fight from the inside: 2+ years qualys cloud agent – lessons … · 2019-08-29 · •...
TRANSCRIPT
![Page 1: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/1.jpg)
Fight from the inside:2+ years Qualys Cloud Agent – lessons learnedSiemens Corporate Scan Service
www.siemens.com/cybersecurityUnrestricted © Siemens AG 2018
![Page 2: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/2.jpg)
Unrestricted © Siemens AG 2018Page 2 December 2018
Why Cloud Agent?
Fight from the inside – unauthenticated is not enough
But…• Authenticated scans and password
life cycle are a nightmare • 1.5k providers and administrators
• Psychology – Humans don’t want to give away control
![Page 3: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/3.jpg)
Unrestricted © Siemens AG 2018Page 3 December 2018
Cloud Agent: Lessons learned
It’s mostly about politics• Management support• Communication is vital• Make friends at an early stage
• Implement a showcase• Be prepared to answer any question• Have a lab environment ready
![Page 4: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/4.jpg)
Unrestricted © Siemens AG 2018Page 4 December 2018
Cloud Agent: Lessons learned
• Needs a dedicated project• Plan for disaster• Establish a human network
• Track and trace• Communication is vital• Be as supportive as possible
• Hey Qualys: can you say MSI?
• End of project doesn’t mean you are done • License costs are not the point!
![Page 5: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/5.jpg)
Unrestricted © Siemens AG 2018Page 5 December 2018
Findings
Don‘t panic!• Sit down and have a cup of tea first!
• Your standard process will probably be not enough
Don’t get lost in the details! • Visualize & identify patterns - Pivot is your friend• Explain them – to management!
• Fix it!
![Page 6: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/6.jpg)
Unrestricted © Siemens AG 2018Page 6 December 2018
Cloud Agent: Lessons learned
Some things you might discover:• Some have no patch process at all• Don’t control their patch process• Gave away the keys - no clue who installed what and why• Have no support contracts and thus no access to patches• Decommissioned machines are just abandoned and run on their own• Systems are installed with ‘all in’• Maintenance windows are to short • Skills and resources can be a problem
![Page 7: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/7.jpg)
Unrestricted © Siemens AG 2018Page 7 December 2018
Vulnerability Remediation: 3 Strikes Approach
1. Low hanging Fruits on application layer• Remove unnecessary software, e.g. Adobe Reader, Flash, Firefox, Office…
2. OS layer:• Get all the latest patches from the OS vendor,
install and verify successful installation
3. Applications: • Get all the latest patches from the application vendor(s) ,
install and verify successful installation
Implement a regular, periodic process for the above steps –be pro-active not reactive!
OS patches
Application Patches
Low hanging Fruits
![Page 8: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/8.jpg)
Unrestricted © Siemens AG 2018Page 8 December 2018
Passive Resistence
• Address people directly• Leverage your human network
• Your systems are at the top 100 worst of the company • BUT WE CAN CHANGE THAT – TOGETHER!
![Page 9: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/9.jpg)
Unrestricted © Siemens AG 2018Page 9 December 2018
How Qualys could help
• Self healing agents• Better debugging capabilities• More transparency • More revision control – manifest control• Provide MSI packages
![Page 10: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/10.jpg)
Unrestricted © Siemens AG 2018Page 10 December 2018
Thank you for your attention!
![Page 11: Fight from the inside: 2+ years Qualys Cloud Agent – lessons … · 2019-08-29 · • Authenticated scans and password life cycle are a nightmare • 1.5k providers and administrators](https://reader033.vdocuments.us/reader033/viewer/2022042014/5e7396bda677417d2c5f26a9/html5/thumbnails/11.jpg)
Unrestricted © Siemens AG 2018Page 11
Contact page
Michael Seeger
Siemens AGCybersecurity
Mobile: +49 (173) 3758028E-mail: [email protected]