Presentation is loading. Please wait.

Presentation is loading. Please wait.

Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc.

Similar presentations


Presentation on theme: "Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc."— Presentation transcript:

1 Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc. http://null.co.in/http://nullcon.net/

2 Qualys Basics Founded to automate Vulnerability Assessments Software as a Service (SaaS) with: – Internet based shared scanners – Scanner Appliances for internal scanning – Webportal for data access http://null.co.in/ http://nullcon.net/

3 http://null.co.in/ http://nullcon.net/ VIP 2-factor or Client certificate strong authentication options

4 http://null.co.in/ http://nullcon.net/ VIP 2-factor or Client certificate strong authentication options

5 Qualys Basics Founded to automate Vulnerability Assessments Software as a Service (SaaS) with: – Internet based shared scanners – Scanner Appliances for internal scanning – Webportal for data access 270 employees (140 in Engineering) 5000+ customers http://null.co.in/ http://nullcon.net/

6 6 http://null.co.in/ http://nullcon.net/

7 IDC 2011 Report http://null.co.in/ http://nullcon.net/

8 Frost & Sullivan 2010 Report Frost & Sullivan: Vulnerability Management Market Leadership Report - Nov 2010 http://null.co.in/ http://nullcon.net/

9 Laws of Vulnerabilities 2004 - 3M IPs scanned, 2M vulnerabilities Half-life – 30 days Prevalence – 50 % renewal annually Persistence – unlimited for some Exploitation – 80 % available with 60 days 2009 - 80M IPs scanned, 680M vulnerabilities, 72M+ vulnerabilities of critical severity http://null.co.in/ http://nullcon.net/

10 Laws of Vulnerabilities Half-Life = 29.5 days http://null.co.in/ http://nullcon.net/

11 Laws of Vulnerabilities 2004 - 3M IPs scanned, 2M vulnerabilities Half-life – 30 days Prevalence – 50 % renewal annually Persistence – unlimited for some Exploitation – 80 % available with 60 days 2009 - 80M IPs scanned, 680M vulnerabilities, 72M+ vulnerabilities of critical severity Difference by OS and Application http://null.co.in/ http://nullcon.net/

12 Laws of Vulnerabilities 12 http://null.co.in/ http://nullcon.net/

13 Laws of Vulnerabilities 13 http://null.co.in/ http://nullcon.net/

14 New Services Policy Compliance – Configuration checks Password length, installed SW, access rights – 20 technologies, 2000 controls Web Application Scanning – Web Application Catalog – Batch oriented production scanning http://null.co.in/ http://nullcon.net/

15 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal HoneyNet Research Portal http://null.co.in/ http://nullcon.net/

16 Blind Elephant Web App Fingerprinter Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc http://null.co.in/ http://nullcon.net/

17 Blind Elephant Web App Fingerprinter http://null.co.in/ http://nullcon.net/

18 Blind Elephant Web App Fingerprinter http://null.co.in/ http://nullcon.net/

19 Blind Elephant Web App Fingerprinter Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc Goals: accuracy, speed, low resource usage Results http://null.co.in/ http://nullcon.net/

20 Blind Elephant Web App Fingerprinter 1 Million “.com” domains http://null.co.in/ http://nullcon.net/

21 Blind Elephant Web App Fingerprinter http://null.co.in/ http://nullcon.net/

22 Blind Elephant Web App Fingerprinter http://null.co.in/ http://nullcon.net/

23 Blind Elephant Web App Fingerprinter Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc Goals: accuracy, speed, low resource usage Results Available at: blindelephant.sourceforge.net http://null.co.in/ http://nullcon.net/

24 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection System http://null.co.in/ http://nullcon.net/

25 Neptune Malware Detection System Visit/crawl web site with: – Virtualized Machine – Vulnerable, but instrumented OS – Vulnerable, but instrumented Browser – Configuration VMware Internet Explorer 6 on Windows XP Detours + Custom Hooks Log everything Detect malicious intent early, avoid infection 25 http://null.co.in/ http://nullcon.net/

26 Neptune Malware Detection System Static Detection – Analyze inputs for known exploit patterns, signature based – Pro: efficient and fast, signatures easily updated and shared – Con: false positives, defeated by obfuscation, known threats only Behavioral Detection – Monitor the browser process, check for anomalous activity – Pro: false positives low, immune to obfuscation and detect new threats – Con: success required, false negatives, expensive Reputation and AV checks (pluggable: Google, Trend) 26 http://null.co.in/ http://nullcon.net/

