![Page 1: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/1.jpg)
18QUALYS SECURITY CONFERENCE 2018
Expanding our prevention, detection and response solutions
Sumedh Thakar Chief Product Officer, Qualys, Inc.
First Look Showcase
![Page 2: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/2.jpg)
Secure Enterprise Mobility
![Page 3: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/3.jpg)
Identity (X.509, Asset ID, Device ID) Device Hardware Network and Interactions Apps Analytics Security Posture
QSC Conference, 2018 3
Visibility
December 11, 2018
![Page 4: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/4.jpg)
December 11, 2018 QSC Conference, 2018 4
![Page 5: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/5.jpg)
December 11, 2018 QSC Conference, 2018 5
![Page 6: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/6.jpg)
December 11, 2018 QSC Conference, 2018 6
![Page 7: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/7.jpg)
Vulnerability Management Asset Lockdown Asset Hardening Enterprise Integrations
QSC Conference, 2018 7
Security
December 11, 2018
![Page 8: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/8.jpg)
Compliance Policies – On Enrollment – Continuous Monitoring Enforcement and Remedial Actions Policy Management Containerization
QSC Conference, 2018 8
Protection
December 11, 2018
![Page 9: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/9.jpg)
December 11, 2018 QSC Conference, 2018 9
![Page 10: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/10.jpg)
DIY Portal Audit Control Ownership (Corporate/BYOD) Transparency
QSC Conference, 2018 10
Privacy
December 11, 2018
![Page 11: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/11.jpg)
Feb 2019 – Closed Beta Multiple releases during 2019
QSC Conference, 2018 11
Roadmap
December 11, 2018
![Page 12: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/12.jpg)
Security Analytics & Orchestration
![Page 13: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/13.jpg)
14
Cross-Product Correlation
Additional Context from 3rd Party Sources
Detect KNOWN threats w/ out-of-box rules
Detect UNKNOWN threats Using Machine Learning
Hacker Behavioral Analytics
Predictive & Prescriptive SoC
Human Guided Policy-Driven Response
Playbooks for Bi-Dir Ecosystems Integration
BYOP- Bring-Your-Own-Playbook
Security Analytics & Orchestration
QSC Conference, 2018
Response &
Orchestration
Advanced Analytics
Correlation &
Enrichment
![Page 14: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/14.jpg)
15
Threat Hunt Search | Exploration | Behavior Graph
Security Analytics Anomaly | Visualization | Dashboard
UEBA User & Entity Behavior Analytics
Advanced Correlation Actionable Insights | Out-of-box Rules
ML/AI Service Patterns | Outlier | Predictive SoC
Orchestration & Automation Ecosystems Integration | Playbooks |
Response
Network Security Server Endpoint Apps Cloud Users IoT
IOCCA VM WAS WAFAI PC
Qualys Apps
Qualys Security Data Lake Platform Data Ingestion | Normalization | Enrichment | Governance
Qualys Quick Connectors
Security Analytics & Orchestration Apps
QSC Conference, 2018
![Page 15: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/15.jpg)
Characteristics of Data Lake
16
Collect Anything Dive in Anywhere Flexible Access Future Proof
![Page 16: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/16.jpg)
What is Security Data Lake? Single data store (single source of truth)
Structured and unstructured data
Data is transformed, normalized, and enriched Threat Intelligence feed integration, GeoIP etc.
Data has governance, semantic consistency, and access controls
Store-once / Process-once / Use-multiple Apps, dashboards, data analytics
Cross product search, reporting, visualization
Machine learning, forensics, etc.
17
![Page 17: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/17.jpg)
18
SECURITY LOGS FROM MULTIPLE SOURCE
CLOUD CONNECTORS
LOG CONNECTORS
DATA VALIDATION
DATA NORMALIZATION
DATA AGGREGATION
ML/AI MODELLING
DATA VISUALIZATION
RESTFUL API SERVICES
QUALYS SECURITY DATA LAKE PLATFORM
BEHAVIOR ANALYTICS
THREAT HUNTING
SECURITY ANALYTICS
ORCHESTRATION AUTOMATION
3RD PARTY INTEGRATION
Simplified View
QSC Conference, 2018
AD/LDAP/HRMS
![Page 18: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/18.jpg)
![Page 19: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/19.jpg)
Secure Access Control
![Page 20: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/20.jpg)
Agenda
December 11, 2018 Qualys Security Conference, 2018
What is Secure Access Control Use-cases Capabilities Policy-based orchestration Operationalizing Secure Access Control Mockups
21
![Page 21: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/21.jpg)
Grant access to resources only on a need basis. Block everything else.
