Professional Documents
Culture Documents
VULNERABILITY
MANAGEMENT
Qualys, Inc. Confidential
1
Quick Requests
Breaks are generally every hour
Exam
Qualys VM
Topics Covered
Qualys Software-as-a-Service
Dashboard
Risk Analysis
Scorecards
Trend Reports
Compliance
Reports
Asset
Inventory
Audit trail
Management Team
Vulnerability and
Risk Management
Auditors
IT Remediation Team
Single Solution
Patch Reports
Alerts
Configuration
Reports
Technical Reports
Differential
Reports
Risk Reports by
host
Cloud Asset
QUALYS
PLATFORM
Internal Scanner
Strong Data
Encryption
Firewalls
IDS
TLS communications
External Scanner Pool
Internal
Asset
External
Asset
Qualys User
Corporate Environment
Appliances
support
Vulnerability
Management,
Policy
Compliance,
and
Web
Applica:on
Scanning
5
6.
Verify
2.
Organize
Assets
5.
Remediate
3.
Assess
4.
Report
C O N T I N U O U S S E C U R I T Y
THE KNOWLEDGEBASE
KnowledgeBase
The Central Repository
All QIDs are stored here
9
10
11
12
13
KnowledgeBase
Anatomy of a QID
Disabled vulnerabilities are still scanned for but they are not reported or
ticketed.
14
KnowledgeBase
Editing Vulnerabilities
KnowledgeBase
Search
C O N T I N U O U S S E C U R I T Y
Option Profile
For which vulns are
we scanning?
SEARCH LISTS
18
Manually defined
Benefits
19
Search Lists
Static Saved Searches
20
Search Lists
21
Search Lists
Use Cases
22
23
C O N T I N U O U S S E C U R I T Y
ASSET MAPPING
Mapping Options
1.
DNS Reconnaisiance
-
-
-
-
2.
25
Mapping Configuration
Map
Option Profile
(the how)
Scanner
Appliance
Assets
(the what)
Domains/
Netblocks
Map
Preferences
Asset Groups
26
Mapping Options
27
Mapping Benefits
Shows an overall view of your corporate assets
Map Results
A: Approved
S: Scannable
L: Live
N: Netblock
29
30
31
C O N T I N U O U S S E C U R I T Y
ASSETS
33
Asset Group
Primary mechanism for assigning host access privileges
within the Vulnerability Management application.
Asset groups can be based on:
Device type
Priority or criticality
Geographic location
Ownership (department)
34
(Workstations / Desktops)
(Workstations / Desktops)
(Workstations / Desktops)
CHICAGO
LONDON
TOKYO
35
(Servers)
(Servers)
(Servers)
(Desktops)
(Desktops)
(Desktops)
CHICAGO
LONDON
TOKYO
36
37
Business Risk
Two factors
Security Risk
Business Impact
Business Impact is a configurable
attribute of an Asset Group
Five levels
Titles are freely configurable
For each Business Impact level, a weight is
assigned for each Security Risk
38
(IT Security)
Server
Chicago Branch
TELNET ON
(Scanner)
Network
10.0.30.16/28
01001
?
10.0.30.20
Workstation
10.0.30.16/28
10.0.30.17
10.0.30.19
10.0.30.18
Server
10.0.30.16/28
Server
10.0.30.16/28
TELNET ON
40
Workstation
10.0.30.16/28
41
2.
The AssetView
application
42
43
AssetView
44
Applications Inventory
45
46
Certificates Inventory
47
48
49
C O N T I N U O U S S E C U R I T Y
VULNERABILITY SCANNING
Modules
Information
Operating System
Open Ports
Active Services
Installed Applications
51
Port Scanner Module
OS Detection Module
52
GOAL: Identify LIVE hosts in map results, and eliminate DEAD hosts
from vulnerability scans
53
54
!
!
!
!
!
55
. . . TELNET
23/tcp
. . . HTTP
80/tcp
. . . SNMP
161/udp
Note: Qualys VM can detect more than 600 different services on TCP
and UDP ports. To review these services go to the Help > About Section.
