Scribd Logo
Upload

Welcome to Scribd!

  • Qualys Eol Webinar Feb 2021 Presentation

    Uploaded by

    Nurudeen Momodu
    10 views21 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views21 pages

    Qualys Eol Webinar Feb 2021 Presentation

    Uploaded by

    Nurudeen Momodu

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    Getting a Handle on Your EOL

    Software; the Overlooked


    Aspect of Cybersecurity
    Ed Rossi
    Vice President
    Asset Inventory & Discovery
    ➢ Overview
    ▪ EOL Challenges & Examples
    ▪ Qualys Solution

    ➢ Demo
    Agenda ➢ Client Session

    Experiences in managing EOL Assets

    ➢ Q/A
    End of…Sale/Marketing, Life, Service

    • End of Sale/Marketing (EOM) – When a company


    stops selling a product

    • End of Life (EOL) – When a company limits support


    for a product

    • End of Service (EOS) – When a company


    completely stops supporting a product

    Note: Not every vendor uses the same terms or publishes


    every date
    End of Life

    Is the

    Beginning of Life

    For Hackers!

    * IBM Security; Cost of a Data Breach Report 2020


    Use Case: EOS Software is no longer actively
    managed or patched by the vendors
    • Increases the chance that a vulnerability will be identified and
    exploited
    Adobe Flash Trends at a Glance
    (Qualys Customer Summary)

    7 Million Assets with Adobe Flash


    Server
    7%
    Instances Cloud Instance
    Notebooks
    25%
    15%

    35% 29% Virtual


    Machines
    17%
    Desktop
    Impacted Impacted 23%

    Clients Assets

    21%
    Clients with Flash
    on a Server
    Use Case: Running afoul of Regulatory &
    Compliance rules and Security Audits
    Entities must “implement security measures sufficient to reduce risks and vulnerabilities to a
    reasonable and appropriate level."
    - Section 164.308(a)(1)(ii)(B)

    All organizations must "Ensure that all system


    components and software are protected from known
    vulnerabilities by having the latest vendor-supplied
    security patches installed."
    - PCI DSS section 6.1
    Additional Use Cases

    • Harder to support; increases costs


    • Paying for maintenance with no
    benefit
    • Lack of Compatibility
    • Limited Performance & Scalability
    Solution – How to Manage EOL/EOS Software

    Inventory & Identify Visualize Remediate


    Categorize

    Automate
    Challenges – Volume, Velocity, Variance
    High Volume High Variance

    Acquisitions Skype → Microsoft

    Product Communicator → Lync →


    rebranding Skpe for Business → Teams
    Specs HW/OS Apps Config
    “A” means “B” lync.exe = Skype for Business

    MSFT, Microsoft Corporation,


    Changing at High Velocity Name variance
    Microsoft, microsoft corp, …
    Published in different
    EOL Sourcing
    ways/locations by different vendors

    8→1 20 → 1
    Manufacturer Product

    You ‘could’ do this manually…but it would take forever!


    Inventory - Always up-to-date, real-time view
    of your Global IT Assets in a Hybrid IT

    On-Premises Clouds

    NETWORKS

    VMs

    DB

    BARE METAL

    STORAGE

    Mobile OT/IoT Work


    Workforce Stations
    Qualys Global IT Asset Inventory
    Not your ordinary inventory tool.

    Unlimited, continuous Normalization & Detailed asset


    discovery categorization information

    Powerful Advanced asset Dynamic tagging


    search information
    Building a Comprehensive Asset Inventory
    Cloud Agent,
    Mobile Device
    Agent

    Network Scanner

    Cloud Connectors &


    Container Sensors

    Passive Sensor
    Identify - Qualys EOL/EOS Content & Process
    Content Sources Processes
    Continuous Content update via
    Seamless updates via Cloud Based
    Automated Gap fill Process EOL/EOS Platform
    Content

    Proactive Content update via Complex vendor analysis via


    Key Vendor based Research Expert Team of Researchers

    Automated, Scalable Process


    Address Client specific priorities ensures complete coverage
    with a UI based ticket process

    • Software : nearly 1,700 publishers and over 65,000 software releases


    • Hardware : over 100 hardware manufacturers and over 45,000 models
    Visualize - Dashboards

    ▪ Dynamic and customizable


    dashboards
    ▪ Pre-Defined views of
    EOL/EOS data
    Remediate – Update or remove the software

    Qualys Patch Management


    • Update to a supported version A single solution to patch operating
    • When still needed systems (OS) and third-party applications

    • When under maintenance Cloud-based solution that


    …using Qualys Patch Management is easy to deploy and use

    • Uninstall the Software Remote patching for corporate


    and personal devices
    • When completely End of Service
    • When not used Automated correlation of
    vulnerabilities and patches
    Extend your EOL Data Use
    With Qualys CMDB Synch for ServiceNow
    Qualys 2-
    way CMDB
    • Brings in EOL data for use by
    CMDB Users Sync
    • Up-to-date, complete, structured,
    and enriched ServiceNow CMDB

    • Automatically maps to
    Configuration Item (CI) Classes
    Quick Demo
    Client Session
    Thanks for joining us!
    What’s Next?

    Ask your TAM About


    Global Asset Inventory
    and our Enrichment Module

    or email Product Management at:


    erossi@qualys.com

    pquiroga@qualys.com

    You might also like