Case 4:18-cv-07229-YGR Document 202-7 Filed 06/01/21 Page 1 of 7
`Case 4:18-cv-07229—YGR Document 202-7 Filed 06/01/21 Page 1 of 7
`
`EXHIBIT 13
`
`EXHIBIT 13
`
`

`

`Case 4:18-cv-07229-YGR Document 202-7 Filed 06/01/21 Page 2 of 7
`Case 4:18-cv-07229—YGR Document 202-7 Filed 06/01/21 Page 2 of 7
`
`@ Quolys.
`
`Qualys VMDR® — All-in-One
`
`Vulnerability Management, Detection,
`
`and Response
`
`The #i Vulnerability Management solution expands
`
`to establish a new, game—changing category
`
`Discover, assess, prioritize, and patch critical
`
`vulnerabilities in real time and across your global
`
`hybrid-IT landscape — all from a single solution.
`
`
`
`VMDR with Built-in
`
`Orchestration
`
`Identify all known and unknown
`
`- assets on your global hybrid-IT
`
`Knowing what’s active in a global hybrid~IT environment is
`
`fundamental to security. Automatically detect all known
`
`and unknown IT assets everywhere for a complete,
`
`categorized inventory enriched with details such as vendor
`
`lifecycle information and much more.
`
`Analyze vulnerabilities and
`
`misconfigurations with six sigma
`
`accuracy
`
`Automatically detect vulnerabilities and critical
`
`misconfigurations per CIS benchmarks, by asset.
`
`Quickly focus on what’s most urgent
`
`Using advanced correlation and machine learning,
`
`automatically prioritize the riskiest vulnerabilities on the
`
`most critical assets, reducing thousands of vulnerabilities
`
`to the few hundred that matter.
`
`Innoculate your assets from the most
`
`critical threats
`
`With the push of a button, deploy the most relevant,
`
`superseding patch to quickly remediate vulnerabilities and
`
`threats across any size environment.
`
`HIGHLY CONFIDENTIAL — ATTORNEYS' EYES ONLY
`
`QUALYSOOBOBBBS
`
`

`

`Case 4:18-cv-07229-YGR Document 202-7 Filed 06/01/21 Page 3 of 7
`Case 4:18-cv-07229—YGR Document 202-7 Filed 06/01/21 Page 3 of 7
`
`Today’s processes involve different teams, using multiple
`point solutions — significantly adding complexity and time
`to the critical patching process.
`
`Traditional endpoint solutions don’t interface well with each other, creating integration headaches, false
`
`positives, and delays. Ultimately, devices are left unidentified, critical assets are misclassified,
`
`vulnerabilities are poorly prioritized, and patches don't get fully applied.
`
`A new approach is required.
`Introducing
`
`
`
`VMDR
`
`A single app for discovery,
`assessment, detection and
`
`response.
`
`Benefits:
`
`The Qualys Cloud Platform, combined with its powerful
`
`It's all in the cloud
`
`lightweight Cloud Agents, Virtual Scanners, and Network
`
`Analysis (passive scanning) capabilities bring together all
`
`' @
`
`No need for bulky appliances. Everything is in
`
`the cloud and ready to run.
`
`four key elements of an effective vulnerability management
`
`Easy to deploy
`
`program into a single app unified by powerful out-of-the-
`
`Deployment is incredibly simple. With
`
`box orchestration workflows. Qualys VMDR® enables
`
`organizations to automatically discover every asset in their
`
`unlimited virutal scanners, you can spin a
`
`scanner up and be ready to go in not time.
`
`environment, including unmanaged assets appearing on the
`
`Includes vulnerability management
`
`network; inventory all hardware and software; and classify
`
`and tag critical assets. VMDR continuously asseses these
`
`assets for the latest vulnerabilities, and applies the latest
`
`threat intel analysis to prioritize actively exploitable
`
`VM
`
`VMDR has the same vulnerability management
`
`capabilities you know and trust.
`
`Drastically reduce time and money
`
`A single cloud platform saves organizations
`
`vulnerabilities. Finally, VMDR automatically detects the
`
`save significant resources and the time
`
`latest superseding patch for the vulnerable asset and easily
`
`deploys it for remediation.
`
`Built-in orchestration
`
`By delivering all this in a single app workflow, VMDR
`
`automates the entire process and significantly accelerates
`
`an organization’s ability to respond to threats, thus
`
`preventing possible exploitation.
`
`otherwise required to install multiple agents
`
`and consoles, and work on integrations.
`
`HIGHLY CONFIDENTIAL — ATTORNEYS' EYES ONLY
`
`QUALYSOOBOSBSG
`
`

