Giuseppe Brizio of Qualys Technologies SA: Integrated vertical solutions enable detailed analysis of the attack surface

Global Security Mag: What will you show during Assises de la Sécurité?

Giuseppe Brizio: This year we will prioritize Qualys patch management Help IT and security teams quickly and effectively fix vulnerabilities and apply patches to the system.

For example, the new automation can prioritize vulnerabilities based on threat indicators such as ransomware. This automation matches priority vulnerabilities with known fixes. According to a predefined strategy, use the “set and forget” function without any intervention, and proactively apply these fixes to devices and applications. The company can then create a strategy to always correct the Adobe Reader software on all employees’ laptops.

You can test this service for free in the following ways Qualys patch management

CSAM: Cybersecurity asset management is an all-in-one solution that uses the powerful functions of the Qualys cloud platform and its many native sensors, as well as CMBD synchronization to continuously inventory known and unknown assets, discover installed applications, and cover business and Risk-related context to define the critical level of the asset. Finally, the CSAM application provides various response options, including threats and software removal alerts, as well as reports on compliance, including FedRAMP and PCI-DSS regulations.

with CSAM, The company can:

Create a complete and up-to-date asset inventory (free Global AssetView app)

Sync with CMDB database and assign risk profile

Detect and track security vulnerabilities

Alerting, reporting, and response-alert the security team immediately when the condition of the asset is affected to avoid potential compliance issues.

Watch the CSA video

Blog post about CSAM

GS Mag: What is the theme of your meeting this year?

Giuseppe Brizio: We decided to hold two seminars on ServiceNow and user experience evaluation.

Wednesday, October 13-3:00 pm-3:45 pm

Qualys / ServiceNow Joint Seminar: Customer Experience Feedback

The purpose of this seminar is to discuss with project managers of Qualys / ServiceNow customers. We will introduce in detail the implementation of ServiceNow vulnerability response, how we industrialized the Qualys vulnerability report and CERT report on the processing of faulty software. This seminar will allow you to understand the necessary steps before going into production. How are requirements determined and formalized? How is the implementation? The importance of repositories for understanding the needs of different industries.

Thursday, October 14th, 10 am-10.45 am

Joint ServiceNow / Qualys seminar: customer experience feedback

Use Qualys to simplify the analysis of multi-source reports in ServiceNow. Feedback from the CISO of a mutual insurance company-MAIF. We will show the combined results of using ServiceNow and Qualys. The customer uses Qualys for vulnerability identification services and ServiceNow for subsequent repairs of reports. After two years of operation, he will re-examine the successes and pitfalls to avoid through this implementation and practical advice, and provide practical advice for those who are considering the same benefits in terms of visibility and efficiency.

GS Mag: What are the main threats you can identify in 2021?

Giuseppe Brizio: The proliferation and complexity of ransomware is characteristic of 2021, and its number (an increase of 485% in 2020 compared to 2019) and demand (on average from USD 84,000 in 2019 to USD 233,000 in 2020) have grown steadily . Cyber ​​attackers no longer operate in isolation, but work together to organize themselves into a veritable cybercrime group. When analyzing ransomware, people will notice the sharing of the same code and the ability of certain groups to cooperate rather than compete. In the case of more sophisticated attacks affecting the supply chain (Solarwinds, Kaseya), they sometimes benefit from state financial support.

At the same time, the company is also facing a large number of small attackers who use ransomware toolkits that exist on the dark web, which are provided in the form of RaaS (ransomware as a service).

Therefore, they target companies with low ransom requirements and take advantage of the number of victims.

In addition to the ransom for the decryption key, criminals also blackmail the leaked data by threatening to release sensitive data; finally, the last trend is to analyze the data so that it can be used for fraudulent purposes.

In addition, the convergence of IT (Information Technology) and OT (Operational Technology) positions hacking of connected objects as a major problem, which can have a very significant impact on the physical world, just like colonial pipelines.

GS Mag: What about the company’s needs?

Giuseppe Brizio: With the Covid-19 pandemic, cloud and remote office have become the norm, leading to the “cloudification” of IS resources and human resources. However, remote work certainly provides more flexibility and productivity, but it also involves a lot of risks.

The boundary to be protected is no longer just the company, because endpoints need to be protected on a large scale.

The need for visibility of assets in an increasingly complex hybrid IT environment, the prevention and repair of vulnerabilities, and the ability to ultimately detect and respond to cyber attacks are becoming increasingly complex challenges and indispensable requirements for companies.

GS Mag: How will your strategy develop to solve these problems?

Giuseppe Brizio: Listening to the market and our customers, the most common message we hear is “We have too many solutions, too much complexity, and we hope to integrate and simplify the landscape of security and compliance solutions in order to More efficient, faster and more agile”.

It is this observation that defines Qualys’ vision and strategy as a pioneer publisher of cybersecurity in the cloud that provides SaaS services. Qualys’ goal is to help integrate vertical solutions into a single platform that can act and operate in all hybrid IT environments. Our goal is to help cybersecurity participants simplify and improve the deployment and management of security and compliance while reducing costs. Qualys solutions can cover all network security and compliance requirements in terms of visibility, prevention/remediation, and detection and response, enabling it to meet the growing network challenges in the digital age.

GS Mag: With the pandemic, telecommuting and its security have become vital today. How do you integrate these principles into your business and products?

Giuseppe Brizio: the solution quality Continue its development in the field of detection and response.Since last May, the solution Qualys multi-vector EDR Combine proactive anti-malware technology with real-time detection and response cloud resources to comprehensively protect endpoints from the latest malicious threats such as ransomware. Current EDR/EPP solutions focus on malicious activities, while risk mitigation solutions focus on vulnerability and patch management. This approach does not provide a complete picture of the environment, attack surface, and vulnerabilities that cybercriminals can exploit. These solutions alone cannot solve the root cause of most cyber attacks, that is, unpatched vulnerabilities. Qualys eliminates these pitfalls by combining risk mitigation and threat detection and response in a single solution.

GS Mag: What advice do you have in this regard, more generally to limit risk?

Giuseppe Brizio: Prerequisites for an effective cybersecurity plan and precise, complete and continuous visibility of equipment. Knowing that we cannot protect what we can’t see or don’t know, we must always ensure visibility in real time to analyze and protect the real target attack surface from criminals.

Identifying vulnerabilities (including omissions or incorrect configurations), understanding the threat-related exploit possibilities, and the business importance of related equipment are essential for a method based on risk analysis and priority of remedial measures.

Reducing the repair time (the time period during which vulnerabilities can be exploited) is critical; it is necessary to ensure rapid, efficient and most importantly automated patch management policies. Cyber ​​insurance provides EDR as a prerequisite, and there are also problems with patch management policies to facilitate underwriting with insurance companies and rating agencies.

GS Mag: Finally, what message do you want to send to RSSI?

Giuseppe Brizio: Combining vertical solutions with solutions that can cover all cyber security and compliance requirements in a holistic and integrated manner can improve operational efficiency by avoiding coordination of different solutions. It can also conduct a comprehensive analysis of the attack surface, speed up execution time to protect it, and respond to cyber attacks while reducing deployment and management costs.

If you have any questions, please contact us at [email protected]