SlideShare una empresa de Scribd logo
1 de 15
Descargar para leer sin conexión
How to reduce business risks
by implementing VULNERABILITY MANAGEMENT process?

 Edvinas Pranculis MM, CISA, CISM
 Regional Account Manager – Eastern Europe & Central Asia
Agenda


 Risk Management

 Vulnerability Management

 QualysGuard & SaaS Model

 Q&A
Risk Management Process
  How to treat risk?

                       Risk Treatment Techniques


                           Risk Transference

                           Risk Acceptance / Tolerance

                           Risk Mitigation / Reduction

                           Risk Avoidance

                           Risk Containment
* AS/NZS 4360:2004
Defining Risk & Risk Mitigation
What is most effective way to reduce risk?

                                   Risk Mitigation Techniques


                                                     Reduce Threats




                                     EFFECTIVENESS
                                                     Reduce Vulnerabilities

                                                     Reduce Asset Value

                                                     Detect

                                                     Recover
Level of Risk = f (BI, LoT, LoV)
Need for Vulnerability Management

  Vulnerabilities on                        Sources of Vulnerabilities
  network are GOLD to
  cyber criminals:                              Programming errors
                                                Unintentional mistakes
– Provide unauthorized entry to                 Intentional malware software
  networks                                      Improper system configurations
– Can expose confidential information,          Remote users sidestepping
  fuel stolen identities, violate privacy       perimeter security
  laws, or paralyze operations                  Rising attacks through viewing
– Exposure is extreme for networks              popular websites
  with vulnerable devices connected             Flaws in algorithms
  by IP                                         etc.
Key to Security?
Fixing problems before bad guys find them…

                              Hacking Linux Exposed



                               “… the countermeasure that will
                               protect you, should a hacker scan
                               your machines with a scanner, is to
                               scan your own systems first.

                               Make sure to address any problems
                               and then a scan by a hacker will
                               give him no edge…”
Security + Compliance
Lifecycle Workflow




Under this new paradigm, a system is deemed out of compliance if it is:

  Vulnerable to attacks
  Improperly configured
  In violation of internal policies or external regulations
Security + Compliance
Delivered as a Service




       Bringing Security and Compliance Audits in a Single Solution,
                          Operationalising it and
                         Delivering it as a Service

       NO SOFTWARE TO INSTALL AND MAINTAIN
Reporting
Communicate and consult




                                              And Delivering it as a Service




        The Security + Compliance Conundrum


  Leveraging CobIT, ISO, ITIL and NIST Security & Compliance Frameworks
QualysGuard Global Infrastructure
Security + Compliance




                                                           End to End Security


Annual Volume of Scans: 500+ millions IP audit scans with 7,000 scanner appliances in over 85 countries
The world's largest VM enterprise deployment at a Forbes Global 50 with 220+ scanner appliances
deployed in 52 countries scanning ~700 000 IPs
QualysGuard Adoption
by Industry Verticals                                     Page 2 of 2

      Media        Energy/Utilities   Consumer Products     Health Care




  Manufacturing    Education            Transportation     Government
QualysGuard Adoption
by Industry Verticals                                          Page 1 of 2


     Insurance       Financial Services   Financial Services     Chemical




  Portals/Internet        Retail            Technology           Consulting
Qualys Strategic Partners
Global Partner Network



        Media
Benefits of Vulnerability Management


   Vulnerability management gives you control and
   visibility to manage your networks security
   effectively and document compliance

   Vulnerability management is PROACTIVE approach
   to security
Q&A




                 Thank You
                  epranculis@qualys.com

 Please visit www.qualys.com for a 14-day FREE trial
         - NO SOFTWARE TO INSTALL OR MAINTAIN -

Más contenido relacionado

Más de Agora Group

Microservicii reutilizabile in arhitecturi bazate pe procese
Microservicii reutilizabile in arhitecturi bazate pe proceseMicroservicii reutilizabile in arhitecturi bazate pe procese
Microservicii reutilizabile in arhitecturi bazate pe proceseAgora Group
 
The role of BPM in Paradigms Shift
The role of BPM in Paradigms ShiftThe role of BPM in Paradigms Shift
The role of BPM in Paradigms ShiftAgora Group
 
Prezentare Ensight_BPM-20171004
Prezentare Ensight_BPM-20171004Prezentare Ensight_BPM-20171004
Prezentare Ensight_BPM-20171004Agora Group
 
Curs Digital Forensics
Curs Digital ForensicsCurs Digital Forensics
Curs Digital ForensicsAgora Group
 
