Qualys TotalCloud is a CNAPP solution based on Qualys’ Cloud Platform that provides multi-cloud vulnerability detection and misconfiguration response, and today we are pleased to announce that TotalCloud is now generally available.
Unified View of Multi-Cloud Risk Posture
TotalCloud allows you to keep a unified eye on your organization’s multi-cloud security posture. The comprehensive dashboard lets you quickly and easily identify, assess, and remediate your cloud environment’s misconfigurations, vulnerabilities, and threats. There are several benefits to this approach, as it streamlines security operations, allowing risk management to be easier and compliance with industry guidelines to be ensured.
API-Based Agentless Vulnerability Scanning for AWS
As part of this GA release of TotalCloud, Qualys added support for API-based agentless vulnerability scans for Amazon Web Services. As shown below, it is simple to configure an API-based scan; all you do is check a box in the connector configuration, as shown below:
When enabled, all new virtual machines created in the account associated with this connector will be automatically scanned via API-based scanning. Cloud Service Providers provide APIs for API-based scanning in order to collect operating system package inventories from the virtual machine to analyze software vulnerabilities.
It is not necessary to have the Qualys Cloud Agent present for API-based assessments. If the VM is running a Qualys Cloud Agent, the vulnerability reports from the API and the Cloud Agent are aggregated and compiled. The API-based approach is perfect for ephemeral workloads since it detects vulnerabilities instantly and generates a vulnerability report within five to ten minutes after the API is invoked.
More information about different scanning methodologies, as well as their use cases, can be found on this blog.
In addition to API-based scanning, Qualys is developing snapshot-based scanning, which will be released as a beta version early 2023 to API-based scanning.
New Feature: Qualys Cloud Detection and Response
Qualys is proud to announce the addition of Qualys’ Cloud Detection and Response (formerly Blue Hexagon CTDR) to TotalCloud. Qualys CDR is an all-in-one runtime threat detection solution integrated with TotalCloud. Qualys CDR reduces the risk associated with deploying critical workloads to the cloud, while simultaneously detecting threats at their source so that threats can be neutralized. It is now possible to detect and prevent active exploits using Qualys CDR, in addition to determining whether your workloads are vulnerable or misconfigured. You can find out more about CDR by checking out the blog or website.
In conclusion, Qualys’ GA release of TotalCloud marks a major milestone for the company. By simplifying cloud security and providing organizations with an overview of their security posture, TotalCloud is the ideal solution to secure cloud infrastructures and protect critical data in the cloud.