Announcing the Newest Game-Changing Upgrades of Qualys Cloud Agent
Last updated on: February 15, 2024
Qualys Cloud Agent Gets Powerful Enhancements for Boosting User Flexibility, Improved Control & Efficiency in VDI Environments, Seamless Updates, and More!
We are excited to unveil a major upgrade to the Qualys Cloud Agent, marking a significant stride in cybersecurity management. The four updates to the Qualys Cloud Agent bring significant value to Qualys customers, offering enhanced control, efficiency, and flexibility, significantly aiding organizations in maintaining a secure, compliant, and optimized IT environment. They address specific challenges in cybersecurity management, making them highly valuable for a range of industries, particularly those with complex IT infrastructures and stringent security requirements.
Our latest release focuses on four key areas of enhancement:
1. Reduced Activity Periods (RAP)
- Customized Control: Allows organizations to tailor the operation of their agents during critical operations or system updates, providing greater control over their cybersecurity environment.
- Minimized Disruptions: Helps in minimizing disruptions during sensitive operational times by designating periods where regular agent activities are restricted.
2. Enhanced Capabilities for VDI
- Streamlined Agent Provisioning and Merging: Improves the efficiency of managing agents in VDI environments by reducing duplicate agents and optimizing the use of licenses.
- Adaptability in Dynamic Environments: Especially useful in non-persistent VDI setups where cloned virtual desktop systems are regularly destroyed and recreated.
3. Agent Version Control
- Control Over Agent Updates: Empowers organizations to lock specific agent versions and manage updates more meticulously, aligning with internal policies and procedures.
- Automated Updates: Keeps security infrastructure consistently up to date without manual intervention.
4. Change Activation Key
- Flexibility in Agent Management: Allows for easy transition of agents between different activation keys without the need for reinstallation.
- Efficiency in Organizational Changes: Particularly beneficial for large organizations undergoing restructuring.
In this blog, we delve into the first two areas of enhancement: Reduced Activity Periods (RAP) and Enhanced Capabilities for VDI, illustrating how they elevate user flexibility and control, and improve efficiency in VDI environments.
Reduced Activity Periods (RAP): A Leap in Customization, Control and Flexibility for Users
RAP is a testament to our commitment to addressing the unique needs of our diverse clientele, including financial services organizations, critical national infrastructure operators, and customers who require tighter control over their agents’ operation on end systems.
With the introduction of Reduced Activity Periods (RAP), we have set a new standard for controlled and secure environments during critical operations and system updates. During RAP, we designate specific times for system changes, updates, or maintenance, temporarily limiting regular agent activities. This strategic approach is key in minimizing disruptions and mitigating risks, thereby safeguarding the integrity of financial processes against potential conflicts or errors arising from simultaneous agent activities in sensitive periods.
Key Features of RAP
- User-Friendly Options: Find a set of intuitive options to streamline the RAP configuration process, including specific endpoint and tag selection, and defining start and finish times.
- Day Selection Toggle: Gain the flexibility to differentiate between weekday and weekend requirements through an intuitive toggle feature where each day of the week is represented by an individual button, ensuring you have granular control over the active periods of your RAP windows.
- Module Group Management: Enable/disable activity based on module behavior, catering to scan-based needs (includes Vulnerability Management, Policy Compliance/Security Configuration Assessment, Asset Inventory, and SwCA scans) and remediation-based needs (comprising Patch Management and Custom Assessment Remediation).
- Module Customization: Fine-tune the settings within each module group to enable/disable specific module groups.
- Activity, Data Collection + Network Transmission Controls: Enjoy precise control over activity, data collection, and network transmission per module for tailored operation through customization.
Benefits of RAP
The introduction of RAP marks a significant leap in user control and flexibility, offering a tailored experience that seamlessly aligns with unique operational needs. By balancing stringent security requirements with operational demands, our enhanced Qualys Cloud Agent ensures that your organization can achieve both security compliance and business efficiency without compromise.
- Enhanced Operational Integrity: Ensures the smooth running of critical processes, particularly in financial and national infrastructure sectors, by preventing potential conflicts or errors due to concurrent agent activities.
- Compliance with Security Regulations: Aids in adhering to strict security protocols required in sensitive sectors.
Frequently Asked Questions
Which release contains this feature?
Cloud Platform 3.16.2
Which agents support this functionality?
Windows Agent 5.4 and Linux Agent 6.2 will support the new options. Legacy agent versions will continue to support the previous version of this feature in its most basic form, where only VM and PC Network Transmission can be disabled.
What happens to my current agents configured for legacy “Blackout Windows”?
There is no impact or change. For the following Cloud Agents, only the network transmission for VM and PC modules is blocked.
- Cloud Agents for Windows before v5.4
- Cloud Agents for Linux before v6.2
- Cloud Agents installed on all other platforms
Does the new RAP Window feature allow me to control all Qualys module features on the agent?
No. Event-based modules including EDR, EPP, FIM and XDR are not included in this version of RAP Windows.
Does the new RAP Window feature allow me to completely subdue the Qualys Cloud Agent so that it does not operate at all?
