The global pandemic has upended everything, and in the cyber security world in particular it has highlighted the need for organizations to have a cloud-based security and compliance platform, Qualys President and Chief Product Officer Sumedh Thakar said during his keynote Monday at the virtual QSC USA 2020 conference.
As lockdown measures went into effect and working from home became the norm, a new set of unexpected cybersecurity challenges quickly materialized. VPNs got overloaded. Distributing patches became difficult, and sometimes impossible. As employees connected to insecure home networks, protecting their devices and data got harder.
“We were just starting to get the hang of how security can play a big role in digital transformation, when we had a completely and entirely new seismic shift in IT,” he said.
As Thakar put it, security teams were thrown “a new curveball,” but the deeper problem wasn’t the unforeseen crisis. It’s the still prevalent use of traditional security architectures designed to protect primarily on-premises networks and assets, as opposed to defending dynamic and hybrid IT environments.
Organizations can no longer rely on security stacks made up of heterogeneous point tools that don’t interoperate, can’t scale, and are stitched together, making them difficult and costly to deploy and manage, he said. They can’t depend on multiple agents with limited functionality that collect fragmented data that is fed to multiple consoles. This forces security practitioners to manually correlate the data, preventing them from responding quickly to threats.
“That is fundamentally the challenge here. It’s not that something new happened. It’s that the solutions that we generally use were not forward-looking enough to create a way for us to handle any new situation that can happen,” Thakar said.
What’s needed is a next-generation security architecture for prevention, detection and response that is seamlessly built into your hybrid IT environment, which is the approach Qualys has taken with its Qualys Cloud Platform, he explained. It’s a unified platform with a centralized cloud backend, a single agent, a complementary set of sensors, and a natively integrated suite of security and compliance applications.
With sensors that include physical, virtual and cloud scanners, a passive network sniffer, APIs and the lightweight and multi-purpose Qualys Cloud Agent, the Qualys Cloud Platform collects telemetry data continuously across your entire IT environment, and analyzes it in real time, so you can quickly respond to emerging threats.
Its three key pillars are:
- A global, always updated IT asset inventory. The platform discovers all managed and unmanaged assets – hardware and software – and categorizes, normalizes, enriches and organizes the inventory data, for full visibility of assets everywhere.
- Prevention and remediation capabilities, including the ability to continuously detect vulnerabilities and misconfigurations in all assets, and to fix these issues quickly.
- Detection and response capabilities, including anti-malware protection, breach detection, and response actions like asset quarantining.
The open, highly scalable and extensible architecture consists of four core layers:
- The suite of more than 20 natively integrated security and compliance applications
- A set of shared services for tasks like authentication, authorization, subscriptions, indexing, data sync and tagging
- Messaging, data and analytics engines, including Kafka, JanusGraph, Ceph, Elastic, Cassandra, Redis and Flink
- An infrastructure and DevOps toolchain that includes logging, monitoring, configuration management, service registry, CI/CD and Docker and Kubernetes
Today, the Qualys Cloud Platform has indexed 8 trillion data points, moves 15 billion Kafka messages per day, processes 3 trillion security events per year, and conducts 6 billion IP scans annually, all with 99.9996% Six Sigma accuracy.
Qualys Cloud Platform enhancements
Thakar highlighted a raft of improvements Qualys has made to the platform in the past year that go beyond the addition of incremental functionalities. “It’s continued enhancement of the platform,” he said. “We’re not talking about little features here and there. We’re talking about comprehensive visibility, and comprehensive response actions.”
Thakar highlighted and demoed new and enhanced Qualys applications:
- VMDR combines asset inventory, vulnerability management, threat prioritization and remediation – a “game changer” as Thakar described it. “We rebuilt the entire VM solution by bringing all these workflows together in a single place,” he said. “You can go from discovering an asset, to discovering vulnerabilities, to prioritizing them, and to actually fixing them in a matter of minutes.”
- Multi-Vector EDR leverages the Qualys Cloud Agent to go beyond “garden variety” EDR solutions by providing comprehensive prevention, detection and response across the entire attack lifecycle. It provides real-time discovery of endpoints; prioritization of suspicious activities; and multi-tiered response capabilities.
- Patch Management allows organizations to deploy both security and non-security patches by pulling them directly from vendors’ CDNs — so it doesn’t use VPNs – and maps patches with CVEs, helping to streamline and accelerate remediation for all assets.
- SaaS Security and Compliance, currently in beta, lets organizations assess the security and compliance of the applications in Microsoft’s Office 365 and Google’s G Suite, and soon will add Salesforce.com and Zoom. It checks that all configurations are set up correctly, that the right users have the right access, that no one is engaging in suspicious or malicious activity, that applications have the proper data-sharing permissions – and more, according to Thakar.
- CloudView, which lets you continuously inventory and assess the security and compliance of your public cloud workloads, is now gaining remediation and response capabilities. Those new capabilities are in beta.
- Container Runtime Security adds runtime defense capabilities and automated enforcement to Qualys Container Security. It provides policy-driven monitoring, detection and blocking of container behavior at runtime, and eliminates the need for cumbersome management of sidecar and privileged containers.
- Enterprise Mobile Security, now in beta, provides real-time inventory of mobile devices, their OS, and their application vulnerabilities, and offers remediation and response capabilities. “These mobile devices are communicating with the APIs that host the most critical data for you, so you want to make sure that they are secure and tracked in real time,” Thakar said.
- Security Analytics and Response, currently in alpha, provides threat detection beyond the endpoint by ingesting log data from third-party tools and correlating and enriching it with Qualys data. “With a large amount of data being already collected and correlated by the Qualys Cloud Platform, we can now pull in third-party log data from, for example, Palo Alto Networks firewalls and from email systems like Proofpoint, to bring in additional context of what activity may be happening, and to enable some very interesting use cases,” Thakar said.
- Network Containment, also in alpha, provides agentless response on the network with either an in-line or out-of-band passive sensor.