global it asset management · qualys security conference mumbai, india global it asset management...
TRANSCRIPT
Qualys Security Conference Mumbai, India
Global IT Asset Management
Siva MandalamVP, Product Management, Qualys, Inc.
Why Asset Management?
May 8, 2019Qualys Security Conference 20192
Multiple Regulations and Standards
PCI-DSS2.4 Maintain an inventory of system components that are in scope for PCI DSS
RBI CybersecurityInventory Management of Business IT Assets, Prevent execution of unauthorized S/W
ISO 27001 Inventory of assets (clause A.8.1.1)
GDPRFull hardware and software inventory, including license information for audit data
Challenges with IT Asset Management
May 8, 2019Qualys Security Conference 20193
VISIBILITYPOINT
SOLUTIONSNO BUSINESS
CONTEXT
ACROSS CAMPUS /DC/BRANCH/
CLOUD
NO ACTIONABLE
INSIGHTSINACCURATE
INFORMATION
Qualys Unified IT-IoT-OT Visibility, Analytics and Control Solutions
May 8, 2019Qualys Security Conference 20194
Agentless| Agent | Passive | API
Analytics
Vulnerability Detection
Policy Detection
Threat Quantification
ControlRemove Unauthorized
Devices
Policy based Automation
Orchestration
Visibility
Managed and Unmanaged Devices
Hardware, Software, Applications and Traffic
Qualys Asset Inventory
Real-time Inventory
Source of truth for IT and Security teams
Introducing
Structured and complete context
Benefits
2-second Visibility
Business contextual Inventory
Uniform, accurate information
IT Cost reduction
How is it done?
Physical ScannerVirtual ScannerCloud Scanner
Cloud AgentPassive SensorAPI
Qualys SensorsScalable, Self-updating & Centrally Managed
OS/HW/SWMfg./owner/productMarket version
EoL/EoSLicense typeVulnerability/PC
Asset Inventory in Qualys CloudCategorization, Normalization, Enrichment
Case Study: Large Bank helps Stay Compliant with Qualys AI
May 8, 2019Qualys Security Conference 20198
“We have regulatory compliance needs that require us to monitor unauthorized software, current versions of DB software, EoL/EoSsoftware to ensure that we are in compliance “
Chief Information Officer
SolutionAI Dashboards | Software Inventory | Lifecycle Context
UnauthorizedSoftware
Challenges
Database Versions
Software Market Version
Software Lifecycle (EoL/EoS)
Database Server
Unauthorized Software
Case Study: Large Accounting Firm uses Qualys AI for Unified Inventory
May 8, 2019Qualys Security Conference 20199
SolutionAI Dashboards | Asset Category Priority | CMDB Synch.
“Single unified inventory management for global assets across 4000 employees and distributed offices are required for us to drive optimizations in internal processes, including vulnerability prioritization, patching/remediation, service desk etc.“
Security Manager
Unified Inventory
Challenges
Prioritize security needs
Service Desk Optimization
Case Study: Global Technology Leader uses Qualys AI to Determine Unmanaged Devices
May 8, 2019Qualys Security Conference 201910
SolutionAI Dashboards | Unmgd. Devices View | Traffic Stats
Unified Inventory
Challenges
Unmanaged Devices Visibility
Unmanaged Devices Control
"We’ve not been able to understand our devices in its entirety. Qualys AI solution with complete context for devices are excellent way to understand devices, security threats and prioritize actions "
Security Manager
Complete and clean data to your CMDB
Certified ServiceNow App Syncs asset data in both directions.
DEMO
Qualys sensors for complete, detailed asset telemetryStructuring your inventory (normalization and taxonomy)
Enriching your inventory (e.g. lifecycle) Blind spots? (showcase passive discovery)
First Phase (Q2/Q3-2019)IT asset discovery and profilingApplication recognition and usage
Next (Q4/Q1-2019/20)Asset discovery and profiling
• SCADA• Medical Devices
Multi-function Passive Sensor
Future use casesHighlight asset relationshipTraffic anomaly & Network IOCSmart whitelisting (policies within Secure Access Control)
…
(Beta Now!)
Secure Access Control
Use CasesAsset Inventory – Access control using asset inventory attributes
Managed Assets
System InformationHardware
Operating SystemServices
Network InterfacesOpen Ports
Software InventorySoftware Lifecycle
Secure Zones/subnets
Attributes
Unmanaged Assets
ACL
Block
Allow
Assign VLAN
Assign ACL
Quarantine
Use Cases
8 May 2019Qualys Security Conference, 201816
Vulnerabilities – Quarantine assets if vulnerable
http://windowsupdate.microsoft.comhttp://*.windowsupdate.microsoft.comhttps://*.windowsupdate.microsoft.comhttp://*.update.microsoft.comhttps://*.update.microsoft.comhttp://*.windowsupdate.comhttp://download.windowsupdate.comhttp://download.microsoft.comhttp://*.download.windowsupdate.comhttp://test.stats.update.microsoft.comhttp://ntservicepack.microsoft.com
Local Data Center LDC-01 Remote Data Center RDC-01
DHCPServer
DNSServer
Employee Laptop
Vulnerability Found
Enterprise
Remote Office
Windows Update Servers
Active Directory
Quarantine
Use Cases
8 May 2019Qualys Security Conference, 201817
Compliance - Block assets which fail compliance
Managed Assets ACL
Block
Allow
Assign VLAN
Assign ACL
Quarantine
ComplianceControls Mandates
Control Policies
MalwareFamily
CategoryScore
Indications of Compromise
File ProcessMutex
NetworkRegistryIncidents
Threat Protection
Zero DayPublic ExploitActively Attacked
High Lateral Movement
High Data LossDoS
No PatchExploit Kit
Easy Exploit
File Integrity ActionActor
TargetIncidents