27 Neptune Malware Detection System UI version – Focus on end-user, website owner – Daily scheduled scans, alerts 27 http://null.co.in/ http://nullcon.net/

28 Neptune Malware Detection System UI version – Focus on end-user, website owner – Daily scheduled scans, alerts 28 http://null.co.in/ http://nullcon.net/

29 Neptune Malware Detection System UI version – Focus on end-user, website owner – Daily scheduled scans, alerts API version – Focus on bulk user, integration, research – Single URLs, Maps, or site with crawling 29 http://null.co.in/ http://nullcon.net/

30 Neptune Malware Detection System UI version – Focus on end-user, website owner – Daily scheduled scans, alerts API version – Focus on bulk user, integration, research – Single URLs, Maps, or site with crawling Available: qualys.com/stopmalware Contact: pthomas@qualys.com for API accesspthomas@qualys.com 30 http://null.co.in/ http://nullcon.net/

31 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA http://null.co.in/ http://nullcon.net/

32 BrowserCheck https://browsercheck.qualys.com Security check for Browsers and Plug-ins End user focus, free and easy to use http://null.co.in/ http://nullcon.net/

33 BrowserCheck http://null.co.in/ http://nullcon.net/

34 BrowserCheck https://browsercheck.qualys.com Security check for Browsers and Plug-ins End user focus, free and easy to use 200,000 visits – Jul 2010 / Jan 2011 IE, Firefox, Safari, Chrome, Opera Windows, Mac OS X and Linux http://null.co.in/ http://nullcon.net/

35 BrowserCheck http://null.co.in/ http://nullcon.net/

36 BrowserCheck Stats 36 http://null.co.in/ http://nullcon.net/

37 BrowserCheck Stats http://null.co.in/ http://nullcon.net/

38 BrowserCheck Stats http://null.co.in/ http://nullcon.net/

39 BrowserCheck Stats http://null.co.in/ http://nullcon.net/

40 BrowserCheck Stats http://null.co.in/ http://nullcon.net/

41 BrowserCheck Stats Operating System: –Windows XP – 47 % –Windows 7 – 32 % Browser: –IE 8 – 36 % –Firefox 3.6 – 34 % Plug-in: ? Country: http://null.co.in/ http://nullcon.net/

42 BrowserCheck Stats http://null.co.in/ http://nullcon.net/

43 BrowserCheck Stats http://null.co.in/ http://nullcon.net/

44 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall http://null.co.in/ http://nullcon.net/

45 Ironbee – Web App Firewall Open source effort led by Ivan Ristic – Author of mod_security – WAF technology renewed – Focus on accuracy and usability – WAS and MDS (neptune) integration Available at: www.ironbee.comwww.ironbee.com SSL Labs – SSL usage statistics V2 is coming – http://ssllabs.com http://null.co.in/ http://nullcon.net/

46 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal http://null.co.in/ http://nullcon.net/

47 Dissect – Malware portal Led by Rodrigo Branco - www.kernelhacking.comwww.kernelhacking.com – Team in Brazil, Malware and Vulnerability Research Malware exchange system up and running Malware analysis in alpha – Static analysis – Runtime analysis on virtual and real machines Integration with Neptune MDS coming in Community oriented effort Contact: rbranco@qualys.comrbranco@qualys.com http://null.co.in/ http://nullcon.net/

48 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal HoneyNet Research Portal http://null.co.in/ http://nullcon.net/

49 Honeynet Nemean Networks acquisition University of Wisconsin research team – Paul Barford - http://pages.cs.wisc.edu/~pb/publications.html Honeynet/Signature/IDS system Global Honeynet Effort Centralized Signature generation – open-source Snort/Suricata plug-ins – open-source http://nullcon.net/ http://null.co.in/

50 Contacts Wolfgang Kandek – wkandek@qualys.comwkandek@qualys.com Amit Deshmukh – adeshmukh@qualys.comadeshmukh@qualys.com http://null.co.in/ http://nullcon.net/


Download ppt "Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc."

Similar presentations


Ads by Google