webinar: vulnerability management leicht gemacht – mit splunk und qualys
TRANSCRIPT
Copyright © 2014 Splunk, Inc.
Copyright © 2014 Splunk, Inc.
Vulnerability Management leicht gemacht
mit Splunk und Qualys
Copyright © 2014 Splunk, Inc. 2
Ihr Webcast Team
Kai-Ping SeidenschnurSenior Sales Engineer
Thomas WendtTechnical Account Manager
Copyright © 2014 Splunk, Inc. 3
Agenda
• Splunk kurzer Überblick• Qualys Vulnerability Management• Demo Qualys VM• Demo Auswertung mit Splunk• Q&A
Copyright © 2014 Splunk, Inc.
GPS, RFID, Hypervisor, Web Servers, Email, Messaging, Clickstreams, Mobile, Telephony, IVR, Databases
Splunk: Platform For Machine Data
Report and
analyze
Custom dashboards
Monitor and alert
Ad hoc search
Splunk storage
Real-time
Machine Data
Sensors, Telematics, Storage, Servers, Security devices, Desktops, CDRs
DeveloperPlatform
Other Big Data stores
4
Copyright © 2014 Splunk, Inc.
Splunk is Used Across IT and the Business
ITOps
Security ComplianceApp
MgmtWeb
Intelligence
Business Analytics
5
Copyright © 2014 Splunk, Inc.
Splunk Security Use CasesMore than a SIEM; a Security Intelligence Platform
6
ITOperations
Application Delivery
Business Analytics
Industrial Data and
Internet of Things
Business Analytics
Industrial Data and
Internet of Things
Security, Compliance,
and Fraud
SECURITY &
COMPLIANCE REPORTING
MONITORING OF KNOWN
THREATS
ADVANCED THREAT
DETECTION
INCIDENT INVESTIGATIO
NS & FORENSICS
FRAUD DETECTION
INSIDER THREAT
AV CLEAN UP
VERIFICATION
USER ACTIVITY MONITORING
ALERT & MALWAREVALIDATIO
N
MALWARE & MALICIOUS CALLBACKS
EMAIL ATTACK DETECTION
Copyright © 2014 Splunk, Inc.
120+ security appsSplunk App for Enterprise Security
Products: Splunk Enterprise + Apps
Palo Alto Networks
Qualys App FireEye
Blue Coat Proxy SGTHOR
Cisco Security Suite
Active Directory
F5 Security Juniper
Sourcefire
Snort
Asset Discovery
7
Copyright © 2014 Splunk, Inc. 8
Warum zeitnahes Patchen?
Copyright © 2014 Splunk, Inc.
Qualys Introduction
Corporate PresentationThomas Wendt
Continuous Security for a Global World
11
Qualys at a Glance
6,700+ Customers 100+ Countries $108M 2013
Revenues
QualysGuard Cloud Platform & Suite of Integrated Solutions
Continuous and Unified View of Security and Compliance
Application Engines
ASSETDISCOVERY
NETWORKSECURITY
WEB APPSECURITY
THREATPROTECTION
COMPLIANCE
MONITORING
Passive Physical Virtual Cloud Mobile Agent
Sensors
Delivering Continuous SecurityWith a Cloud Oriented Architecture
Physical Data Centers
Virtual Data Centers
Remote Offices
Mobile Users
Cloud Data Centers
Qualys Cloud PlatformPrivate Cloud Version for Data Sovereignty
On Premise
Same Codebase
Qualys Managed
Disconnected (2015)On EC2 and AZURE (2015)
VMware ESX and ESXi
24x7x365 Monitoring and Support
Daily Vulnerability Feeds
Bi-quarterly Platform Updates
SOC
Platform Evolution
Vulnerability Management
Policy Compliance
PCI Compliance
Web Application Scanning
Web Application Firewall
16
Qualys Extensible Cloud Back-End
1+ Billion scans 50+ Billion detections400+ Billion security data points
2015 New Services Delivery
18
CONTINUOUS ASSET
DISCOVERY
NETWORKSECURITY
WEB APPSECURITY
THREATPROTECTION
COMPLIANCEMONITORING
Gartner (June) - Continuous Asset Discovery and Categorization Module with integration with CMDB (ServiceNow)
February - Continuous Monitoring of Critical Assets (Internal)March – Splunk IntegrationRSA (April) – Cloud Agent for VM (Windows servers and clients)
February – Progressive Scanning for large Web ApplicationsRSA (April) – Web Application Firewall 2.0 with virtual patching and dedicated hardware appliance
Gartner (June) - Log Management and Data Analytics ModuleBlackHat (July) – Advanced Malware Protection Service with sandboxing, automated malware analysis and asset correlation
RSA (April) – Cloud Agent for Policy Compliance
New Products
19
Cloud Agent Provides a new platform for continuous assessment of your security posture on laptops, workstations and servers, leveraging existing Qualys Cloud Suite applications such as VM, PC, and CM.