IANA guidelines are used to perform initial test specific to the services port number
Detection by valid protocol negotiation (non-destructive)
OS Detection
Enhanced using additional protocols (e.g. NetBIOS, HTTP, SNMP etc..) when
available
57
Vulnerability Scanning
Host Discovery
- Checks for availability of target hosts. One response from the host indicates the host is "alive"
Port Scanning
- Finds all open TCP and UDP ports on target hosts (based on scan preferences)
Service Discovery
- Identify which services are running on open ports
Vulnerability Assessment
58
Vulnerability Detection
Module launching
- Specific vulnerability modules loaded based on information gathered in previous
phases
Signatures
-
-
-
-
59
Scan Configuration
Scan
Scanner
Appliance
Assets
(the what)
Scan Preferences
Netblocks
Authentication
Asset Groups
Asset Tags
Auth Record
60
Option Profile
Scanning
61
Option Profile
Scanning
Option Profile
Authentication Vaults
Some organizations are reluctant to let their credentials leave the network
64
65
Vulnerability Scan
On Demand
66
Vulnerability Scan
Scheduled
67
68
70
C O N T I N U O U S S E C U R I T Y
REPORTING
Report Configuration
Report
Assets
(the what)
Report Template
Host Based vs
Scan Based Data
Assets
Filtering and
Search Lists
Netblocks
Graphics and
Details
Asset Groups
Asset Tags
72
Qualys Reporting
Makes Map and Scan data readable
Create a report of pertinent data
Raw data is cumbersome
Many Report Types:
Scan Reports
Remediation Reports
Patch Reports
Map Reports
Scorecards
Uses a central repository for users to
store reports for multiple viewers
73
Qualys Reporting
Report Templates
74
Customized Reporting
Data Types
75
Customized Reporting
Display Options
Produces:
This:
76
Customized Reporting
Display Options
Actionable and prioritized list of patches to apply - KB supersede information included, so only
the most relevant patches displayed
Online Format - Provides more interactivity (sorting, filtering)
78
79
Scheduled Reporting
Remediation reports
81
82
83
Subscription Set Up
Report Share
Report Share is a
centralized location for
storing and sharing
reports
When enabled for
subscription,
Managers specify the
maximum amount of
report data that each
user may save
Managers have the
option to enable
secure PDF
distribution of reports
84
Read
Adobe
0 Day
Windows 7
DCOM
Host A
er 9.1
enable
Predictive
Engine
87
Host B
88
C O N T I N U O U S S E C U R I T Y
USER MANAGEMENT
User Management
User Roles & Permissions
Different Roles
Each role has its own permission set
Each user can get extended
permissions
Role Types:
Manager
Unit Manager
Scanner
Reader
Contact
User Management
User Permission Hierarchy
Most privileged
Managers
Subscription Setup
Unit Managers
Management
Scanners
Vulnerability Scans
Network Discovery Maps
Readers
Remediation
Reporting
Least privileged
91
92
Subscription Setup
Security
Set security to
prevent !
unauthorized users !
Set security
options related to
how users access
the system,!
user-defined !
passwords, and !
session time outs!
93
Business Unit
94
Extended Permissions :
Add assets
Create profiles
Purge host information
Create/edit configurations (remediation policy, "
authentication records/vaults, virtual hosts)
Manage compliance, web applications
Manage virtual appliances
Restrictions:
Can only be in one Business Unit
Can only be created if the Business Unit has been established
Limited to Asset Groups defined in their Business Unit
May not have rights to run specific reports via the API
95
96
C O N T I N U O U S S E C U R I T Y
REMEDIATION
Remediation Basics
98
Remediation
Create a new Rule
Assignment
A specific user
Asset Owner
The user who launched "
the scan
Set Deadline for remediation
Ignore - do not create a ticket
99
100
Remediation
101
102
Useful Resources
-
-
-
-
C O N T I N U O U S S E C U R I T Y
Thank YOU!
training@qualys.com
105