Speed Dialing the Enterprise
Speed Dialing the EnterpriseSpeed Dialing the Enterprise
Speed Dialing the EnterpriseAgora Group
 
Arhitectura proceselor în Sistemul Informațional de Sănătate
Arhitectura proceselor în Sistemul Informațional de SănătateArhitectura proceselor în Sistemul Informațional de Sănătate
Arhitectura proceselor în Sistemul Informațional de SănătateAgora Group
 
IBM’s Smarter Process Reinvent Business
IBM’s Smarter Process Reinvent BusinessIBM’s Smarter Process Reinvent Business
IBM’s Smarter Process Reinvent BusinessAgora Group
 
eHealth 2014_Radu Dop
eHealth 2014_Radu DopeHealth 2014_Radu Dop
eHealth 2014_Radu DopAgora Group
 
Importanța registrelor pentru pacienți
Importanța registrelor pentru paciențiImportanța registrelor pentru pacienți
Importanța registrelor pentru paciențiAgora Group
 
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...Agora Group
 
Perspective naționale și internaționale ale informaticii și standardelor medi...
Perspective naționale și internaționale ale informaticii și standardelor medi...Perspective naționale și internaționale ale informaticii și standardelor medi...
Perspective naționale și internaționale ale informaticii și standardelor medi...Agora Group
 
UTI_Dosarul electronic de sanatate
UTI_Dosarul electronic de sanatateUTI_Dosarul electronic de sanatate
UTI_Dosarul electronic de sanatateAgora Group
 
Class IT - Enemy inside the wire
Class IT - Enemy inside the wireClass IT - Enemy inside the wire
Class IT - Enemy inside the wireAgora Group
 
Infologica - auditarea aplicatiilor mobile
Infologica - auditarea aplicatiilor mobileInfologica - auditarea aplicatiilor mobile
Infologica - auditarea aplicatiilor mobileAgora Group
 
Agora Securitate yugo neumorni
Agora Securitate yugo neumorniAgora Securitate yugo neumorni
Agora Securitate yugo neumorniAgora Group
 
Security threats in the LAN
Security threats in the LANSecurity threats in the LAN
Security threats in the LANAgora Group
 
Raportul Cisco de securitate pentru anul 2014
Raportul Cisco de securitate pentru anul 2014Raportul Cisco de securitate pentru anul 2014
Raportul Cisco de securitate pentru anul 2014Agora Group
 
Sprint backlog specified by example
Sprint backlog specified by exampleSprint backlog specified by example
Sprint backlog specified by exampleAgora Group
 

Más de Agora Group (20)

Microservicii reutilizabile in arhitecturi bazate pe procese
Microservicii reutilizabile in arhitecturi bazate pe proceseMicroservicii reutilizabile in arhitecturi bazate pe procese
Microservicii reutilizabile in arhitecturi bazate pe procese
 
The role of BPM in Paradigms Shift
The role of BPM in Paradigms ShiftThe role of BPM in Paradigms Shift
The role of BPM in Paradigms Shift
 
Prezentare Ensight_BPM-20171004
Prezentare Ensight_BPM-20171004Prezentare Ensight_BPM-20171004
Prezentare Ensight_BPM-20171004
 
Curs OSINT
Curs OSINTCurs OSINT
Curs OSINT
 
Curs Digital Forensics
Curs Digital ForensicsCurs Digital Forensics
Curs Digital Forensics
 
Speed Dialing the Enterprise
Speed Dialing the EnterpriseSpeed Dialing the Enterprise
Speed Dialing the Enterprise
 
ABPMP Romania
ABPMP RomaniaABPMP Romania
ABPMP Romania
 
Arhitectura proceselor în Sistemul Informațional de Sănătate
Arhitectura proceselor în Sistemul Informațional de SănătateArhitectura proceselor în Sistemul Informațional de Sănătate
Arhitectura proceselor în Sistemul Informațional de Sănătate
 
IBM’s Smarter Process Reinvent Business
IBM’s Smarter Process Reinvent BusinessIBM’s Smarter Process Reinvent Business
IBM’s Smarter Process Reinvent Business
 
eHealth 2014_Radu Dop
eHealth 2014_Radu DopeHealth 2014_Radu Dop
eHealth 2014_Radu Dop
 
Importanța registrelor pentru pacienți
Importanța registrelor pentru paciențiImportanța registrelor pentru pacienți
Importanța registrelor pentru pacienți
 
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
 
Perspective naționale și internaționale ale informaticii și standardelor medi...
Perspective naționale și internaționale ale informaticii și standardelor medi...Perspective naționale și internaționale ale informaticii și standardelor medi...
Perspective naționale și internaționale ale informaticii și standardelor medi...
 