`

`Case 4:18-cv-07229-YGR Document 202-7 Filed 06/01/21 Page 4 of 7
`Case 4:18-cv-07229—YGR Document 202-7 Filed 06/01/21 Page 4 of 7
`
`ASSET MANAGEMENT
`
`VULN ERABl LlTY MANAGEM ENT
`
`Auomated asset identificaton
`
`and categorization
`
`Real—time vulnerability and
`
`misconfiguration detection
`
`Knowing what’s active in a global hybrid—IT environment is
`
`VMDR enables customers to automatically detect vulnerabilities and
`
`fundamental to security. VMDR enables customers to automatically
`
`critical misconfigurations per CIS benchmarks, broken out by asset.
`
`discover and categorize known and unknown assets, continuously
`
`Misconfigurations lead to breaches and compliance failures, creating
`
`identify unmanaged assets, and create automated workflows to
`
`vulnerabilities on assets without common vulnerabilities and
`
`manage them effectively.
`
`After the data is collected, customers can instantly query assets and
`
`any attributes to get deep visibility into hardware, system
`
`configuration, applications, services, network information, and more.
`
`exposures (CVEs). VMDR continuously identifies critical
`
`vulnerabilities and misconfigurations on the industry's widest range
`
`of devices, operating systems and applications.
`
`
`
`
`
`THREAT PRIORITIZATON
`
`PATCH MANAGEMENT
`
`Automated remediation prioritization
`
`Patching and remediation at your
`
`VMDR uses real-time threat intelligence and machine learning
`
`models to automatically prioritize the riskiest vulnerabilities on the
`
`most critical assets. Indicators such as Exploitable, Actively Attacked,
`
`and High Lateral Movement bubble up current vulnerabilities that are
`
`at risk while machine learning models highlight vulnerabilities most
`
`likely to become severe threats, providing multiple levels of
`
`prioritization.
`
`fingertips
`
`After prioritizing vulnerabilities by risk, VMDR rapidly remediates
`
`targeted vulnerabilities, across any size environment, by deploying the
`
`most relevant superseding patch. Additionally, policy—based,
`
`automated recurring jobs keep systems up to date, providing proactive
`
`patch management for security and non-security patches. This
`
`significantly reduces the vulnerabilities the operations team has to
`
`chase down as part of a remediation cycle.
`
`
`
`
`
`Confirm and repeat
`
`VMDR closes the loop and completes the vulnerability management
`
`lifecycle from a single plane of glass that offers real—time
`
`customizable dashboards and widgets with built-in trending. Priced
`
`on a per-asset basis and with no software to update, VMDR
`
`drastically reduces your total cost of ownership.
`
`451
`
`“With VMDR, Qualys integrates highly valued and much-needed
`asset visibility with vulnerability management so that IT teams
`can have full visibility of their global IT assets (known and
`unknown). This provides the ability to identify the exposures of
`those assets in real time, and to prioritize remediation by
`combining real-time threat indicators with asset context to
`remediate with one click and then audit the process.”
`
`
`
`.514
`
`Scott Crawford
`
`Research Vice President at 451 Research
`
`HIGHLY CONFIDENTIAL — ATTORNEYS' EYES ONLY
`
`QUALYSOOBOSBST
`
`

