3. Rapid
EvoluEon
of
Corporate
Networks
and
of
the
Threat
Landscape
Our
Challenge…
Build
Security
Into
this
New
Infrastructure
and
Make
it
Invisible
Corporate
Networks
Private Clouds
Internet
SaaS
PaaS/IaaS
Attack
Kits
Targeted
Attacks Social
Networking
Zero Days
Mobile
Threats
Phishing
QualysGuard
4. Changes
ResulEng
from
this
EvoluEon
Your
perimeter
is
your
business
Walmart
UK
eCommerce
Grew
18%
in
20131
Global
eCommerce
grew
from
$10B
to
$13B
in
2013
The
Internet
is
a
dangerous
place
to
do
business
$11.5M
avg.
annualized
organizaEonal
cost,
up
26%
from
20122
£27B
annual
cost
to
the
UK
economy
in
2011
BeAer
monitoring
reduces
the
risk
and
cost
OrganizaEons
efficient
at
detecEon
saved
nearly
$4
million
per
year3
4
1
–
internetRetailer,
2
–
InfoSec
InsEtute,
3
–
Ponemon
InsEtute
5. What
is
Needed
to
Drive
Security?
5
Your
security
team
should
have
tools
at
least
as
good
as
your
aAackers.
Con2nuous
Assessment
Comprehensive
Analysis
Timely
Ac2on
6. TradiEonal
Approach
..
§ Periodic
Scanning
§ Review
and
act
based
on
staEc
reports
§ Sort/prioriEze
through
heaps
of
data
Then
wait
unEl
the
next
Eme
you
scan
and
repeat
the
enEre
process
again
and
again
–
simply
doesn’t
Scale
Leaving
plenty
of
Eme
for
hackers
...
1.
Scan 2.
Report
3.
Repeat
7. 7
1+
Billion
Scans
Per
Year
Installed
Sohware
VulnerabiliEes
Open
Ports
SSL
CerEficates
far
more
than
just
vulnerability
data.
Web
App
Bugs
Malware
Compliance
and
ConfiguraEon
Web
ApplicaEon
Firewall
Events
9. How
ConEnuous
Monitoring
Works
Leverage
Exis2ng
Scans
Nothing
new
required
–
just
scan
as
normal
Leverage
Qualys’
global
cloud
infrastructure
scale
as
needed
Define
Your
Needs
Whitelists
and
blacklists
of
ports,
OSes,
cerEficate
providers,
etc.
Important
changes
–
new
hosts
added,
cerEficates
nearing
expiraEon,
etc.
Inform
Via
Alerts
Distribute
email
alerts
to
any
users
or
systems
that
need
to
know
Alerts
sent
as
ohen
as
every
5
minutes
or
grouped
every
day/week
9
14. Why
is
ConEnuous
Monitoring
Unique?
Truly
Con2nuous
Monitoring
Scan
as
ohen
as
needed
with
only
a
browser
required
No
addiEonal
costs
for
taps,
span
ports,
or
addiEonal
infrastructure
Automated
Analysis
Define
how
your
business
works;
the
system
with
then
find
vulnerabiliEes,
misconfiguraEons,
and
process
problems
automaEcally.
Alerts
Drive
Ac2on
Timely
and
targeted
alerts
to
ensure
you’re
informed
and
protected
14
15. What
Makes
Qualys
Unique
15
Cloud
Based
Architecture
Easy
to
Use
–
Easy
to
Deploy
High
Accuracy
–
No
Hidden
Costs
Large
and
Growing
Community
New
Services
in
the
Making
A
highly
scalable
Pla>orm
that
allows
Qualys
to
maintain
significant
investments
in
infrastructure
and
engineering,
delivering
lower
TCO
and
the
best
customer
sa2sfac2on