UTI_Dosarul electronic de sanatate
UTI_Dosarul electronic de sanatateUTI_Dosarul electronic de sanatate
UTI_Dosarul electronic de sanatate
 
Class IT - Enemy inside the wire
Class IT - Enemy inside the wireClass IT - Enemy inside the wire
Class IT - Enemy inside the wire
 
Infologica - auditarea aplicatiilor mobile
Infologica - auditarea aplicatiilor mobileInfologica - auditarea aplicatiilor mobile
Infologica - auditarea aplicatiilor mobile
 
Agora Securitate yugo neumorni
Agora Securitate yugo neumorniAgora Securitate yugo neumorni
Agora Securitate yugo neumorni
 
Security threats in the LAN
Security threats in the LANSecurity threats in the LAN
Security threats in the LAN
 
Raportul Cisco de securitate pentru anul 2014
Raportul Cisco de securitate pentru anul 2014Raportul Cisco de securitate pentru anul 2014
Raportul Cisco de securitate pentru anul 2014
 
Sprint backlog specified by example
Sprint backlog specified by exampleSprint backlog specified by example
Sprint backlog specified by example
 

Qualis how+to+reduce+business+risks+by+implementing+vulnerability+management+process+~20100413

  • 1. How to reduce business risks by implementing VULNERABILITY MANAGEMENT process? Edvinas Pranculis MM, CISA, CISM Regional Account Manager – Eastern Europe & Central Asia
  • 2. Agenda Risk Management Vulnerability Management QualysGuard & SaaS Model Q&A
  • 3. Risk Management Process How to treat risk? Risk Treatment Techniques Risk Transference Risk Acceptance / Tolerance Risk Mitigation / Reduction Risk Avoidance Risk Containment * AS/NZS 4360:2004
  • 4. Defining Risk & Risk Mitigation What is most effective way to reduce risk? Risk Mitigation Techniques Reduce Threats EFFECTIVENESS Reduce Vulnerabilities Reduce Asset Value Detect Recover Level of Risk = f (BI, LoT, LoV)
  • 5. Need for Vulnerability Management Vulnerabilities on Sources of Vulnerabilities network are GOLD to cyber criminals: Programming errors Unintentional mistakes – Provide unauthorized entry to Intentional malware software networks Improper system configurations – Can expose confidential information, Remote users sidestepping fuel stolen identities, violate privacy perimeter security laws, or paralyze operations Rising attacks through viewing – Exposure is extreme for networks popular websites with vulnerable devices connected Flaws in algorithms by IP etc.
  • 6. Key to Security? Fixing problems before bad guys find them… Hacking Linux Exposed “… the countermeasure that will protect you, should a hacker scan your machines with a scanner, is to scan your own systems first. Make sure to address any problems and then a scan by a hacker will give him no edge…”
  • 7. Security + Compliance Lifecycle Workflow Under this new paradigm, a system is deemed out of compliance if it is: Vulnerable to attacks Improperly configured In violation of internal policies or external regulations
  • 8. Security + Compliance Delivered as a Service Bringing Security and Compliance Audits in a Single Solution, Operationalising it and Delivering it as a Service NO SOFTWARE TO INSTALL AND MAINTAIN
  • 9. Reporting Communicate and consult And Delivering it as a Service The Security + Compliance Conundrum Leveraging CobIT, ISO, ITIL and NIST Security & Compliance Frameworks
  • 10. QualysGuard Global Infrastructure Security + Compliance End to End Security Annual Volume of Scans: 500+ millions IP audit scans with 7,000 scanner appliances in over 85 countries The world's largest VM enterprise deployment at a Forbes Global 50 with 220+ scanner appliances deployed in 52 countries scanning ~700 000 IPs
  • 11. QualysGuard Adoption by Industry Verticals Page 2 of 2 Media Energy/Utilities Consumer Products Health Care Manufacturing Education Transportation Government
  • 12. QualysGuard Adoption by Industry Verticals Page 1 of 2 Insurance Financial Services Financial Services Chemical Portals/Internet Retail Technology Consulting
  • 13. Qualys Strategic Partners Global Partner Network Media
  • 14. Benefits of Vulnerability Management Vulnerability management gives you control and visibility to manage your networks security effectively and document compliance Vulnerability management is PROACTIVE approach to security
  • 15. Q&A Thank You epranculis@qualys.com Please visit www.qualys.com for a 14-day FREE trial - NO SOFTWARE TO INSTALL OR MAINTAIN -