QSC18 Virtual Edition – Building Security In: The Qualys Cloud Platform and Architecture
Last updated on: October 27, 2022
Digital transformation, driven primarily by the DevOps movement, represents a new opportunity “to redo IT from scratch, but more importantly, to redo security from scratch,” Sumedh Thakar, Qualys’ Chief Product Officer, said during QSC18 Virtual Edition.
Specifically, organizations can organically build security into this new, hybrid IT infrastructure, instead of abruptly bolting it on as has been done traditionally — and ineffectively. Meshing security in natively requires a unified security and compliance platform for detection, prevention and response.
Today, many organizations have a fragmented, siloed strategy that doesn’t provide the needed visibility because it’s based on accumulating point products that don’t scale, are costly to deploy and maintain, and complex to integrate.
“This is why security is so far behind,” Thakar said during his keynote.
“The effort and resistance that goes into putting together the information that’s required to make decisions is very costly, very time-consuming, and not accurate,” he added.
Qualys Cloud Platform: Built for Securing the Digital Transformation
The Qualys Cloud Platform has been architected with the goal of simplifying security by eliminating friction and making it as intuitive and automated as possible.
It’s what Thakar calls “transparent orchestration,” which he says is the future of security, and a key guiding principle and goal for Qualys, as evidenced by the platform’s design and operation:
- Versatile sensors — agents; physical, virtual and cloud scanners; API integrations; and an upcoming passive network sniffer — collect IT, security and compliance data from global assets everywhere: on premises, in clouds, at endpoints, and on mobile devices
- A robust, massively scalable backend stores and processes the data with its various analytics and reporting engines, and presents it in a unified “single pane of glass” view of the organization’s security posture
- An integrated suite of centrally-managed, self-updating cloud applications now cover almost 20 security and compliance tasks, including vulnerability management and container security, with more apps in development
In all, the Qualys Cloud Platform detects 1+ trillion security events per year, conducts 3+ billion IP scans and audits per year with Six Sigma accuracy (99.99966%), and has indexed 250+ billion data points in its elastic search clusters.
With this cloud architecture, the Qualys Cloud Platform is uniquely designed for protecting today’s hybrid IT environments, including the DevOps pipelines where digital transformation projects are built and deployed.
With its integrations into public cloud platforms such as AWS and Azure, and with its cloud security apps, Qualys can protect the entire DevSecOps lifecycle, from the development to the production stages.
“We’ve really focused on bringing the capabilities of DevOps and SecOps together into a single view,” Thakar said.
The Qualys Cloud Platform provides unparallelled end-to-end discovery, prevention, detection and response capabilities. “If this is all providing you real-time visibility, your response now becomes significantly easier and much more accurate, because you’re looking at information that’s well groomed,” he said.
Roadmap
Thakar highlighted a number of recently-released and upcoming apps and technologies:
- Cloud Inventory, available now, for a complete inventory of all your cloud assets across AWS, Azure, Google Cloud and other cloud platforms
- Cloud Security Assessment, available now, for continuous monitoring and assessment of your cloud assets and resources for misconfigurations and non-standard deployments
- Certificate Inventory, available now, for a full inventory of TSL/SSL digital certificates on a global scale
- Certificate Assessment, available now, for assessing all digital certificates for TLS/SSL vulnerabilities
- Qualys Container Security, available now, for discovering, tracking and continuously protecting containers
- Qualys Asset Inventory, available soon in beta, for providing a single source of truth for IT assets across hybrid environments
- Passive Network Discovery, an upcoming sensor technology based on Qualys’ acquisition of Nevis Networks for network traffic analysis
- Mobile Security Platform, based on Qualys’ 1Mobility acquisition and due in beta in Q4, for detailed security assessment and policy enforcement of mobile devices
With these and other recent and upcoming releases, Qualys is extending its reach and allowing customers to replace more point tools and further consolidate their security stacks on the Qualys Cloud Platform.
“We’re really dedicated towards enhancing our platform,” he said.
You can watch a recording of Thakar’s keynote, which goes into a lot more detail, features demos of several products and includes a Q&A session with the audience.