The Center for Internet Security (CIS) will leverage a cloud-based service from Qualys that will enable CIS to notify members of expiring, vulnerable or misconfigured site certificates as part of the customized monthly reports they already receive.
Qualys already provides Qualys CertView, a free service to inventory and assess all external certificates and underlying SSL/TLS configurations and vulnerabilities, including certificate discovery, TLS configuration grades and continuous monitoring of internet-facing certificates. Organizations then have the option of upgrading to an inventory and assessment service for internal certificates on networks.
Karun Malik, vice president of strategic alliances and channel development for Qualys, said rather than having to deploy their own infrastructure to gain access to that data, members of CIS will be able to rely on a cloud service that employs machine learning algorithms to surface analytics based on the telemetry data it collects.
The CIS is a non-profit organization that makes available benchmarks and other cybersecurity resources to hundreds of members who typically work for IT organizations or vendors providing products and services. The certificate service being provided in collaboration with Qualys is the latest partnership between the organizations. Qualys research analysts currently contribute to CIS benchmarks for Amazon Web Services, Microsoft Azure and Google Cloud Platform, as well as benchmarks for Oracle Linux, IBM AIX and Microsoft IIS platforms. Qualys also makes CIS policies via its Policy Compliance (PC) solutions and the Community Edition of platforms.
Malik said one of the more frustrating aspects of cybersecurity is that most organizations don’t have a lot of visibility into what certificates have expired or are close to expiring. When an SSL certificate expires, the website can be labeled as “untrusted” by the browser because communication between it and website is assumed to be unencrypted. But, thanks to the rise of cloud computing services that make it possible to more easily aggregate telemetry data, Malik said it’s now easier to stay ahead of certificate expiration dates.
Malik contended most security intelligence applications will be delivered via the cloud because it provides the most economic alternative for aggregating the data required to drive analytics based on machine learning algorithms, require access to massive amounts of data to train artificial intelligence (AI) models to recognize specific types of cybersecurity threats and breaches. Those AI models won’t eliminate the need for cybersecurity professionals as much as they will augment cybersecurity teams that typically are short-handed, thanks to the ongoing chronic shortage of cybersecurity professionals.
Of course, all those augmented capabilities won’t arrive overnight. Most of them will manifest themselves in various analytics services over time. Very few cybersecurity professionals are going to build AI models. Rather, they will consume the analytics output created by machine learning algorithms embedded in a security service. Those services, hopefully, will deliver more actionable intelligence in a way that not only is faster, but also eliminates a lot of the drudgery associated with completing tasks that often take away time from other, more intellectually stimulating cybersecurity pursuits.