Regional Account Manager for Central & Adriatic Eastern Europe
![Page 2: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/2.jpg)
Qualys at a Glance
Software-as-a-Service
(SaaS)
Founded in 1999 to deliver a SaaS VM
Expanded the service as suite of SaaS
Security and Compliance offerings
Last round of funding in 2004
300 employees (50% R&D and
Operations)
5600+ global customers
50% of Fortune 100
34% of Fortune 500
18% Forbes Global 2000
US 65%, EMEA 30%, Asia 5%
9,000+ scanner appliances in 85
countries
600+ million IP scans in 2011
Highest possible rating of “Strong
Positive”
Largest market share
Highest possible rating of “Leader”
“The leading vendor”
“Market Share Leadership”
![Page 3: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/3.jpg)
3
![Page 4: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/4.jpg)
Global Market Adoption
Insurance
Chemical
Internet
Retail
Technology
Consulting
Financial
Services
![Page 5: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/5.jpg)
Global Market Adoption – continued
Media
Energ
y
Consumer
Healthcare
Manufacturing
Education
Transportation
Public Sector
![Page 6: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/6.jpg)
A Unified and Continuous View of
ICT Security, Risks and Compliance
6
Device & Application Security The QualysGuard Cloud Platform and suite of integrated
applications allows enterprises to discover and catalog all
IT assets, and provides them with a continuous view of their
security and compliance posture on a global scale.
Benefits Fully automated continuous asset discovery, security &
compliance assessments.
Up-to-date security intelligence with no software
to install and maintain.
![Page 7: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/7.jpg)
A Unified and Continuous View of
ICT Security, Risks and Compliance
7
IT-GRC Automation The QualysGuard Cloud Platform and suite
of integrated applications automates the collection
of security and compliance data with customizable policies,
questionnaires and workflows, helping organizations to
automate and expedite compliance
Benefits Automated & Agent-less compliance auditing supporting multiple
regulatory mandates.
Customizable questionnaires and business workflows to
evaluate controls, gather evidence & validate compliance.
Seamless integration with enterprise GRC solutions.
![Page 8: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/8.jpg)
QualysGuard® SaaS Applications
QualysGuard SaaS Technology Platform
Scanners & Collectors Open APIs, Web Services & Integrations
Enterprise SMB Freemium Services
QualysGuard On Demand Portal
Analyze
Vulnerability Mgmt.
Web App Scan
Malware Detection
SSL Labs
Zero days analyzer
Monitor
Web Application Logs
Botnet Detection*
Comply
Policy Compliance
PCI Compliance
Qualys Seal
SCAP / FDCC
Compliance Mgmt*
Prevent
Web App. Firewall*
![Page 9: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/9.jpg)
QualysGuard Suite of Security
& Compliance Applications
9
![Page 10: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/10.jpg)
Powerful ability to manage, search and tag assets
− Organizing ICT Assets using Tags
- Static and Dynamic asset tagging
- Hierarchical asset tagging
− Uses existing VM scan data
− Integrated with existing QG apps.
