Presentation is loading. Please wait.

Presentation is loading. Please wait.

Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc.

Similar presentations


Presentation on theme: "Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc."— Presentation transcript:

1 Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc.

2 Qualys Basics Founded to automate Vulnerability Assessments Software as a Service (SaaS) with: – Internet based shared scanners – Scanner Appliances for internal scanning – Webportal for data access

3 VIP 2-factor or Client certificate strong authentication options

4 VIP 2-factor or Client certificate strong authentication options

5 Qualys Basics Founded to automate Vulnerability Assessments Software as a Service (SaaS) with: – Internet based shared scanners – Scanner Appliances for internal scanning – Webportal for data access 270 employees (140 in Engineering) customers

6 6

7 IDC 2011 Report

8 Frost & Sullivan 2010 Report Frost & Sullivan: Vulnerability Management Market Leadership Report - Nov

9 Laws of Vulnerabilities M IPs scanned, 2M vulnerabilities Half-life – 30 days Prevalence – 50 % renewal annually Persistence – unlimited for some Exploitation – 80 % available with 60 days M IPs scanned, 680M vulnerabilities, 72M+ vulnerabilities of critical severity

10 Laws of Vulnerabilities Half-Life = 29.5 days

11 Laws of Vulnerabilities M IPs scanned, 2M vulnerabilities Half-life – 30 days Prevalence – 50 % renewal annually Persistence – unlimited for some Exploitation – 80 % available with 60 days M IPs scanned, 680M vulnerabilities, 72M+ vulnerabilities of critical severity Difference by OS and Application

12 Laws of Vulnerabilities 12

13 Laws of Vulnerabilities 13

14 New Services Policy Compliance – Configuration checks Password length, installed SW, access rights – 20 technologies, 2000 controls Web Application Scanning – Web Application Catalog – Batch oriented production scanning

15 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal HoneyNet Research Portal

16 Blind Elephant Web App Fingerprinter Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc

17 Blind Elephant Web App Fingerprinter

18 Blind Elephant Web App Fingerprinter

19 Blind Elephant Web App Fingerprinter Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc Goals: accuracy, speed, low resource usage Results

20 Blind Elephant Web App Fingerprinter 1 Million “.com” domains

21 Blind Elephant Web App Fingerprinter

22 Blind Elephant Web App Fingerprinter

23 Blind Elephant Web App Fingerprinter Fingerprint common web applications by analyzing source code Blogs, Forums, Wikis, etc Goals: accuracy, speed, low resource usage Results Available at: blindelephant.sourceforge.net

24 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection System

25 Neptune Malware Detection System Visit/crawl web site with: – Virtualized Machine – Vulnerable, but instrumented OS – Vulnerable, but instrumented Browser – Configuration VMware Internet Explorer 6 on Windows XP Detours + Custom Hooks Log everything Detect malicious intent early, avoid infection 25

26 Neptune Malware Detection System Static Detection – Analyze inputs for known exploit patterns, signature based – Pro: efficient and fast, signatures easily updated and shared – Con: false positives, defeated by obfuscation, known threats only Behavioral Detection – Monitor the browser process, check for anomalous activity – Pro: false positives low, immune to obfuscation and detect new threats – Con: success required, false negatives, expensive Reputation and AV checks (pluggable: Google, Trend) 26

27 Neptune Malware Detection System UI version – Focus on end-user, website owner – Daily scheduled scans, alerts 27

28 Neptune Malware Detection System UI version – Focus on end-user, website owner – Daily scheduled scans, alerts 28

29 Neptune Malware Detection System UI version – Focus on end-user, website owner – Daily scheduled scans, alerts API version – Focus on bulk user, integration, research – Single URLs, Maps, or site with crawling 29

30 Neptune Malware Detection System UI version – Focus on end-user, website owner – Daily scheduled scans, alerts API version – Focus on bulk user, integration, research – Single URLs, Maps, or site with crawling Available: qualys.com/stopmalware Contact: for API 30

31 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA

32 BrowserCheck https://browsercheck.qualys.com Security check for Browsers and Plug-ins End user focus, free and easy to use

33 BrowserCheck

34 BrowserCheck https://browsercheck.qualys.com Security check for Browsers and Plug-ins End user focus, free and easy to use 200,000 visits – Jul 2010 / Jan 2011 IE, Firefox, Safari, Chrome, Opera Windows, Mac OS X and Linux

35 BrowserCheck

36 BrowserCheck Stats 36

37 BrowserCheck Stats

38 BrowserCheck Stats

39 BrowserCheck Stats

40 BrowserCheck Stats

41 BrowserCheck Stats Operating System: –Windows XP – 47 % –Windows 7 – 32 % Browser: –IE 8 – 36 % –Firefox 3.6 – 34 % Plug-in: ? Country:

42 BrowserCheck Stats

43 BrowserCheck Stats

44 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall

45 Ironbee – Web App Firewall Open source effort led by Ivan Ristic – Author of mod_security – WAF technology renewed – Focus on accuracy and usability – WAS and MDS (neptune) integration Available at: SSL Labs – SSL usage statistics V2 is coming –

46 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal

47 Dissect – Malware portal Led by Rodrigo Branco - – Team in Brazil, Malware and Vulnerability Research Malware exchange system up and running Malware analysis in alpha – Static analysis – Runtime analysis on virtual and real machines Integration with Neptune MDS coming in Community oriented effort Contact:

48 New Research Activities Blind Elephant – Web Application Fingerprinter Neptune – Malware Detection Scanner Browsercheck – Light-weight, end-user VA IronBee – Web Application Firewall SSL Labs – World-wide SSL usage statistics Dissect – Malware Exchange/Analysis Portal HoneyNet Research Portal

49 Honeynet Nemean Networks acquisition University of Wisconsin research team – Paul Barford - Honeynet/Signature/IDS system Global Honeynet Effort Centralized Signature generation – open-source Snort/Suricata plug-ins – open-source

50 Contacts Wolfgang Kandek – Amit Deshmukh –


Download ppt "Qualys Vulnerabilities, Statistics and… Malware ? Wolfgang Kandek CTO Qualys, Inc."

Similar presentations


Ads by Google