Log ManagementOur security-focused SIEM which aligns with our threat protection initiative, allowing for a single-pane of glass view of events captured by our various sensors.
Malware Protection ServiceOpens a new chapter for the detection of malware and the many advantages Qualys provides by correlating results with other data sources from the rich suite of products
Passive ScanningA new paradigm on asset discovery ensuring an accurate method for network discovery and automated asset classification dynamically re-building your logical platform while multiplying the feature set of options available in the Qualys platform
Updates run on a new cycle every weeks ensuring at the very minimum new version iterations every calendar year.
86
Continuous Perimeter MonitoringNew paradigm for VMData/Event Alerts
20
Qualys Cloud Agent PlatformVisibility Across Globally Distributed Networks
21
• Light-weight agent (1MB) for
on premise systems
dynamic cloud environments
mobile endpoints
built to scale to millions of devices
• Centrally managed, self updating
21
Unique Advantages of a Cloud Based Delivery Model
GLOBAL DELIVERYUNIFIED
BEST OF BREEDSOLUTIONS
CONTEXTUALCORRELATIONSPEED & ACCURACY
LOWER TCO
FASTER TIMETO MARKET
22
Thank You
Copyright © 2014 Splunk, Inc.
Qualys Demo
Copyright © 2014 Splunk, Inc. 25
ChallengesVulnerabillity Management is often a manuel proccess in OrganizationsVulnerability Management is most of the time seen as responsability of one departementOften priorities of other topics are on topThe risk is not always seen or properly scoredNo correlation of vulnerable systems to other security solutions
Copyright © 2014 Splunk, Inc.
Splunk, The Platform For Machine Data
Report and
analyze
Custom dashboards
Monitor and alert
Ad hoc search
Real-time
Machine Data
26
DeveloperPlatform
Lookups & Context
Threatfeeds
Asset Info
EmployeeInfo
Datastores
Network Segments / Honeypots
Copyright © 2014 Splunk, Inc. 27
Qualys App for Splunk Enterprise
Single pane of glass visual of Qualys scans & data
Built-in sample Reports/Dashboards
Search VM scan data and corresponding meta-data
Leverage Splunk search to find trends and correlate with other data sources
Copyright © 2014 Splunk, Inc.
Splunk Demo
Copyright © 2014 Splunk, Inc. 29
Qualys & SplunkReal-time monitoring of Vulnerability scans data in Splunk EnterpriseCorrelation of Qualys scan data with other data sources in Splunk– Improve Security Posture:
Risk scores, KSI– Mitigate against threat
vectors
Copyright © 2014 Splunk, Inc. 30
Qualys & Splunk BenefitsSplunk Enterprise Security can be used as consistent, repeatable and measurable proccess. Vulnerability Management and awareness can be distributed to system owners for reaction and management with Security KPI‘s for monitoringAttacks from IDS/IPS Solutions against vulnerable systems can be correlated and risk can be made visible (you‘ll see a visualization from NASDAQ in a minute)
Copyright © 2014 Splunk, Inc.
Sample Nasdaq - Heartbleed
Copyright © 2014 Splunk, Inc. 32
Contact Us
Kai-Ping SeidenschnurSenior Sales Engineer
Thomas WendtTechnical Account Manager
Free Qualys Trial:www.qualys.com
Free Qualys Splunk App: Apps.splunk.com
Copyright © 2014 Splunk, Inc.
Thank you!