If 2020 was the year of disruption, then 2021 was characterized by high-profile—and low-profile—cyberattacks against the likes of JBS Supply, Colonial Pipeline, and Kaseya. Three years that underscored the need for organizations not only to defend themselves but to become resilient to weather and spurn future attacks.
Of course, high-profile targets weren’t the only ones hit. As former CISA Director Chris Krebs said during the first day of QSC 2021, for every SolarWinds, there are attacks on other companies, both large and small, that don’t make the headlines.
For more than a year, threat actors successfully attacked companies, organizations, government agencies and institutions—with an emphasis on “successfully.”
“We have seen some of the most high-impact attacks that many of us can recall in our careers,” said Scott Crawford, cybersecurity analyst at 451 Research. Not the least of which has been the impact of some of these attacks across entire landscapes.
Attackers have been successful not only because they’ve exploited vulnerabilities that have been in the wild for many years, but also because their “ability to automate makes them efficient,” Crawford said. “They have an ability to coordinate across silos, and they’re not hampered by” things like regulatory compliance or security requirements.
Defenders, he said, can learn from adversaries and adopt and employ tactics such as automation when patching vulnerabilities. But they have to do a better job. Breaches can be devastating to organizations, crippling operations and damaging reputations.
After a devastating breach four years ago, Equifax put a premium on securing its assets and rehabilitating its image—and used the incident to bolster its defenses and increase its resiliency. It took steps to align its IT and security operations and upped its investment in security solutions and initiatives, according to keynote speaker Francis Finley, VP Cyber Threat Detection, Response and Vulnerability Management, Equifax.
The credit monitoring company brought in Qualys about a year ago, “primarily with the idea of buying a vulnerability management solution,” said Finley. “We quickly found out it solved a lot of other needs for us and the technical team as well.”
Ultimately, it helped Equifax to “change the language about how we talked about vulnerabilities,” he said, noting that the company now has “700-plus users that can log into Qualys – most of the incident response team and security operations center.” But tech teams use the solution, too. It can help them plan for things like end of life for devices.
Of course, it’s better to avoid becoming a victim of a successful cyberattack to begin with. Throughout the day Qualys showcased solutions designed to help prevent attacks and bolster organizations’ security postures. Sessions included:
Full Stack Container Security
Noting that the container tooling ecosystem is rapidly evolving and often includes multiple diverse container orchestration and CI/CD tools and registries, Kong Yew Chan, Director, Product Management, Container Security, Qualys, and Dilip Bachwani, Senior Vice President, Engineering & Cloud Operations, Qualys, explained how Qualys Container Security can secure Kubernetes and other containers across a variety of tool and environments while reducing risk to the CI/CD pipeline. Qualys has extended its approach to containers, managing vulnerabilities, configuration and compliance in Kubernetes environments and advocates for a shift-left strategy that supports a preventative approach to DevOps and Security. The company’s Cloud Platform has adopted a microservices-based architecture that runs on containers. Qualys used its own security solutions as it moved most of its workloads to containers.
Proactive Cloud Security, Compliance and Risk Management
Qualys has taken a proactive approach to Cloud Security Posture Management (CSPM), notorious as reactive tools focused on detecting security misconfigurations after they’ve been deployed and hackers have had ample opportunity to exploit them. But, according to Parag Bajaria, VP Cloud & Container Solutions, Qualys’s proactive approach reduces the chance of misconfiguration in runtime environments. It offers Infrastructure-as-Code (IaC) scanning that shifts detection and remediation of misconfigurations to the pre-deployment phase. Qualys can also make the entire cloud security process zero touch and cloud native and deliver fully automated workflows for cloud security assessments, remediation and reporting.
Qualys has made several innovations to its solutions, and they were fully displayed at QSC 2021. For example, the Qualys Integration Hub provides an innovative way for organizations to acquire, configure and use third-party integrations in just minutes. And third-party integrations extend Qualys Cloud Platform capabilities to solve cross-product use cases.
The company has also made strides in external attack surface management (EAPM), an emerging security specialty that addresses the complexities of building complex, and potentially vulnerable, cloud assets. This session walked attendees through how to find assets, blind spots, and process failures that allow attackers to bypass defenses and use proprietary analytics to support continuous monitoring and help IT to adapt and respond to threats.
Machine learning is not just a vague term any longer. Innovations in the Qualys Cloud Platform will provide advanced machine learning (ML) so organizations can gain a comprehensive understanding of environments to identify and predict emerging threats in a contextual way.
Threat Detection and Response Beyond Endpoints
Andrew Morrisett, Subject Matter Expert, SMB & SME, Qualys, and Jim Wojno, Senior Director, Product Management, XDR, Qualys, explained how Qualys Multi-Vector EDR integrates with other Qualys apps. This means organizations can leverage their perspectives and insights on assets, authorized software, vulnerabilities, compliance, users and threat intelligence; provide remediation options to increase their overall security posture; and implement threat hunting processes and super-charged incident response. Qualys Extended Detection and Response (XDR) aims to move companies beyond using multiple, single-focus siloed tools by tying everything together seamlessly. It uses a risk-based approach to offer a full enterprise-wide view that defenders and incident responders need. Using the solution, security teams can quickly identify, investigate, and remediate security incidents from a single, unified and intuitive console.
And that’s exactly what Montana State University (MSU) was hoping to do when it joined the Qualys XDR beta program to meet the challenges of its security environment and eventually, according to MSU Security Engineer Jacob Hahn, make XDR a part of the 20,000-student strong university’s larger security practice.
To find out more about how innovations on Qualys platforms can help organizations thwart attacks and build resilience, check out additional sessions and keynotes at QSC 2021 Las Vegas, which can be found on the Qualys site.