vulnerability management detection & response (vmdr)€¦ · normalize inventory data by common...
TRANSCRIPT
![Page 1: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/1.jpg)
QUALYS SECURITY CONFERENCE 2020
Prateek BhajankaVP, Product Management | VMDRQualys, Inc.
Vulnerability Management Detection & Response(VMDR)
![Page 2: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/2.jpg)
“A Vulnerability is only as bad as the Threat exploiting it
and the Impact
on the organization”
Qualys Security Conference2
![Page 3: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/3.jpg)
Challenges with Vulnerability Management
Overwhelming number of vulnerabilities
No Vulnerability to Patch correlation
CVSS and CVE being too skewed
Vulnerability Assessment as a feature
Penetration testing being used Interchangeably with VM
No Single platform
Qualys Security Conference3
![Page 4: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/4.jpg)
CVSS Confession
![Page 5: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/5.jpg)
Vulnerability Management Lifecycle
Vulnerability Management
Threat Risk and Prioritization
Patch Management
Asset Inventory
Do you know what all your assets are and where they are?
Do you know the type and amount of open vulnerabilities?
Can you prioritize remediation based on threat intelligence?How can you deploy patches to close high-
impact vulnerabilities?
![Page 6: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/6.jpg)
PeopleProcess
Tools
![Page 7: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/7.jpg)
WannaCry Timeline and Remediation
0
100
200
300
400
500
600
700
3/14
3/21
3/28
4/44/1
14/1
84/2
55/2 5/9
5/16
5/23
THO
USA
NDS EternalBlue
ExploitWannaCryMS17-010 Patch Release
Authenticated Scan / Agent Detection
New Remote DetectionRemediation from
VM/Patch processes
Flat Remediation
“Emergency”
Patching
![Page 8: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/8.jpg)
One solution to Discover, Assess, Prioritize and Patch critical vulnerabilities
![Page 9: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/9.jpg)
Asset DiscoveryDetect known and unknown assetsWorkflow to add an unmanaged asset as a managed asset
Asset InventoryHardware, operating system, and application inventory for all assets
Asset Normalization and Categorization
Normalize Inventory data by common attributesCategorize by vendor, version, type
![Page 10: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/10.jpg)
Vulnerability ManagementDetect vulnerabilities by QIDCVE-to-QID mappingCVSSv2 and CVSSv3 base scores
Security Configuration AssessmentCIS BenchmarksSecurity-related misconfigurations
![Page 11: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/11.jpg)
PrioritizationUsing real-time threat contextReal-world exploitsProof of ConceptsExploit categorizationExploit severity
Machine Learning
Contextual Awareness
![Page 12: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/12.jpg)
RemediationAutomatically correlate vulnerabilities to patchesEnd-to-end User Interface workflowsFit-for-purpose visualizations and recommendationsOrchestration for remediation
![Page 13: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/13.jpg)
QUALYS SECURITY CONFERENCE 2020
![Page 14: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/14.jpg)
Prioritization Engine –Machine LearningPython and Tensor FlowDataset of 120,000+ Vulnerabilities
132 Vulnerability FeaturesLive Exploits / POCsHistorical Threat PatternsHistorical Vulnerable Software/VendorDark Web and Social Media ReferencesQualys Security ResearchersLearns New Patterns and Intelligence Daily
Qualys Security Conference14
![Page 15: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/15.jpg)
“The more time you spend on activities with low impact,the less time you have for higher impact activities”
Qualys Security Conference15
![Page 16: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/16.jpg)
Qualys Insights
VulnPriority Score
Dark Web & Social Media
Exploits/Threat Feeds
120K + Vulnerabilities
ML Model
![Page 17: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/17.jpg)
Contextual Awareness
Your Network is Unique to You
External Facing AssetsNetwork Reachability / Cloud Security GroupsZero-Trust Networking / BeyondCorpBusiness / Customer ApplicationsData Sensitivity and Data Access GovernanceAsset System Configuration Security Control Validation
Qualys Security Conference17
![Page 18: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/18.jpg)
Asset Summary
Qualys Asset Vuln Priority Score
Asset Exposure
Security Controls
Vuln Priority Score
Correlation Engine
![Page 19: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/19.jpg)
VMDR comes with much more
Unlimited Cloud AgentsUnlimited Container SensorsUnlimited Passive SensorsCertificate InventoryCloud InventoryContainer InventoryMobile Device Inventory
Qualys Security Conference19
Available February 2020
Asset CategorizationAsset NormalizationConfiguration AssessmentCIS BenchmarksContinuous MonitoringPatch Detection and CVE Correlation
![Page 20: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/20.jpg)
VMDRConcept Demo
![Page 21: Vulnerability Management Detection & Response (VMDR)€¦ · Normalize Inventory data by common attributes Categorize by vendor, version, type. Vulnerability Management Detect vulnerabilities](https://reader036.vdocuments.net/reader036/viewer/2022082913/605c2cec021f822bc364b49f/html5/thumbnails/21.jpg)
Industry terms or Acronyms
RBVM - Risk based approach to VMTCVM - Threat Centric Vulnerability Prioritization or ManagementVPT - Vulnerability Prioritization TechnologiesTVM - Threat and Vulnerability ManagementSecurity PostureASM - Attack Surface ManagementPenetration Testing
November 20-21, 2019Qualys Security Conference21