`

`Case 4:18-cv-07229-YGR Document 202-7 Filed 06/01/21 Page 5 of 7
`Case 4:18-cv-07229—YGR Document 202-7 Filed 06/01/21 Page 5 of 7
`
`Screenshot: VMDR Prioritization Report
`
`VMDR includes a new threat prioritization engine. It correlates multiple real-time threat indicators (RTIs) with new
`
`machine learning models that analyze historic trends and current threats, and combine with asset criticality, to
`
`accurately pinpoint only the small number of highly potent threats that, once remediated, significatly reduce an
`
`organization's risk. Instant workflow that kicks off patching with Qualys Cloud Agents further reduces risk by
`
`eliminating the huge gap that traditional, siloed tools insert between detection and patch deployment.
`
`@ Qualys.
`
`Qualys Threat Prioritization
`ASSETS
`
`Tags
`
`I Finance
`
`I Marketing
`
`I Human Resources
`
`Engineering
`
`I Operations
`
`VMDR
`
`Hosts
`
`CVSS Score —l -
`
`High
`(31 D)
`
`.‘2
`
`_
`
`.
`
`Med
`(320)
`
`Low
`(713)
`
`Total
`
`Vulnerabilities
`
`Service Level
`
`Agreement
`
`
`Pre—SLA
`D-15+ Days
`16-30 Days
`31-60 Days
`61-90 Days
`90+ Days
`(260)
`(122)
`(108)
`(412)
`(21 1)
`(230)
`
`Zero Day
`
`High Lateral Movement
`
`Active Attacks
`
`0 High Data Loss
`
`Easily Exploitable
`
`Unpatchable
`
`Machine Learning Probability o Exploit Kit Available
`
`.fiJ-ET'.
`r
`=.....-'
`
`1,2113? DOS External
`
`Vulnerable to DOS
`
`Public Exploit
`
`e Wormable
`
`Prioritized Vulnerabilities
`
`Deploy Patches
`
`3T
`
`of 1.3K
`
`II
`
`5
`
`9
`
`on 38 hosts
`
`2.75 /0 of Total Vulnerabilities
`
`0
`
`On 1 0 /0 of total Hosts
`
`0
`
`OID
`
`[IVE
`
`TITLE
`
`PRIDRITIZATIDN SCORE
`
`HOSTS
`
`91534
`
`CVE—2019—0708
`
`Microsoft Windows Remote Desktop Services Remote Code Execution...
`
`23
`
`Patch
`
`371361
`
`CVE-2018-1 5982
`1 more
`
`Adobe Security Update for Flash Player (APSB18-42)
`
`
`
`19
`
`Patch
`
`90694
`
`CVE—2019-0708
`2 more
`
`Microsoft Windows Cumulative Security Update of ActiveX Kill Bits (M..
`
`28
`
`Patch
`
`HIGHLY CONFIDENTIAL — ATTORNEYS' EYES ONLY
`
`QUALYSOOBOBBSB
`
`

