Case 4:18-cv-07229-YGR Document 143-3 Filed 11/13/20 Page 1 of 5
`Case 4:18-cv-07229—YGR Document 143-3 Filed 11/13/20 Page 1 of 5
`
`EXHIBIT B
`
`EXHIBIT B
`
`

`

`Case 4:18-cv-07229-YGR Document 143-3 Filed 11/13/20 Page 2 of 5
`Case 4:18-cv-07229—YGR Document 143-3 Filed 11/13/20 Page 2 of 5
`
`@ Qualys.
`
`VM
`
`Vulnerability Management
`
`Continuously detect and protect against attacks,
`
`anytime, anywhere.
`
`Qualys VM is a cloud—based service that
`
`gives you immediate, global visibility into
`
`where your IT systems might be vulnerable
`to the latest Internet threats and how to
`
`protect them. It helps you to continuously
`
`identify threats and monitor unexpected
`
`changes in your network before they turn
`into breaches.
`
`Built on the world's leading cloud—based security and
`compliance platform, Qualys VM frees you from the substantial
`cost, resource and deployment issues associated with
`traditional software products. Known for its fast deployment,
`unparalleled accuracy and scalability, as well as its rich
`integration with other enterprise systems, Qualys VM is relied
`upon by thousands of organizations throughout the world.
`
`@ Oualys
`Vulnerability Scorecard Report
`Vulnerability Soorecard Report_sysiem_PO‘dispiayedAll
`Source Husmess um
`Dimming Syuam Al
`
`Results
`Vulnerability Distribution by Severily Level
`
`I Levelfi 37.210 65’;
`ILEVEH 68,268 35%
`ILavel} 47.317 2154
`lLevelZ 17,768 18‘;
`I Level 1
`2113
`5‘2
`
`Vulnerability Distribution by type
`
`I Can! mied
`I Poleuliil
`
`Assn mum
`
`run
`m 514me
`«swam:
`Winmm Swinim
`
`Winn-hmI».
`angina by lenu
`"mo Luci 5 unit Lwl! a uni 2 unit Cuifimld Milli-l
`7:
`Us:
`law
`was
`we:
`was
`ms
`777
`23
`H25
`1232
`Hz:
`iizs
`"25
`5299
`an
`if:
`m
`52
`w w an
`1016
`as
`
`i
`,
`
`aux weichlhanl)
`Emu
`
`i
`i
`
`o
`D
`
`u
`D
`
`o
`o
`
`a
`a
`
`o
`o
`
`257
`u
`
`is
`2
`
`Hosts wMiin
`mm 5.1.!
`Tab!
`'5.
`n:
`w».
`
`in
`771
`2n:
`56
`
`15
`2
`
`Win-mm
`m wiv- Find
`in:
`an
`so
`so
`no
`so
`an
`an
`
`an
`
`2383
`
`
`
`Key Features
`
`Agent—based detection
`
`Constant monitoring and alerts
`
`in addition to our scanners, VM also works with the groundbreaking
`Qualys Cloud Agents, extending its network coverage to assets that
`can’t be scanned. The lightweight, all-purpose, self-updating agents
`reside on the assets they monitor— no scan windows, credentials, or
`firewall changes needed. Vulnerabilities are found faster, and network
`impact is minimal.
`
`When \I'M is paired with Continuous Monitoring (CM), infoSec teams
`are proactively alerted about potential threats so problems can be
`tackled before turning into breaches. You can tailor alerts and be
`notified about general changes or specific circumstances. CM gives
`you a hacker’s-eye View of your perimeter, acting as your cloud
`sentinel.
`
`Comprehensive coverage and visibility
`
`VM for the perimeter—less world
`
`Qualys VM continuously scans and identifies vulnerabilities with Six
`Sigma (99.99966%) accuracy, protecting your IT assets on premises, in
`the cloud and mobile endpoints. Its executive dashboard displays an
`overview of your security posture and access to ren’rediation details.
`VM generates custom, role-based reports for multiple stakeholders,
`including automatic security documentation for compliance auditors.
`
`As enterprises adopt cloud computing, mobility, and other disruptive
`technologies for digital transformation, Qualys VM offers next-
`generation vulnerability management for these hybrid IT
`environments whose traditional boundaries have been blurred. With
`
`its fast deployment, low TCO, unparalleled accuracy, robust
`scalability, and extensibility, Qualys VM is relied upon by thousands
`of organizations throughout the world.
`
`FINJAN-QUALYS 038136
`
`

