Qualys Blog

www.qualys.com
wkandek

RSA 2014: Automating the 20 Critical Security Controls

Earlier today I gave a presentation at RSA Conference 2014 in San Francisco about the 20 Critical Security Controls (CSC) and some ideas on how to implement them using QualysGuard. The document for the 20 CSC provides a number of suggestions for each control, called Quick Wins that point out aspects of the controls that are relatively easy to implement. One example is the detection of new machines, or how to report on machines that do not run an approved version of the operating system.

The presentation looks at how QualysGuard data can be used to answer these questions. We show how a script can access the QualysGuard API to pull down data and populate a database in a format that is then easily used to output the relevant reports. In our example we use Splunk as the database, mainly for its ease to treat time-based data, its intuitive query language and built-in reporting, alerting and graphing capabilities.

Attach please find the presentation. I would be very interested in hearing from you, especially if you have used solutions such as Splunk to enhance your reporting.

Attachments

Continuous Monitoring with the 20 Critical Security Controls 4.2 M

3 responses to “RSA 2014: Automating the 20 Critical Security Controls”

  1. Looks good. One of the problems with PDFs by themselves is getting the supporting info with the slides.  granted should have gone to the talk, but additional info is sometimes needed even after going to the talk.

    for instance, can you go into what the various Perl files and functions (?) do on slide 25?

Leave a Reply