To People Who Want To Reduce Their Server Vulnerabilities – but Can’t Get Started

Presented by: Tomomi Imamura & Todd Neidinger

Room: Morgridge Auditorium (1100)

Time: 2:40-3:00 PM

Description:

This presentation talks about the DoIT Data Center’s successful vulnerability reduction using the Qualys Cloud Agent and its integration with the Cherwell CMDB using the Qualys API. In 2018, DoIT technologists deployed the Qualys Cloud Agent to the 900+ servers at the DoIT Data Center, and the agents started continuously gathering vulnerability information along with OS information, open ports, installed software, and other items. We integrated the Qualys API data feed with the Cherwell CMDB where the imported data are cross-referenced with existing server owners and application information. Remediation efforts started taking place as we started sharing the Qualys data using the Cherwell dashboard. The “Urgent” severity level vulnerabilities have been reduced by 70% since the deployment.

The audience will learn about the Qualys Cloud Agent, which is available for campus departments to use (no cost), the challenges and best practices of the agent deployment, and API integration with the CMDB.