Several product management leaders took the stage at Qualys Security Conference 2016 in Las Vegas on Wednesday to outline major recent improvements to Qualys products, including Cloud Agent, AssetView, ThreatPROTECT, Vulnerability Management, Policy Compliance and Web Application Scanning.
“2016 was a big year for Cloud Agent,” said Chris Carlson, a product management vice president, citing the more than 1 million agents deployed already in customer environments.
Many of the enhancements to Cloud Agent focus on capabilities for large-scale rollouts and enterprise requirements, he said. These included the Cloud Agent APIs, improvements to Configuration Profiles and Activation Keys, HTTPS proxy support and general performance tuning.
Other improvements focused on extending support for Cloud Agent within the Microsoft Azure and Amazon AWS cloud computing environments.
Cloud Agent also gained support for many new OS platforms, including Amazon Linux 2015.9 and 2016.09; Windows Server 2016; Oracle Enterprise Linux 5, 6 and 7 and OpenSUSE 13.
AssetView gained a number of new features in 2016, including the ability to export search results to CSV, PDF and several other formats. Also added were saved searches and the ability to share searches with others in the organization.
Autocomplete and search tips were added to assist users with crafting AssetView queries. “This makes search much easier to use,” said Jimmy Graham, a Qualys product management director. More search fields were added to give users more options for searching through their assets.
Meanwhile, several widgets and the widget builder itself were made more dynamic and customizable, and the product added a Dashboard and Widget library with prebuilt, customizable dashboards.
AssetView’s vulnerability summary feature also improved with the addition of dynamic, clickable charts, which let users filter vulnerabilities by severity or narrow down to only confirmed vulnerabilities.
It’s also now possible to select a date range to see how those vulnerabilities have changed over time, and to click on anything to drill down to vulnerability details in list form.
A new “Group by” feature lets users group their assets by several attributes, showing counts for each group, total unique groups returned, and the ability to filter a column.
ThreatPROTECT launched this year to help customers with the challenge of prioritizing remediation work at a time when thousands of new vulnerabilities are announced every year, Graham said.
“Vulnerabilities are a constant stream,” he said. “We call it the firehose of vulnerability disclosures.”
ThreatPROTECT correlates an organization’s vulnerability data with real-time threat information and helps security teams sift through that information and pinpoint what needs to be remediated right away. “Doing this manually doesn’t scale,” Graham said.
Since ThreatPROTECT’s release earlier this year, Qualys has rolled out enhancements including several for its Live Feed component, which now has multiple column view, including a column exclusively for high risk items and a favorites column for tracking specific items selected by the users. ThreatPROTECT also now marks unread items from the Live Feed as new.
Also new is the addition of a trend indicator to widgets, which show users the amount of change up or down, as well as a historical graph showing the trend over time.
Among the highlights of improvements to Vulnerability Management are updated dashboards, reports and extended API capabilities, as well as support for superseded patch reporting, which tells security teams which patches they can ignore because they are superseded by more recent patches.
“We also did a lot of work on remediation ticketing, UI and other general management and customer feature requests,” said Tim White, product management director at Qualys.
Enhancements to Policy Compliance fall into several areas. One is simplified policy creation, through improvements like copy control settings, lock/unlock policies and Cloud Agent and tag support. Another area of improvement are user defined controls and reporting access and options, according to White.
Web Application Scanning
“When we looked at what has happened since QSC last year, you can see the development team has been busy,” said Jason Kent, vice president of web application security at Qualys.
More than 200 improvements have been rolled out for Web Application Scanning, which is used by 3,100 customers for scanning more than 130,000 websites. Improvements include progressive scanning, SmartScan, DOM-XSS and vulnerability re-test functionality.
For example, progressive scanning lets organizations take very large web apps and not have to scan them in a single pass, which can be hard to do, but rather in two or more steps, picking up right where the scan was stopped, he said.
Meanwhile, SmartScan allows for enhanced and advanced scanning of AJAX heavy web applications, along with enhanced support for Single Page Applications (SPA) and also advanced frameworks such as AngularJS and bootstrap.
The architecture of the Qualys Cloud Platform has enabled the acceleration in new features in 2016. Qualys’ centralized platform provides continuous discovery, real-time distributed data collection, a data analytics and reporting correlation back-end. And because the platform is centralized in the cloud, new services can easily add data to the platform, or perform analysis and provide new insights on the platform. For customers, that means Qualys can offer a complete platform providing global visibility into security and compliance.