Automated asset attribute processing and enforcement without the need for manual action
Limit access (e.g. quarantine) of vulnerable assets
Block vulnerable assets from accessing critical network resources
December 11, 2018 Qualys Security Conference, 2018 22
Use Cases
![Page 22: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/22.jpg)
Use Cases Asset Inventory – Access control using asset inventory attributes
Managed Assets
System Information Hardware
Operating System Services
Network Interfaces Open Ports
Software Inventory Software Lifecycle
Attributes
Unmanaged Assets
ACL
Block
Allow
Assign VLAN
Assign ACL
Quarantine
![Page 23: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/23.jpg)
Use Cases
December 11, 2018 Qualys Security Conference, 2018 24
Vulnerabilities – Quarantine assets if vulnerable
http://windowsupdate.microsoft.com http://*.windowsupdate.microsoft.com https://*.windowsupdate.microsoft.com http://*.update.microsoft.com https://*.update.microsoft.com http://*.windowsupdate.com http://download.windowsupdate.com http://download.microsoft.com http://*.download.windowsupdate.com http://test.stats.update.microsoft.com http://ntservicepack.microsoft.com
Local Data Center LDC-01
Remote Data Center RDC-01
DHCP Server
DNS Server
Employee Laptop
Vulnerability Found
Enterprise
Remote Office
Windows Update Servers
Active Directory
Quarantine
![Page 24: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/24.jpg)
Use Cases
December 11, 2018 Qualys Security Conference, 2018 25
Compliance - Block assets which fail compliance
Managed Assets ACL
Block
Allow
Assign VLAN
Assign ACL
Quarantine
Compliance Controls Mandates
Control Policies
Malware Family
Category Score
Indications of Compromise
File Process Mutex
Network Registry Incidents
Threat Protection
Zero Day Public Exploit
Actively Attacked
High Lateral Movement
High Data Loss DoS
No Patch Exploit Kit
Easy Exploit
File Integrity Action Actor
Target Incidents
![Page 25: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/25.jpg)
6F:1A:5E:2B:4D:3C
December 11, 2018 Qualys Security Conference, 2018
Assets
Ruleset
6F:1A:5E:2B:4D:3C Server.company.com 10.16.154.20
ACL
Security Control
Action Options
Policy-based Orchestration
26
Policy
![Page 26: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/26.jpg)
Trigger 1
![Page 27: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/27.jpg)
![Page 28: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/28.jpg)
![Page 29: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/29.jpg)
![Page 30: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/30.jpg)
![Page 31: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/31.jpg)
View & Define 2
![Page 32: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/32.jpg)
![Page 33: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/33.jpg)
![Page 34: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/34.jpg)
![Page 35: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/35.jpg)
![Page 36: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/36.jpg)
![Page 37: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/37.jpg)
Powerful Together
Unique Value Proposition
Best of Two Worlds
December 11, 2018 Qualys Security Conference, 2018
Out of Band
Switches
Reliable first hand data
Appliance enforces
Low latency for data collection
& enforcement
Multiple enforcement options
Traffic volume agnostic
SAC offers both modes
In-Line
Appliance
38
![Page 38: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/38.jpg)
Breach & Attack Simulation
![Page 39: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/39.jpg)
Problems Limited assessment scope and capabilities
Red Team operations can get expensive, not scalable, and lack completeness across the enterprise
Lack of confidence in the effectiveness of security investments – prevention and detection
Blue Teams struggle to evaluate the impact of new attacks against their existing security controls
December 11, 2018 Qualys Security Conference, 2018 40
![Page 40: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/40.jpg)
Automated simulation
of real-world TTPs
mapped to MITRE
ATT&CK™ framework
December 11, 2018 Qualys Security Conference, 2018
Breach & Attack Simulation
41
![Page 41: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/41.jpg)
Technical Approach
Automated simulation of real-world TTPs
Scale security assessments across the entire enterprise utilizing Qualys Cloud Agent
Real-time insights mapped to MITRE ATT&CK™ framework
Transition towards defense strategies based on offensive techniques
Continuously measure security control drift over time
December 11, 2018 Qualys Security Conference, 2018 42
![Page 42: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/42.jpg)
Centralized command-and-control framework on Cloud Agent
When enabled, agents function as human adversaries
Non-destructive TTPs or live exploits
December 11, 2018 Qualys Security Conference, 2018
Breach & Attack Simulation
43
![Page 43: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/43.jpg)
December 11, 2018 Qualys Security Conference, 2018 44
Use case:
Drupalgeddon2 (CVE-2018-7600)
1. Remote system discovery
2. Exploit Drupal vulnerability to control system
3. Laterally spread using ETERNALBLUE
Breach & Attack Simulation
![Page 44: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/44.jpg)
![Page 45: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/45.jpg)
December 11, 2018 Qualys Security Conference, 2018 46
Use case: Credential Harvesting and Reuse
1. Uploading / running mimikatz
2. Extracting stored credentials
3. Lateral movements
Breach & Attack Simulation
![Page 46: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/46.jpg)
December 11, 2018 Qualys Security Conference, 2018 47
Use case: Credential Harvesting and Reuse
1. Uploading / running mimikatz
2. Extracting stored credentials
3. Lateral movements
Breach & Attack Simulation
![Page 47: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/47.jpg)
![Page 48: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/48.jpg)
Benefits Fully and continuously assess known and emerging TTPs against all applications and operating systems
Red Teams augment manual penetration testing of primary systems with automated testing of secondary and tertiary systems
Empirically measure the effectiveness of security prevention and detection tools
Blue Teams configure current tools to perform better or procure new/replacement tools
December 11, 2018 Qualys Security Conference, 2018 49
![Page 49: First Look Showcase - Qualys€¦ · data validation data normalization data aggregation ml/ai modelling data visualization restful api services qualys security data lake platform](https://reader034.vdocuments.site/reader034/viewer/2022043007/5f959948ee8a3d73d5693fc7/html5/thumbnails/49.jpg)
18QUALYS SECURITY CONFERENCE 2018
First Look Showcase Thank You
Sumedh Thakar [email protected]
Chris Carlson