In today’s constantly changing and evolving cloud environments, being able to quickly provide information on misconfigurations and security policy violations in your cloud accounts and assets has become a critical need to the success of your security operations. Many cloud platforms offer tools within their specific cloud environments to provide this type of visibility. However, security operations teams are quickly learning that in a multi-cloud environment, they need tools that provides this information across all three major cloud providers in a seamless and centralized way, with normalized data streams. They need a single source of truth for their account security regardless of the public cloud provider or the asset metadata.

Continue reading …

After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we’ve published the new guide, Assess Vulnerabilities and Misconfiguration in CI/CD Pipelines.

Continue reading …

If your company uses Slack and is looking for ways to easily monitor activities in its AWS Golden AMI Pipeline, you can use AWS native services to send messages into a Slack channel. This can give your teams better visibility into the approval process for the candidate AMIs that they submit, as opposed to handling this via email. As we all know, email messages can get lost, overlooked or dumped in spam folders, which doesn’t happen with Slack messages. Moreover, Slack channels can have multiple subscribers so a single message can be seen by multiple people or other bots. Handling approval requests within a Slack channel also simplifies the management of the process.

Read on for a detailed, step-by-step explanation.

Continue reading …

Today we’re starting a blog series focused on how to integrate Qualys solutions into DevSecOps for securing cloud infrastructures. In this initial post, we’ll discuss the importance of assessing vulnerabilities and misconfigurations on AWS pipelines.

When developing golden Amazon Machine Images (AMIs), DevOps teams should run continuous and automated checks to eliminate vulnerabilities and misconfigurations in them. It’s a critical security and compliance practice that Qualys recommends its customers adopt. 

To that end, Qualys partnered with Amazon to integrate the AWS Golden Amazon Machine Image Pipeline reference architecture with Qualys scanners for vulnerability and configuration compliance assessment.

The result: Qualys has just published a GitHub repository and documentation for implementing Qualys scanning of instances in a golden AMI pipeline. This will help customers detect and fix critical vulnerabilities and compliance issues in the image creation pipeline, before they reach production environments.

Continue reading …