Continuous Security and Compliance Monitoring for Global IT Assets

Juan C. Perez

Last updated on: September 6, 2020

In today’s information security world, all assets everywhere must be detected, visible, protected and compliant — all the time. It’s no longer enough to rely on “point in time” security and compliance assessments, such as scheduled weekly or monthly scans on handpicked critical servers.

“You must transition to continuous security and compliance monitoring of all of your global IT assets,” Chris Carlson, a Vice President of Product Management at Qualys, said during a recent webcast.

The reasons for this shift are many and varied, and include these three key ones:

  • Hackers have dramatically shrunk the time it takes them to weaponize exploits for critical vulnerabilities, as evidenced by our analysis of WannaCry below. This means that organizations need to sharpen and accelerate their vulnerability assessments and patch deployments, to stay ahead of the bad guys.
  • Another driver is the intensifying attention on security from boards of directors and top executives. InfoSec teams must keep them informed at all times about incidents, tactics and strategies.
  • In addition, this approach to security is key for protecting new digital transformation efforts that involve technologies that blur traditional network perimeters and can’t be protected with legacy enterprise security solutions. Think of web apps, public cloud services, IoT, mobile computing, and others.

In this brave new world, organizations need far and wide clarity into all of their IT assets, wherever they are — on premises, in clouds, at endpoints — and whatever they are: physical servers, virtual machines, network devices, end user workstations, cloud workloads, industrial control systems, IoT sensors and so on.

Enter Qualys

The Qualys Cloud Platform has been designed from the ground up for defending today’s distributed and hybrid IT environments. With a growing suite of natively integrated security and compliance Cloud Apps, the Qualys Cloud Platform provides end-to-end security and compliance capabilities including:

  • discovery and cataloguing of all IT assets;
  • prevention via vulnerability management, threat prioritization, patch management, configuration assessment and other methods;
  • detection, including endpoint activity, network activity and cloud infrastructure monitoring;
  • and response, including security orchestration and incident response.

“It’s not just about point-in-time vulnerability management. It’s about automated, continuous discovery and monitoring for all your IT assets,” Carlson said.

Qualys’ cloud-based architecture, which includes a software-as-a-service (SaaS) delivery and licensing model, slashes the costs and complexity associated with acquiring, installing, managing and maintaining on-premises enterprise security point products.

With its unified, true platform approach, Qualys offers customers unparalleled ease of deployment and scalability, and provides automated, continuous assessment of their global security and compliance posture, with instant, “single pane of glass” visibility across all their IT assets, wherever they reside, via the platform’s centralized, customizable AssetView dashboard.

AssetView lets you see the big picture, drill down into details, and generate reports. It aggregates and correlates all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can instantly find detailed data on any asset – on-premises, endpoints and all clouds.

The Qualys Cloud Platform sensors – available as physical and virtual appliances, and as lightweight agents – are always on, remotely deployable, centrally managed and self-updating, enabling true distributed scanning and monitoring of all areas of today’s hybrid IT environments.

Qualys sensors collect data from your IT environment and automatically beam it up to the Qualys Cloud Platform, which continuously analyzes and correlates the information to help you quickly and precisely identify and eliminate threats.

Qualys offers various types of scanner appliances, including:

  • Physical appliances that scan IT assets located on your premises
  • Virtual appliances that remotely scan your private cloud and virtualized environments
  • Internet appliances for fast and efficient external scanning
  • Cloud appliances that remotely scan your internet infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances in commercial cloud computing platforms

Appliances are configured through an easy to use interface, and activated online through the Qualys web interface.

Meanwhile, the Qualys Cloud Agent extends security throughout your global enterprise, while consuming minimal CPU resources.

Cloud Agents work where it’s not possible or practical to do network scanning. They’re Qualys’ preferred method for assets like dynamic IP client machines, remote/roaming users, static and ephemeral cloud instances, and systems sensitive to external scanning.

In addition, the Qualys Cloud Agent supports multiple Qualys Cloud Apps, so you don’t need to redeploy the agent or reboot the asset when you add other apps to it.

“This isn’t yet another agent just for vulnerability management,” Carlson said. “It replaces other security functions, allowing you to quickly add new capabilities without deploying another agent and ultimately removing extra agents from your endpoints.”

After their initial deployment, Cloud Agents run a full configuration assessment of the host in the background and upload the collected data to the Qualys Cloud Platform for analysis. Then, as changes occur throughout the day, Cloud Agents push updates to the platform, ensuring you have the latest IT asset data at your fingertips immediately.

WannaCry: A watershed event

Customers using Qualys Cloud Agent and Qualys scanners were on top of the WannaCry vulnerability from the time it was disclosed, and with even more focus and urgency after EternalBlue came out.

The WannaCry ransomware, which infected 300,000-plus systems and disrupted critical operations globally in May, shone a spotlight on the importance of comprehensive asset visibility and nimble vulnerability detection and remediation.

As you may remember, WannaCry spread using the EternalBlue exploit for a Windows vulnerability (MS17-010) Microsoft had patched in March.

In other words, WannaCry wouldn’t have created such mayhem, if vulnerable systems had been timely patched and maintained as part of a proactive and comprehensive system configuration and vulnerability management program.

But WannaCry unfortunately is the new normal: Hackers are weaponizing exploits for disclosed vulnerabilities much more quickly and aggressively than, say, three or four years ago.

“That’s really been changing in the past year, and WannaCry really showed it,” Carlson said.

Only 26 days passed between the day when the ShadowBrokers hacker group released the EternalBlue exploit in mid-April, and the day when the WannaCry attack began, according to Carlson. Meanwhile, high severity vulnerabilities still take on average more than 100 days to patch.

Qualys threat data shows that customers using Qualys Cloud Agent and Qualys scanners were on top of the WannaCry vulnerability from the time it was disclosed, and with even more focus and urgency after EternalBlue came out, when they broadened their monitoring scope to include also roaming/remote devices, end user systems and cloud instances.

“Organizations doing continuous vulnerability assessment with the agent and with authenticated scanning, and aggressively patching, were much less impacted by WannaCry,” he said.

We invite you to watch a recording of the webcast, which includes many more details about the Qualys Cloud Platform, a demo and a question-and-answer session with audience members.

See all of the presentations in the Continuous Security and Compliance Webcast Series.

Share your Comments


Your email address will not be published. Required fields are marked *