saeed%hagh% productmanager(–policy(compliance( · 2...
TRANSCRIPT
![Page 1: Saeed%Hagh% ProductManager(–Policy(Compliance( · 2 Manage(Security%Risk,iden7fying(and(remediang(so:ware(Vulnerabili6es (including(so:ware(Configuraon (sengs,( Misuse& Flaws%](https://reader036.vdocument.in/reader036/viewer/2022070917/5fb7656993c8c230963e5204/html5/thumbnails/1.jpg)
Saeed Hagh Product Manager – Policy Compliance
![Page 2: Saeed%Hagh% ProductManager(–Policy(Compliance( · 2 Manage(Security%Risk,iden7fying(and(remediang(so:ware(Vulnerabili6es (including(so:ware(Configuraon (sengs,( Misuse& Flaws%](https://reader036.vdocument.in/reader036/viewer/2022070917/5fb7656993c8c230963e5204/html5/thumbnails/2.jpg)
2
Manage Security Risk, iden7fying and remedia7ng so:ware Vulnerabili6es including so:ware Configura6on se<ngs,
Misuse & Flaws
Manage Compliance, reviewing applicable Mandates, applying best prac7ce Policies & Controls performing
regular Audit
Why Configura7on Assessment MaDers
![Page 3: Saeed%Hagh% ProductManager(–Policy(Compliance( · 2 Manage(Security%Risk,iden7fying(and(remediang(so:ware(Vulnerabili6es (including(so:ware(Configuraon (sengs,( Misuse& Flaws%](https://reader036.vdocument.in/reader036/viewer/2022070917/5fb7656993c8c230963e5204/html5/thumbnails/3.jpg)
3
Successful organiza7ons collect & use more configura6on data from 81% of their IT Systems to manage their risk & compliance
(Source: IT Policy Compliace Group)
Dominant Informa6on Used Managing Business Risk Related to Use of IT
Why Configura7on Assessment MaDers
![Page 4: Saeed%Hagh% ProductManager(–Policy(Compliance( · 2 Manage(Security%Risk,iden7fying(and(remediang(so:ware(Vulnerabili6es (including(so:ware(Configuraon (sengs,( Misuse& Flaws%](https://reader036.vdocument.in/reader036/viewer/2022070917/5fb7656993c8c230963e5204/html5/thumbnails/4.jpg)
Increase frequency of pre audit elimina7ng audit failure
Enable proac7ve approach to extend visibility & control over security risks & compliance
Reduces complexity & cost of vulnerability management opera7on
Cri7cal data input to data driven GRC, SEIM solu7ons & prac7ces
Why Configura7on Assessment MaDers
![Page 5: Saeed%Hagh% ProductManager(–Policy(Compliance( · 2 Manage(Security%Risk,iden7fying(and(remediang(so:ware(Vulnerabili6es (including(so:ware(Configuraon (sengs,( Misuse& Flaws%](https://reader036.vdocument.in/reader036/viewer/2022070917/5fb7656993c8c230963e5204/html5/thumbnails/5.jpg)
Automates secure configura6on assessment life cycle
Automated and con7nuous cycle
Secure Configura6on
Audit against defined policies
Discover and Organize
Report and Remediate
RI SK
Define Security Policies
QualysGuard Policy Compliance -‐ Demo
![Page 6: Saeed%Hagh% ProductManager(–Policy(Compliance( · 2 Manage(Security%Risk,iden7fying(and(remediang(so:ware(Vulnerabili6es (including(so:ware(Configuraon (sengs,( Misuse& Flaws%](https://reader036.vdocument.in/reader036/viewer/2022070917/5fb7656993c8c230963e5204/html5/thumbnails/6.jpg)
Policy Compliance Coverage Supported Technologies Windows (Windows XP to Windows 2012) Unix/Linux (AIX 6/7, RHEL 5/6, SuSE 10/11, Solaris 10/11, HP-‐UX 11.x) Databases (SQL 2008/2012, Oracle 10, 11g, DB2) Virtualiza6on (VMware ESX 4.x, ESXi 5.x) Web Servers (IIS 6/7.x, Apache HTTP, VMware vFabric 5.x) Middleware (IBM WebSphere Applica7on Server 7.x) Devices (CISCO iOS 12/15), Juniper* & CISCO ASA*
6
Supported Policies CIS Cer7fied, CIS Based, SCM Based, SCAP Cer7fied
CIS Based -‐ 2008, 2008 R2 CIS Based -‐ VMware ESXi 4.x and 5.x CIS Based -‐ CISCO iOS 12 and 15 CIS Based -‐ Solaris 10.x and 11.x CIS Based -‐ SuSE 10 and 11 CIS Based -‐ Windows 7, Windows 2012, Win 8* CIS Based – AIX 7 CIS Based – MS SQL 2012* CIS Based – IIS 7 SCM Based – Windows 7, Windows 2012* Mandate Based Policies – HIPPA, ISO
Core Module Rich Policy Editor UI -‐ Simple and Intui7ve -‐ Search Capability -‐ External References
User Defined Controls (UDC) -‐ File content -‐ WMI -‐ Registry
SCAP 1.2 Support -‐ ARF Report -‐ Custom OVAL Check
SCAP Cer6fied Policies
API Support -‐ Start/Pause Scan -‐ Single Instance Reports -‐ Policy merge
Dashboard & Repor6ng Capabili6es -‐ Extended Evidence -‐ Mul7 Policy, Technology, Asset Score Card
![Page 7: Saeed%Hagh% ProductManager(–Policy(Compliance( · 2 Manage(Security%Risk,iden7fying(and(remediang(so:ware(Vulnerabili6es (including(so:ware(Configuraon (sengs,( Misuse& Flaws%](https://reader036.vdocument.in/reader036/viewer/2022070917/5fb7656993c8c230963e5204/html5/thumbnails/7.jpg)
Scalability Public and private Cloud infrastructure & services
Why QualysGuard Policy Compliance
Time to value Quick and easy to use
Comprehensive Assessment Coverage: Secure Configura7on & Vulnerability Assessment OS, Databases, Applica7ons & Network Devices
Interoperability: Customiza7on & workflow, API Integra7on with 3rd party GRC, SIEM, …