Asset Tagging/Searching/Reporting based on
- platforms, applications, services
- IT responsibility
- Based on locality
- Based on Business Processes
Qualys Asset Management (patent pending)
CONFIDENTIAL | 10
![Page 11: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/11.jpg)
Qualys Vulnerability Management
12 years on market
Market leader since 2008 Gartner, IDC, Forrester, Frost & Sullivan SC Magazine best Vulnerability Mgt solution 6 years in a row
Full VM Cycle • Free and unlimited network discovery
• Discover, group, & prioritize network assets
• Identify vulnerabilities, exploits, malware, patches, & unsupported technologies
• Prioritize, execute & audit remediation
• Automate reporting, trending, & alerting
13,000+ signatures covering 55K+ vulnerabilities, updated daily
![Page 12: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/12.jpg)
QG Vulnerability Management Module User Interface – Vulnerability Knowledge Base
![Page 13: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/13.jpg)
QG Vulnerability Management Module User Interface – Vulnerability Description
![Page 14: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/14.jpg)
Exploits Knowledgebase
Information added for Exploits
Following resources used:
− Exploit-DB
− Metasploit
− Core Security
− Immunity
− Others…
Helpful in the Remediation process
Comprehensive CVSS v2 scores
Assets at risk of Exploits Report
![Page 15: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/15.jpg)
Malware Knowledgebase
Information added for Malware Code Availability
Following resources used:
Trend Micro Malware Knowledgebase
Others malware resources coming…
Helpful in the Remediation process
Assets at risk of Malware Report
![Page 16: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/16.jpg)
3 Solution categories
Solution description categories:
Vendor Patch available
Workaround available
Virtual Patch available Trend Micro Deep Inspection signatures
Others resources coming…
Helpful in the Remediation process
Virtually Patchable Assets Report
![Page 17: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/17.jpg)
Qualys Web Application Scanning
Vulnerability Scanning
inside Web Apps :
• Authenticated Scanning
• OWASP TOP 10 support
• Web services Discovery
• Web services Catalog
• Certificate auth. support
• Selenium auth. Support
• Java, Ajax, Flash support
![Page 18: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/18.jpg)
Qualys Malware Detection for Web Apps
Malware Detection inside
Web App source code:
• Static signature Analysis
• Behavioral Analysis
• Dashboard and centralized
reporting
• Sharing WAS module settings
and Web Apps authentication
![Page 19: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/19.jpg)
Qualys SECURE Seal for Web Apps
Web Site Certification
• Daily WAS Malware Scanning
• Weekly IP vulnerability
• Weekly WAS vulnerability
• Weekly SSL Protocol Audit
• Email notification
• Daily updated SECURE Seal
applet for your web site
![Page 20: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/20.jpg)
http://www.qualys.com/zero-day
Zero-Day Analyzer for VM GA – April in Europe
20
Zero-Day Analyzer for VM Allows customers to analyze zero-day threats
and estimate their impact on their assets and
critical systems based on information
collected from previous scan results.
Benefits Latest signatures for iDefense exclusive zero-
day threats
Customizable alerting and email notifications
Actionable data with estimates about what
systems are at risk
![Page 21: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/21.jpg)
Audit state of browsers
security in the enterprise
• Simple & Scalable
• Multiple platform & browsers
• Multiple Browser Plugins
• Centralized Reporting
• No SW/HW to install!
Free BrowserCheck Business Edition
Register here: http://www.qualys.com/forms/browsercheck-
business-edition/
![Page 22: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/22.jpg)
QualysGuard scanning progress Number of vulnerability and compliance scans per quarter
Qualys reached +500 millions scans in 2010
Qualys reached +600 millions scans in 2011
+700 millions in 2012 ?
![Page 23: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/23.jpg)
Qualys Scanning Quality Metrics Six Sigma Scanning Accuracy
99,99930000
99,99940000
99,99950000
99,99960000
99,99970000
99,99980000
99,99990000
100,00000000
14 000 000
15 000 000
16 000 000
17 000 000
18 000 000
19 000 000
20 000 000
21 000 000
QG
Scan A
ccuracy (%
) N
um
be
r o
f Sc
ans
Qualys Six Sigma Accuracy
Scanned IPs (M) Reported Cases Actual Bugs
SIX SIGMA
SCANNING ACTIVITY
23
Six Sigma Accuracy = Less then 4 defects for each 1 mil IP scanning!
4 defects (bugs) cover: False-negative, False-positive, Service-crashed, Host-crashed reported to Qualys Support
![Page 24: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/24.jpg)
Quality Metrics Customer Contact Ratio
0,00
0,20
0,40
0,60
0,80
1,00
1,20
dec..10 jan..11 febr..11 márc..11 ápr..11 máj..11 jún..11 júl..11 aug..11 szept..11 okt..11 nov..11 dec..11 jan..12
Nu
mb
er
of
Cal
ls p
er
Mo
nth
Customer Contact Ratio*
QG-Enterprise QG-Express QG-PCI
* Number of phone calls and e-mail per customer/month
24
![Page 25: Introduction to QualysGuard IT Risk SaaS Services to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys](https://reader031.vdocument.in/reader031/viewer/2022021712/5b869fa27f8b9ad1318d5ea3/html5/thumbnails/25.jpg)
Thank You [email protected]