QSC18 Virtual Edition: Securing Hybrid IT Environments from Endpoints to Clouds

As organizations embrace digital transformation to boost business processes, traditional IT environments get altered, becoming distributed, elastic and hybrid.  “That’s creating a new challenge for security,” Chris Carlson, Qualys’ Product Management VP, said during QSC18 Virtual Edition.

As elements like cloud services, mobility, IoT, and DevOps are incorporated into IT environments, security teams often struggle with asset visibility, credential issues, authentication failures, remote-user scanning, and scheduled scan ineffectiveness.

But these challenges also offer “an opportunity to redefine how security programs and controls are done,” he said during his presentation titled “Securing Hybrid IT Environments from Endpoints to Clouds.” 

Carlson went on to explain how organizations can secure digital transformation efforts with Qualys’ platform, and emphasized the benefits of Cloud Agent sensors. Read on to learn more.

Qualys sensors

Qualys offers security teams a broad variety of sensors to collect security, IT and compliance data from assets in hybrid environments. Scalable, self-updating and centrally-managed, Qualys sensors include:

• physical scanners for on-premises, legacy assets
• virtual scanners for private clouds and virtualized infrastructure
• pre-certified scanners for public cloud platforms
• a passive network sniffer (upcoming)
• a full API set for integration with third-party threat intel feeds and other tools
• lightweight, multi-platform agents installed on assets for real-time data collection

This versatile set of sensors gives security teams valuable options for collecting data from many IT asset types. The Qualys Cloud Agent in particular is a game changer, according to Carlson.

“We developed it to be a new platform paradigm,” he said.

Cloud Agent: An in-depth look

Because Cloud Agents work in concert with the Qualys Cloud Platform, customers can easily add security and compliance capabilities. Delivering multiple functions via a single agent “changes how security leaders are developing and creating security programs across their hybrid IT enterprise,” Carlson said.

The Cloud Agent is lightweight, consuming negligible computing and network resources. After a comprehensive initial data collection of the asset, it only gathers changes. Broad OS support includes Windows, Linux, MacOS, and “cloud native” platforms such as AWS, Azure and Google Cloud. It works on premises, in clouds and remote endpoints.

Its many benefits for securing hybrid environments include:

• No scan windows needed. It’s always collecting data on assets it’s installed on, even when assets are offline.
• This constant monitoring yields faster vulnerability discovery and patch confirmation.
• No need for complex credential and firewall management. It only communicates outbound to the Qualys platform.
• It works with multiple Qualys apps, which lets security teams remove point-solution agents from assets and consolidate security tools, reducing costs and complexity.
• It extends security to assets that are difficult or impossible to monitor with scanners, including:
  • Remote systems in branch offices
  • Roaming user devices
  • Elastic, ephemeral public cloud instances

Qualys customers have taken notice, having deployed 7.3 million agents between March 2017 and March 2018. One customer put 1 million in cloud assets, and 150,000 in user devices.

Cloud Agents and DevOps

Carlson highlighted the key role the agent plays in securing DevOps pipelines, citing as an example the integration between Qualys and Azure Security Center (ASC). Windows sysadmins, typically unfamiliar with security tools, can add Qualys Vulnerability Management (VM) to an Azure instance with a few clicks.

ASC automatically puts a Cloud Agent into the instance, whose data is collected and sent for analysis to the Qualys platform, which returns it to Azure. This gives Windows sysadmins a comprehensive view of the instance’s vulnerabilities, context around severity and risk, and the ability to drill down into details.

With these insights, sysadmins can programmatically prevent instances with high-severity vulnerabilities from launching into production, for example. “That really is DevSecOps. That’s really ‘shifting left’ into security,” Carlson said.

A single view of the asset

Carlson also explained how, using the Cloud Agent and the Qualys apps that leverage it, organizations can get a multi-dimensional view of a breached asset:

• Qualys Indication of Compromise (IOC) shows compromise indicators
• Qualys Asset Inventory (AI) provides granular hardware, software and usage details
• Qualys VM and Threat Protection (TP) detect vulnerabilities and help prioritize remediation
• Qualys Policy Compliance (PC) assesses security configurations and controls
• Qualys File Integrity Monitoring (FIM) helps determine if key system files have changed

“This gives you that unified view of that asset as you investigate a breach and find out what’s happening in your environment before data loss or compromise,” Carlson said.

---

Watch the on-demand version of Carlson’s presentation, which goes into a lot more detail on these and other topics, features demos of Cloud Agent and other products, and includes a Q&A with the audience.