Qualys Security Conference 2019 kicked off this morning at the Bellagio hotel in Las Vegas. The event actually began on Monday with training sessions over the first two days, but this morning hundreds of attendees filled a conference room to listen to keynote presentations about the state of cybersecurity and the vision for the future of the Qualys Cloud Platform.
The morning started with an insightful presentation from Richard Clarke, national security and cyber risk expert and author of The Fifth Domain. Clarke noted that when his first book—Cyber War—came out a decade ago, Wired magazine’s review stated “file under fiction.” Fast forward a decade and most of what Clarke predicted has come to pass. I actually just finished reading Clarke’s previous book, Warnings.
Clarke’s keynote focused on the increasing risk organizations face from nation state attackers, and the need for steps to be taken to avert a true cyber war and negotiate cyber peace. It was a fitting way to kick off two days of sessions and presentations highlighting the issues that organizations face and how Qualys is working to help customers defend effectively against cyber attacks.
Security at a Crossroads, Part II
Philippe Courtot, CEO and Chairman of Qualys, followed Clarke. Similar to Clarke’s story of how Cyber War was received and how time has proven him right, Philippe started his keynote talking about a presentation he gave at the RSA Conference in 2012 called The Inconvenient Truth. Like Cyber War, it was not well received at the time, but history has proven Philippe right.
Philippe’s presentation walked through a brief history of computing technology—from mainframes, to minicomputers, to client-server architecture, and finally cloud computing. It was enlightening, but Philippe wasn’t walking down memory lane just for the sake of doing so. He also shared the evolution of risk and the increasing need for cybersecurity as computing technology and the way we use it has evolved.
He talked about the advent of the printing press and the dramatic change it introduced to the world. The ability to mass produce written texts opened the flood gates of information and enabled scientific discoveries and technical information to be shared broadly as well. The printing press planted the seed that ultimately became the Industrial Revolution. Philippe stressed that he believes the introduction of the internet has had a similar impact on our world today.
According to Philippe, the tech buyer and prevailing business model have changed. The DevOps revolution and the shift away from perpetual licenses to consumption-based pricing change the way companies—including Qualys—have to approach the market. Change may seem challenging, but change also brings opportunity. Philippe pointed out that successful companies are driven by advances in computing technologies and the underlying architectures they enable.
Philippe wrapped up with a brief overview of Qualys’ latest product launch: VMDR—Vulnerability Management, Detection and Response. He explained that VMDR unifies everything you need for effective vulnerability management into a single app—and brings vulnerability management to the next level. He also noted that VMDR provides Qualys with an underlying foundation for future solutions, including EDR (Endpoint Detection and Response), and a data lake / SIEM initiative.
The Evolution of the Qualys Platform: Unveiling the Latest Updates and Next-Gen Initiatives
Next up was Sumedh Thakar, President and Chief Product Officer for Qualys. Sumedh provided a more in-depth overview of the challenges VMDR addresses and the vision Qualys has for VMDR and the future of the Qualys Cloud Platform.
Sumedh began by talking about TTR—the total time to remediate. He noted that this is the only true measure of the effectiveness of a security program. He also emphasized that mean time to repair—which is a standard metric that organizations focus on—is irrelevant. With enough incidents, your average time to repair might be exceptionally low, but having a low MTTR won’t save you from that one incident that lingered for weeks or months.
While there is a lot of talk about simplifying and streamlining, Sumedh pointed out that infrastructure is increasingly fragmented and hybrid. IT teams have to deal with complex infrastructures that include cloud, bare metal, endpoints, mobile devices, IoT, OT, APIs, containers, and more. From a security perspective, this is a growing challenge because each of those infrastructure elements simultaneously increases the exposed attack surface and makes comprehensive visibility more difficult.
It’s a simple reality that you can’t effectively protect assets you don’t even know about. Achieving comprehensive visibility is easier said than done, though. Sumedh talked about the problems that organizations face trying to get a growing array of different tools from different vendors to seamlessly communicate with each other and integrate to provide some sort of functional, actionable view of the security posture. He highlighted the irony of deploying multiple tools and then having a SIEM (Security Information and Event Management) to correlate input from various tools, and now the growth of SOAR (Security Orchestration, Automation, and Response) to try and correlate and streamline response to the SIEM alerts.
Vulnerability Management, Detection, and Response
All of that was a lead up to discussing VMDR and the ways that VMDR addresses those challenges and provides customers with a simple, streamlined approach to cybersecurity. Sumedh said that Qualys is focused on unifying IT, security, and compliance, and on consolidating the stack to reduce point solutions—and the associated agents and consoles.
VMDR tackles these issues by providing a comprehensive solution from a single app and a single agent. Organizations can gather and maintain an accurate, real-time asset inventory, and identify vulnerabilities and configuration errors. VMDR combines real-time threat intelligence, asset context, and machine learning to effectively prioritize threats and provides an end-to-end workflow and real-time interactive dashboards to resolve issues efficiently.
In a nutshell, Sumedh stated that with VMDR the Qualys Cloud Platform is the fastest platform to go from discovering new assets to patching its most critical vulnerabilities with contextual prioritization. Period.
Finally, Sumedh explained that VMDR is just the beginning of a continued platform expansion for Qualys. Qualys is working on delivering similar capabilities for ICS OT environments and SaaS security and compliance. Right now, VMDR is Vulnerability Management Detection and Response, but Qualys is working on delivering many more “DRs” as Sumedh put it and continuing to deliver comprehensive visibility and streamlined cybersecurity through the Qualys Cloud Platform.
Connecting It Together
The idea connecting the presentations and the discussions they generated among attendees today is the claim that total time to remediation is the only true measure of the effectiveness of security programs. Starting from the big picture (the really big picture of national security risk with geopolitical implications) and going all the way down to the consistent discipline required of security teams, building out processes and automation to remediate effectively is what keeps you safe. Across ever-changing IT environments, evolving technology and more sophisticated threats, security teams need to focus on the core tools and practices that support that effort.