How New Passive Network Sensor Boosts Platform Capabilities

Black Hat attendees got a peek at Qualys Passive Network Sensor (PNS), a product that amplifies the already comprehensive IT asset visibility Qualys provides to its customers. By adding real-time network analysis to Qualys’ versatile set of sensors, PNS eliminates blind spots across IT environments through continuous traffic monitoring.

“Now you have instant visibility into every single asset that’s communicating on your network,” said Qualys’ Chief Product Officer Sumedh Thakar during a presentation on Passive Network Sensor at the conference.

The sensor extends the Qualys Cloud Platform’s broad spectrum of integrated security and compliance capabilities, further reducing Qualys customers’ needs for multi-vendor point products that are costly to manage and integrate.

The Qualys platform collects asset telemetry from your hybrid IT environment using a variety of sensors, including:

• physical scanners for on-premises, legacy assets
• virtual scanners for private clouds and virtualized infrastructure
• pre-certified scanners for public cloud platforms
• lightweight, multi-platform agents for real-time asset telemetry of on-premises, cloud and mobile assets
• Docker container sensors for continuous assessment of ephemeral containers across the DevOps pipeline
• a full API set for integration with third-party systems, including certified native integrations such as the one with the ServiceNow CMDB

Passive Network Sensor: A closer look

With the new PNS, Qualys customers are gaining the ability to discover in real time all devices connecting to their network, including those which would otherwise remain invisible.

These assets can be anything: a managed corporate-owned device, an employee’s device connected to corporate networks, an IoT device such as a Wi-Fi enabled TV or IP camera. “Today, most of IT is blind to this,” he said.

Once identified and profiled, these systems can then be managed as part the customer’s security and compliance program by scanning them or placing an agent in them. The PNS also analyzes device traffic, so it’s able to identify suspicious behavior, unauthorized communications, and other anomalous signs of compromise.

Later this year, the product will also enable network access control capabilities, so that it can be used to quarantine and block devices based on pre-established policies. “This is really bringing a whole new aspect of security and compliance to the Qualys Cloud Platform,” Thakar said.

The big picture: Qualys Cloud Platform

The data collected by PNS and the other sensors is transmitted to the Qualys Cloud Platform’s backend for storage and analysis using “big data” technology, like Kafka, Elasticsearch and Cassandra.

The platform detects 1+ trillion security events annually, and conducts 3+ billion device assessments and audits per year with Six Sigma accuracy (99.99966%). Currently, it is indexing 250+ billion data points in its Elasticsearch clusters.

The security and compliance data is then made available to Qualys’ over 15 integrated, self-updating apps. Accessible from a central console, the apps provide specific views and analysis of the data, Thakar explained.

For example, Qualys apps’ coverage includes, among other areas, digital certificates, public clouds, containers, web apps, vulnerability management, file integrity monitoring, and asset inventory.

As such, this growing apps suite provides a unified toolset for multiple security teams, including those in charge of on prem data centers, endpoints, clouds, web apps, DevOps pipelines and policy compliance. In this way, Qualys helps customers simplify and consolidate their security and compliance stack for hybrid IT environments.

The platform’s integrated apps suite, sensor set and analysis backend give customers instant, multi-dimensional and full “single-pane-of-glass” visibility of their security posture. Qualys’ true platform approach for prevention and response weaves security and compliance seamlessly across on-premises, clouds and endpoints at a drastically lower total cost of ownership.

The solution for protecting hybrid IT environments that are powering digital transformation efforts isn’t to pile on disjointed, point products, each with its own console, agent and scanner, and then slap a SIEM on top of it. “We’re helping you consolidate multiple different products that you otherwise would have to deploy in silos,” Thakar said.

With Qualys, “you can click and find all this information together in one place,” he added.

You can watch a video of Thakar’s Passive Network Sensor presentation. It includes a lot more details about the Passive Network Sensor and the Qualys Cloud Platform, as well as a live demo.

Availability

Passive Network Sensor will be available in private beta later this month. This first phase delivers capabilities focused on asset discovery and profiling. General availability is planned for early 2019. 

More Information

Press release: Qualys Takes Its Cloud Platform to the Next Level with Native Integration of Real-Time Network Analysis

Product page: Passive Network Sensor