`

`Case 4:18-cv-07229-YGR Document 202-7 Filed 06/01/21 Page 6 of 7
`Case 4:18-cv-07229—YGR Document 202-7 Filed 06/01/21 Page 6 of 7
`
`Screenshot: VMDR Filters
`
`Use highly responsive dynamic filters, powered by the Qualys highly scalable elastic backend, to create powerful
`
`visualizations that accurately pinpoint various threats across millions of assets in your global hybrid network.
`
`Quickly view your network from different lenses and build powerful, highly customized dashboards.
`
`'_,;_4;.,_;
`
`V
`
`.-'
`
`Ir!
`
`.- I. [-..I_J;.I
`
`.{'_;|::'- Y
`
`:."'|. ..|,-.|.; ll '40"
`
`y
`
`:
`
`.-.,.,I :.'-".?I
`
`V
`
`.J
`
`-
`
`‘._I_.l_-.[_.
`
`v
`
`"-‘I'!'.'.I|.- Liv
`
`'.~..:_|»-:=
`
`Y
`
`-_'il:'I' fir
`
`.
`
`.I1---,_-I|:;'-': -'
`
`:3ll' V
`
`I'_.--.:..-I.'.I.'- ll -__4I]jI
`
`v
`
`I 1-0..
`
`I]'."_'I
`
`v
`
`"3
`
`I‘.-'-.:':I--
`
`r
`
`i." '?-v"-':_II-:I'I for assets
`
`TotaIAssets
`
`CD
`
`.
`
`.
`
`I
`
`-
`
`I
`
`- _'
`
`-
`
`'
`
`-
`
`I
`
`I
`
`Totalnssets
`
`G)
`
`.
`
`'
`
`i.
`
`'
`
`I
`
`I
`
`.
`
`' . I
`
`-
`
`_
`
`.— i AND
`
`CRITERIA
`OR
`.10 «r»
`I-rI'lI'uInerabil'Ities
`
`@5
`
`WI'Mlsnunfigs
`
`«c»
`
`s
`
`
`
`1.
`
`'
`
`~
`
`_
`
`.-
`
`.
`
`SRVUOitZ-PRD
`
`I
`
`_
`
`.
`
`.
`
`"- .
`
`-'
`
`'
`
`,
`
`.-
`
`..
`
`.
`
`.
`
`.
`
`_
`
`f
`
`.'
`
`.
`
`-
`
`_
`
`.-
`
`I
`
`-'
`10.10.?004
`
`_.
`
`AND
`
`a
`
`
`
`-
`
`.
`
`.
`
`"I;
`
`_.
`
`SWUOf-Z-PRD
`
`
`
`:-
`
`-
`
`SWDGSEI-PRD
`_
`.
`_
`
`I
`
`'
`
`__ _.
`
`.
`
`.'
`
`-
`
`I
`_
`DEGDESd—PRD
`
`.-
`
`I.
`
`O4
`wflhreals
`
`'-
`
`-
`
`CRITERIA
`os_
`010 «r»
`IIrNulnerahililles
`@5
`wl‘MlscurIfigs
`04 «w
`wflhreats
`
`-
`.
`.
`._ _
`®
`WEBUDQUAPRD _
`- .._...
`.
`EWUUEPRD
`
`. ©
`1010.70.14
`'
`
`-
`-
`-
`-@ I
`
`- NTwoniaas
`
`
`
`O
`
`
`
`-- mesons-900
`
`.
`
`.
`
`--
`
`'
`
`.
`
`'
`
`SDDO789—1EJEI
`
`
`
`'iallnpoms-Pso'
`
`_ _
`
`3000345100 "'
`
`.
`
`1:1 Assets
`
`v
`
`with Tags
`
`Pod1
`
`FedRAMP e
`
`‘11 Search for assets
`
`at:
`
`.i.
`
`{,5}
`
`A
`
`Last 30 days
`
`Grotto By
`
`Select
`
`7
`
`Filler 9‘;
`
`Enterprise H Kim Y
`
`Lorpmste IT {40'}
`
`v
`
`Cloud {22'}
`
`Y
`
`Soltwsres
`
`Y
`
`:‘.:1
`
`I
`
`.
`
`I. --- """"""""
`II
`
`....... —---‘
`
`_.-"‘
`
`.-’_
`
`.-'
`
`>.
`'
`
`.'
`
`_.
`
`I
`4—_—'-‘
`
`.
`
`'.
`
`.
`
`I
`
`80
`Total Assets
`
`CRITERIA
`
`0R
`
`. 10
`
`®
`
`AND
`
`l
`
`<o>
`_.
`
`<0)
`
`@ 5
`w/M'iscunfigs
`
`'
`
`V
`
`4
`
`a
`
`III/Threats
`
`I
`I
`".
`
`.k
`
`/.
`
`‘
`
`E’L-l __,:._--__-j'.'.—-
`_
`
`’
`
`’_.
`
`_,.—
`
`___--"
`_.
`
`_-'
`
`_,-"
`'.
`
`.‘
`
`;
`
`..
`
`,
`
`.l ;
`
`l
`
`F‘—
`
`‘_
`SRVOOfQ—PRD
`_ _.
`_=:_/_le.--
`APP0045—PRD
`Server
`
`Dell lnc./OptiPlex 990
`
`.
`
`.- o ms
`
`-
`-
`
`Pod 1
`
`FedRAMP
`
`
`
`View all 14Tags
`
`LmSIulflhounlgn‘imsIu-n
`
`'
`
`'
`
` Wmiabi'mes
`Cmnccsed I'IDrrI 10.31 II
`
`2"“
`
`' “a“;
`, IE_ _,
`_ APPOUgS-PRBRW
`'l
`
`10 VULNERABILITIES
`7 Severity 5
`3 Seventy4
`
`04 MISBDNFIGURATIDNS
`1 Critical
`3 Hugh
`
`06 THREATS
`2 Wormable
`4 Exploutable
`
`PATCH
`
`REMEDIATE
`
`REMOVE
`
`Ir
`
`
`
`'1.“ “a."
`
`—
`
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`
`QUALY300606869
`
`

