Qualys CEO Philippe Courtot this week committed to expanding the reach of its Vulnerability Management, Detection and Response (VMDR) cloud platform to include endpoint detection and response (EDR), incident management capabilities and compliance tools.
In addition, Courtot said Qualys will also extend the reach of the VMDR to add support for industrial control systems (ICS) and other forms for operational technology (OT).
During a virtual conference, Courtot outlined an ambitious effort to consolidate a wide range of cybersecurity and IT management functions around a single agent that continuously communicates with a cloud-based control plane accessed via a software-as-a-service (SaaS) platform.
Made generally available last week, the Qualys VMDR platform employs a single agent to capture critical telemetry data from the scanning tools that Qualys has developed. With more than 30 million agents deployed, Qualys is now running more than 3 billion scans annually, Courtot said. Those agents are deployed in a wide range of endpoints and servers inside and out of the cloud. Passive sensors embedded within those agents identify in real-time any device that connects to the network. The agent then determines what software components are out of date. Cybersecurity teams can then configure that agent to pull the appropriate patches directly from the software provider rather than requiring cybersecurity teams to push those patches out to endpoint.
As part of that effort, Courtot said Qualys has re-engineered a backend cloud service using containers to make more than 140 open source engines available as microservices. That cloud service also includes an instance of Elastic Search that indexes more than 3 trillion data points. The Qualys cloud now processes more than 5 billion messages a day while performing a million writes per second to a Cassandra database, he noted.
The VMDR platform already contains 9PB of data with a distributed data lake that is providing 100 milliseconds response times, said Courtot. Qualys is also committing to injecting and importing additional logs for other data sources to increase the size of that data lake, which over time will eliminate the need to deploy a separate security information event management (SIEM) platform.
The goal is to bring vulnerability management to its next level with unprecedented ease of deployment with no software to maintain or update while generating a very low number of false positives, Courtot said. Via the VMDR platform, he noted, organizations will be able to apply policies to protect everything from containers and mobile computing devices to instances of Microsoft Office 365 in the cloud.
In effect, Qualys is signaling that many aspects of cybersecurity and IT management are about to converge. Most organizations have a hard time finding and retaining cybersecurity expertise. The Qualys VMDR platform represents an effort to make it easier to maintain cybersecurity within the context of other IT management processes. It is already clear that the management of IT and cybersecurity is heading into the cloud. The only thing that remains to be seen now is what degree the management of those functions converge once they get there.