`

`Case 4:18-cv-07229-YGR Document 143-3 Filed 11/13/20 Page 3 of 5
`Case 4:18-cv-07229—YGR Document 143-3 Filed 11/13/20 Page 3 of 5
`
`Qualys VM is the industry’s most advanced, scalable
`and extensible solution for continuous vulnerability
`management and compliance. Its capabilities are
`powered by the Qualys Cloud Platform.
`
`
`
`Benefits
`
`2-second visibility
`
`Gives you full clarityinto your data center assets,
`identifies their vulnerabilities, prioritizes
`
`F R 0 S T
`
`(3'
`
`5 U L L I V A N
`
`2017 Global VUlnerability
`
`remediation and assesses IT compliance
`
`Management Market
`
`reporting engine Lower and more predictable TCO
`
`
`
`
`
`Continuous, comprehensive protection
`
`Continuously monitors your environment, and
`flags traffic anomalies and compromise indicators
`
`t
`d
`'
`r'
`'
`,
`resul s
`0 Accurate prlo Itlze
`Features a powerful data analysis, correlation and
`.
`.
`,
`
` No capital expenditures, extra human resources or
`
`infrastructure or software to deploy and manage.
`
`Leadership Award
`
`“Qualys continues to lead the market
`with new network coverage and security
`
`solutions that leverage its cloud-based
`.
`.
`.
`platformfor scalability, automation, and
`ease of use.”
`
`Detailed Features
`
`Discover f0 l’gOtten devices and O rganize
`your host assets
`
`lg; Visually map your network with our graphical host map
`@ Prioritize your remediation by assigning a business impact to each
`asset
`
`With Qualys, you can quickly determine what’s actually running in
`the different parts of your network—from your perimeter and
`corporate network to virtualized machines and cloud services such as
`
`(E7
`
`identify which 05, ports, services and certificates are on each
`device on your network
`
`Amazon EC2. Uncover unexpected access points, web servers and
`other devices that can leave your network open to attack.
`
`“S“ Organize hosts to match the structure of your business—9.9., by
`location, region, and company department
`
`2;: Control which hosts can be scanned by which users
`Continuously monitor your perimeter for unexpected changes with
`our optional Continuous Monitoring service
`
`91’
`
`(Si
`
`Dynamically tag assets to automatically categorize hosts by
`attributes like network address. open ports, OS, software installed,
`and vulnerabilities found
`
`FlNJAN-QUALYS 038137
`
`

`

`Case 4:18-cv-07229-YGR Document 143-3 Filed 11/13/20 Page 4 of 5
`Case 4:18-cv-07229—YGR Document 143-3 Filed 11/13/20 Page 4 of 5
`
`Scan for vulnerabilities
`
`Identify and prioritize risks
`
`Remediate vulnerabilities
`
`Using Qualys, you can identify the highest business
`risks using trend analysis, Zero-Day and Patch
`impact predictions.
`
`a Track vulnerabilities over time: as they appear, are
`fixed, or reappear
`
`0 Monitor certificates deployed throughout your
`network—see what‘s about to expire, which hosts
`they are used on, what their key size is, and
`whether or not they are associated with any
`vulnerabilities
`
`Qualys’ ability to track vulnerability data across
`hosts and time lets you use reports interactively to
`better understand the security of your network. Use
`a library of built-in reports, change what’s shown
`or choose different sets of assets — all without
`
`having to rescan. Reports can be generated on
`demand or scheduled automatically and then
`shared with the appropriate recipients online, in
`PDF or CSV.
`
`6 Automatically generate and assign remediation
`tickets whenever vulnerabilities are found
`
`@ Put critical issues into context with the Qualys'
`industry-leading, constantly updated
`KnowledgeBase
`
`Get consolidated reports of which hosts need
`which patches
`
`Q See which hosts need updates after Patch Tuesday
`every month
`
`6 Examine your network’s vulnerabilities over time, at
`different levels of detail, instead ofjust single
`snapshots
`
`0 Integrate with third-party IT ticketing systems
`Manage exceptions when a vulnerability might be
`riskier to fix than to leave alone
`
`Exceptions can be set to automatically expire after
`a period of time for later review
`
`6 Predict which hosts are at risk for Zero-Day
`Attacks with the optional Qualys Zero-Day Risk
`Analyzer
`
`@ Ouolys
`v
`Vulr-rablmy Managua-n1
`Remediation
`Dashboard
`Seam Reports
`Knowledgeaasa Users
`Assets
`Selim
`S39mm List!
`()mlon F'rrjlras
`Arllnenluzalrnh
`Annilanws
`Srnmulas
`Maps
`
`T Donntlhmrhm
`E Get Started Tutorials: Scans
`Th'u ls Mara you can maxing: ymr vulnarnbfllly mm am you! smn nonfrpuaflom
`
`a a my Nacwtw‘w
`
`Configure Sean Schadulaa
`canngwe scan: to run mm a: m a mmm may: and mum results o1~
`agma:
`
`mm
`
`mum mvulnerabilny scans, mm the warm av running scans and mm: we
`at vulnalnhllllres aimed altar suns mam
`Q) Manage Vulnerahlllty Scans
`wanes sumoch
`
`E
`
`Manage Dlaecrvary Scan.
`USE Iran $quer sans (mans) In arm! Nil mass on you! NEW Emma!
`devious nan he seleclad luv whammy swat-mu basedon the we named (as, was.
`emmnmap
`mun-man:
`
`Configure Scanner Applllneu
`Scaring warms «mma mum) am remand w scan amon Internal
`W mm mm“m mm mam and mm m a. 905......“
`
`cm ma mm: sunning opus": reamed w run a scan Tnasa Ian be saved as
`Dmlllas inc reuse Amanu vane rs pm my common anvuonrnenls
`Configure Scan Sofilngl
`wanna-MD:
`
`[a]
`'G
`
`Set Up Host Authentication
`use meammnlrmfian veaxum (Windows um, Grade, am in 4mm: am:mm:
`winemmles by pnmmnlng an incepm msunem al yam Maia
`madam!)
`
`Awlv Lamont hats at vulnerabilities Ioscan Dramas m aids! in Ilmu scannirq m unain
`fir Vulnerabllllbas anlv
`3 Configure Search um
`
`FINJAN-QUALYS 0381 38
`
`everywhere, accurately and
`
`efficiently
`
`Scan systems anywhere from the same console:
`your perimeter, your internal network, and cloud
`environments (such as Amazon E62). Since Qualys
`separates scanning from reporting, you can scan
`deeply and then create custom reports showing
`each audience just the level of detail it needs to
`see.
`
`Select target hosts by IP address, asset group or
`asset tag
`
`Scan manually, on a schedule, or continuously
`
`Scan behind your firewall securely with Scanner
`Appliances, remotely managed by Qualys 24/7/365
`
`Scan complex internal networks, even with
`overlapping private IP address spaces
`
`Securely use authentication credentials to log in to
`each host, database or web server
`
`Scan in Amazon EC2 without filling out request
`forms—Qualys is pre-approved
`
`Save time with our Six Sigma accuracy rate—no
`more chasing after false positives
`
`00000330 Store configuration information offsite with secure
`
`audit trails
`
`Custom reports anytime,
`
`anywhere — without rescanning
`
`Qualys’ ability to track vulnerability data across
`hosts and time lets you use reports interactively to
`better understand the security of your network. Use
`a library ofbuilt-in reports, change what’s shown
`or choose different sets of assets — all without
`
`having to rescan. Reports can be generated on
`demand or scheduled automatically and then
`shared with the appropriate recipients online, in
`PDF or CSV.
`
`0 Create different reports for different audiences—
`from scorecards for executives, to detailed drill-
`downs for IT teams
`
`0 Document that policies are followed & lapses get
`fixed
`
`9 Provide context & insight about each vulnerability,
`including trends, predictions, and potential
`solutions
`
`a Track ongoing progress against vulnerability
`management objectives
`
`a Share up-to-the-minute data with GRC systems &
`other enterprise applications via XML-based APls
`
`