`

`Case 4:18-cv-07229-YGR Document 202-7 Filed 06/01/21 Page 7 of 7
`Case 4:18-cv-07229—YGR Document 202-7 Filed 06/01/21 Page 7 of 7
`
`Qualys VMDR® — See for yourself
`
`Priced on a per-asset basis, VDMR saves on deployment, administration, and software subscription
`
`costs with lightweight, easily deployed, and self-updating Cloud Agents and Virtual Scanners.
`
`Request a full trial (unlimited scope) at qualys.com/trial
`
`Apps and services
`
`What it does
`
`ASSET MANAGEMENT
`
`papnnur
`
`uoppv
`
`Asset Discovery
`
`Detect and inventory all known and unknown assets that connect to your global hybrid—
`
`IT environment — including on premises devices and applications, mobile, endpoints. clouds,
`
`containers, OT and loT. Includes Qualys Passive Scanning Sensors.
`
`Asset Inventory
`
`Get up~toédate real—time inventory for all IT assets. VMDR includes:
`
`On-premises Device Inventory — Detect all devices and applications connected to the network
`
`including servers, databases, workstations, routers, printers, IoT devices, and more.
`
`Certificate Inventory — Detect and catalog all TLS/SSL digital certificates (internal and external
`
`facing) from any Certificate Authority.
`
`Cloud Inventory — Monitor users, instances, networks, storage, databases and their
`
`relationships for a continuous inventory of resources and assets across all public cloud platforms.
`
`Container Inventory — Discover and track containers hosts and their information — from build
`
`to runtime.
`
`VMDR includes unlimited Qualys Cloud Agents and Container Sensors. Discoverandinventoryallassets
`
`
`(fl
`
`Mobile Device Inventory — Detect and catalog every mobile device. with extensive information
`
`about the device, its user, its configuration. and its apps.
`
`Asset Categorization and
`Normalization
`
`Gather detailed information, such as an assets' details, running services, installed software, and
`more. Eliminate the variations in product and vendor names and categorize them by product
`
`families on all assets.
`
`Enriched Asset Information
`
`Get advanced in—depth details including, hardware/software lifecycles (EOL/EOS), software
`
`license auditing. commercial and open sources licenses, and more.
`
`CMDB Synchronization
`
`Bi—dire‘ctionally synchronize asset information between Qualys and the ServiceNow CMDB.
`
`VULNERABILITY MANAGEMENT
`
`Vulnerability Management
`
`Continuously detect software vulnerabilities with the most comprehensive signature database,
`
`across the widest range of asset categories. Qualys is the market leader in VM.
`
`Includes unlimited Qualys Virtual Scanners and Cloud Agents
`
`Configuration Assessment
`
`Assess, report and monitor security—related misconfiguration issues based on the Center for
`Internet Security (CIS) benchmarks.
`
`Additional Assessment
`Add 0'15
`
`Certificate Assessment - Detect and catalog every TLS/SSL digital certificates (internal and
`external facing) from any Certificate Authority.
`Cloud Security Assessment — Continuously monitor and assess your PaaS/laaS resources for
`
`misconfigurations and non—standard deployments.
`
`Container Security Assessment a Scan images in your environment for high~severity
`
`vulnerabilities, unapproved packages and older or test release tags. and assess their impact.
`
`Includes plug»ins for Cl/CD tools such as Jenkins, and others.
`
`4.!
`
`3
`9
`'o
`E
`g
`
`
`
`Detectandprioritizethreats
`
`.C
`U
`
`3
`2
`
`in
`3
`fig
`
`or
`E
`(1:
`0:
`
`THREAT DETECTION 8: PRIORITIZATION
`
`Continuous Monitoring
`
`network changes before they turn into breaches.
`
`
`
` Alerts you in real time about network irregularities. Identifies threats and monitors unexpected
` Pinpoint your most critical threats and prioritize patching. Using real—time threat intelligence and
`
`
`
`
`Threat Protection
`
` RESPONSE
`
`machine learning, take control of evolving threats, and identify what to remediate first.
`
`Patch Detection
`
`Automatically correlate vulnerabilities and patches for specific hosts. decreasing your
`
`remediation response time. Search for CVEs and identify the latest superseding patches.
`
`
`—
`
`
`
`Patch Management via Third-
`Party VBHdOI'S
`
`Integrates with your existing patch deployment solutions, like SCCM and other third+party
`solutions. to significantly reduce patch time.
`
`Patch Management via
`QUBIYS CIOUd Agents
`
`Speed up patch deployment by eliminating dependence on third~party patch deployment
`solutions by using Qualys Cloud Agents.
`
`Container Runtime
`.
`.
`Protection
`
`
`Protect and secure running containers for policy enforcement. (Available 01 2020 Beta)
`
`
`
`Mobile Device Management - Remotely monitor, manage and secure mobile devices. (Available QZ 2020 Beta)
`
`
`
`GUALYS SENSORS WITH UNPRECEDENTED SCALABILITY
`
`VMDR includes, UNLIMITED: Qualys Virtual Passive Scanning Sensors (for discovery), Qualys Virtual Scanners, Qualys Cloud
`
`Agents, Qualys Container Sensors, and Qualys Virtual Cloud Agent Gateway Sensors for bandwidth optimization.
`
`
`
`OTHER INTEGRATED QUALYS CLOUD APP ADD ONS
`
`Indication of Compromise, Container Security, Web Application Scanning, Web Application Firewall, Policy Compliance, PCI Compliance,
`
`File Integrity Monitoring, Security Assessment Questionnaire and Out-of—Band Configuration Assessment.
`
`For more information about these apps, visit oualyscom/apps
`
`
`is?“ Qualys. Inc. All rights reserved
`
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`
`QUALYSOOBOBBTO
`
`