No. As some modules may still be operating, inherent core functionality that these modules may require, such as command-polling, is still running, however, these internal functions are very unobtrusive.
If all scan-based and remediation-based modules are disabled, and no event-based modules are licensed for that endpoint, then there is almost no use of such internal functions.
Enhanced Capabilities for VDI: Streamlining Agent Provisioning and Merging
The Enhanced Capabilities for VDI update to the Qualys Cloud Agent introduces a sophisticated logic improvement to address the unique challenges in virtual desktop infrastructure (VDI) environments, particularly in agent provisioning and merging, leading to efficient and secure VDI environments.
Set It and Forget It
In VDI environments, where virtual desktops are routinely regenerated, managing cloud agents efficiently becomes crucial. Previously, each regeneration created new unique identifiers (UUIDs) for agents, leading to duplicates and unnecessary consumption of Cloud Agent licenses.
Now, the first boot of a linked clone without a UUID triggers a search in the Asset and VMDR databases to check for previous instances based on metadata like hostname, IP address, and MAC address. If recognized, the agent’s metadata is updated under the new UUID, eliminating duplicates and conserving licenses.
It’s a ‘Set It and Forget It‘ solution: once you define the recognition rules, the Qualys Cloud Platform does the rest, requiring no further configuration at the endpoint.
Asset Identification Service
Our latest service enhancement, the Asset Identification Service, is a game-changer that adeptly merges newly provisioned agents with existing records using key asset attributes (MAC address, Hostname, NetBIOS name, serial number, etc.). This approach is equally effective for both persistent and non-persistent VDI assets, ensuring a unified, efficient record while preserving critical data like creation and initial discovery dates.
Key Features of Enhanced VDI Capabilities
- Improved Agent Provisioning Logic: Merge agents based on primary (MAC addresses, BIOS serial numbers) and supporting fields (Hostname, IP address, OS).
- Primary Fields for Precision: Merge agents using primary fields such as MAC addresses, BIOS serial numbers, or BIOS/hardware UUIDs that serve as the backbone of the merging process, ensuring accuracy and reliability.
- Supporting Fields for Flexibility: In addition to the primary fields, incorporate an additional layer with supporting fields like Hostname, IP address, and OS for enhanced flexibility, adapting the process to diverse IT environments.
- Authoritative Decision Making: Ensures agent merging only occurs with an exact match of selected criteria.
- Primary Field Priority: Agent merging decisively relies on primary fields. Rules for merging cannot be established based on supporting fields alone, emphasizing the importance of primary field selection.
- Exact Match Requirement: For a successful merge, there must be an exact match across all customer-selected criteria. This stringent matching process ensures that merging occurs only when all specified conditions are met, preventing inaccuracies and maintaining the integrity of your IT environment.
- Smart Decision-Making with Multiple MAC Addresses: A smart, comprehensive solution for handling multiple MAC addresses in complex IT environments with multiple network interface controllers (NICs).
- Smart Decision-Making in Multi-NIC Environments: Collects all MAC addresses in a comma-separated format, catering to environments with multiple NICs for accurate asset management and streamlined agent merging.
- Intelligent MAC Address Matching: The key to our efficient merging process lies in the intelligent matching of MAC addresses, irrespective of their sequence. For instance, if an existing asset is recorded with MAC addresses M1, M2, and M3, and a new agent is introduced with these MAC addresses in any order (e.g., M2, M1, M3), our system recognizes and merges the agent seamlessly.
Benefits of Enhanced VDI Capabilities
The Enhanced VDI Capabilities are not just an improvement – it’s a leap forward in VDI asset management, revolutionizing agent provisioning by eliminating duplicates, conserving Cloud Agent licenses, and ensuring seamless consolidation of assets in VDI environments. Here are the benefits of this enhancement and how it can amplify VDI environment security and efficiency:
- Resource Efficiency: Reduces the consumption of Cloud Agent licenses and eliminates the need for additional configurations.
- Simplified IT Management: Automates and simplifies the process of managing and securing assets in VDI environments.
Frequently Asked Questions
Which release contains this feature?
Global AssetView/CyberSecurity Asset Management 2.16.2
Is there a specific agent version needed?
No, all non-EOS versions are supported
Is there a rule configured by default?
No, the customer must define the rule and must include one of the following:
- MAC address
- BIOS Serial Number
- BIOS/Hardware UUID
What if two or more agent records match?
No merge will occur. Customers should first clean up duplicates using traditional purge rule-type techniques.
The new enhancements to RAP and Enhanced Capabilities for VDI within the Qualys Cloud Agent offer our users more intelligent, flexible, and efficient ways to manage and secure their digital assets.
Stay tuned for the next blog, where we will explore the remaining enhancements: Agent Version Control and Change Activation Key, further showcasing Qualys Cloud Agent’s security management and control advancements.
Get Started
Please contact Qualys support to activate these features for your subscription.
Interested in learning more about how Qualys can help you mitigate risk and ensure you get the best value, pricing, and solutions for your organization?
- Existing Users: Contact your Qualys Technical Account Manager.
- New users: Start a Qualys Trial now at no extra cost.