`

`Case 4:18-cv-07229-YGR Document 143-3 Filed 11/13/20 Page 5 of 5
`
`Powered by the Qualys Cloud Platform
`— the revolutionary architecture that powers
`Qualys’ IT security and compliance cloud apps
`
`Sensors that provide continous visibl ity
`
`Res pond to threats immediately
`
`Orr—premises, at endpoints of in the cloud, the Qualys Cloud
`Platform sensors are always on, giving you continuous 2-second
`visibility of all your IT‘ assets. Remotely deployable, centrally
`managed and self-updating, the sensors come as physical or
`Virtual appliances, or lightweight agents.
`
`With Qualys’ Cloud Agent technology, there’s no need to
`schedule scan windows or manage credentials for scanning.
`And Qualys Continuous Monitoring service lets you proactively
`address potential threats whenever new vulnerabilities appear,
`with real—time alerts to notify you immediately.
`
`All data analyzed in real time
`
`See the results in one place,
`
`Qualys Cloud Platform provides an end-to-end solution, allowing
`
`anytime, anywhere
`
`you to avotd the COSt and complexmes that come mm managing
`multiple security vendors. The Qualys Cloud Platform
`automatically gathers and analyzes security and compliance data
`In a scalable, state-of-the—art backend, and promsmmng additional
`Cloud apps is as easy as checking a box.
`
`Qualys Cloud Platform is accessible directly in the browser, no
`plugins necessary. Vifith an intuitive, single-pane—of—glass user
`interface for all its apps, it lets you customize dashboards, drill down
`into details, and generate reports for teammates and auditors.
`
`Cloud Platform Apps:
`Qualys apps are fully integrated and natiVely share-thefiata th‘eyfidll at ‘fia
`analysisand correlation. Provisioning anoth .
`
`ASSET MANAGEMENT
`
`IT SECURITY
`
`WEBjAPP' sECUI‘a'I-T'Y
`
`MGNWDZRINE
`
`Container Security
`
`Asset Inventory
`
`CMDB Sync
`
`VulnerabilityManagement . webmppScanning
`
`‘
`
`Threat Protection
`
`a .W'e‘bLAfiplEir'ewalll
`
`Continuous Monitoring
`
`lndica’tio’nroileompromi’sei
`
`Request a full trial (unlimited-scape) at
`qualys.com/tirial
`
`Qualys is easy to implement, easy to use, fully scalable —
`and require NO infrastructure or software to maintain.
`
`© 2017 Qualys, Inc, All rights reserved. 9/17
`
`FlNJAN-QUALYS 0381 39
`
`