QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
-
Upload
risk-analysis-consultants-sro -
Category
Business
-
view
584 -
download
0
description
Transcript of QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
![Page 1: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/1.jpg)
QualysGuard® Malware Detection Service – Enterprise Edition
Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
![Page 2: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/2.jpg)
Why MDS?
1
Thousands of sites are infected daily
“Malvertising”- Exploits hidden inside legitimate looking ads
Malware propagates to the visitors of the site
Unknown malware is hard to recognize
Do you know if your site is serving Malware?
![Page 3: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/3.jpg)
MDS Benefits
2
Avoid your site from being blacklisted
0-day defense
Prevents visitors from getting infected
Brand reputation
Protects against a loss of revenue
SaaS - Nothing to install or download
![Page 4: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/4.jpg)
MDS service tiers
3
Free
• Single site •Domain and email address of user must match •5 scans •No scheduled scans, no support
Enterprise Edition Trial
•30 day trial •Up to 20 sites, 1000 pages per site • Sites can be be “unvalidated”- users sign terms and agreement •After 30 days, gets downgraded to Free version
Enterprise Edition
•1000 pages by default •More blocks can be purchased (consult your TAM)
![Page 5: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/5.jpg)
MDS activity
4
You plug in your URL
Qualys Virtual Machine Farm
1. Enter URL 2. We breadth crawl URL (we stay in the
domain) 3. We do both behavioral and static
analysis 4. Qualys will email user if Malware is
found.
![Page 6: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/6.jpg)
MDS Analysis - Static
5
Encoded JavaScript Document.write with obfuscation Web Bugs Vulnerable Control Instantiation Character encoding on inline frames
![Page 7: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/7.jpg)
MDS Analysis - Behavioral
6
Microsoft Windows registry keys being written Rogue processes being started Programs being installed and started Files being written to disk
![Page 8: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/8.jpg)
MDS User Interface
![Page 9: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/9.jpg)
MDS Dashboard
Last Scan
Upcoming Scans
Infected sites Infections
![Page 10: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/10.jpg)
MDS Knowledgebase
![Page 11: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/11.jpg)
Adding Sites - Wizard Upload multiple
sites via CSV Up to 1000 pages Add Asset Tags
![Page 12: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/12.jpg)
Assets
![Page 13: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/13.jpg)
Scanning
View Scan Results View Thread
for each scan
![Page 14: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/14.jpg)
Reporting
![Page 15: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/15.jpg)
Reporting
![Page 16: QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition](https://reader033.fdocuments.net/reader033/viewer/2022050919/546c347bb4af9f8e2c8b507b/html5/thumbnails/16.jpg)
Thank You [email protected]