Although organizations have made moves toward it for years, digital transformation, in a way, has only just begun. The pandemic may have accelerated migration to the cloud but going forward business will drive continued transformation—and innovation.
But to get the most out of the investments in cloud and other transformational technology they’ve made, organizations must be agile to weather changes, both unexpected and planned. Last week at QSC 2021 Las Vegas, it quickly became clear that customers are looking to defend now and secure in future—and that Qualys has spent the better part of the last year innovating to meet those needs.
Organizations face a number of challenges on their transformation journeys, some directly a result of operational changes and others due to outside forces:
- They are increasingly targets of damaging cyberattacks, perpetrated by “sophisticated actors,” according to former Cybersecurity and Infrastructure Security Agency (CISA) Chris Krebs.
- They collect, manage, use and share more data—much of it sensitive—than ever before.
- They operate in an expanding, interconnected world, that creates a complex ecosystem of partners, suppliers and customers.
- They must manage an explosion of Internet of Things (IoT) devices that must be managed and secured.
- Remote work is here to stay and most organizations will have to support hybrid environments going forward—they struggle to provide a consistent employee experience regardless of where a worker is located and security concerns abound.
- They have moved to the cloud but have yet to squeeze out the value of their investments and struggle with security concerns.
- They must answer to executives and boards concerned with budgets, security posture and reducing risk.
To overcome those challenges, public and private sector organizations are turning to technology for the following:
Automation. As Krebs and Qualys President and CEO Sumedh Thakar said, security teams overwhelmed by the relentless assault on their systems, are turning to automation to auto relieve their burden and bolster their companies’ defenses against attack.
Faster remediation. Thakar noted that whoever gets there first, wins. And, unfortunately, it’s often a threat actor that gets to an unpatched vulnerability first. Security teams are looking for ways to more quickly detect, manage and resolve
Gaining visibility. Gaining visibility into assets has become particularly important as organizations move workloads to the cloud. Companies are investing in solutions that let them see across multi-cloud environments to spot vulnerabilities and unusual activity.
Adopting a Zero Trust network architecture (ZTNA). Companies are turning to ZTNA, which assumes no one and nothing is to be trusted, to verify identity and much more.
AI and machine learning. These emerging technologies can help organizations respond more quickly to vulnerabilities and security incidents by getting insights into cybersecurity threats through the rapid analysis of a sea of data.
Aligning IT and security. Francis Finley, Equifax Vice President of Cyber Detection, Response and Vulnerability Management, underscored the importance of IT and tech working hand in hand to combat security threats and increase efficiencies.
Help is on the way. Clear that Qualys has innovated to address challenges. The company has:
- Recently updated the Qualys Cloud Platform to pump up prevention and added detection and response capabilities, such as asset inventory management and streamlining compliance management.
- Reimagined asset management so that security teams can monitor the health of their organizations’ assets by applying business criticality and risk context, detect security risks and prioritize vulnerabilities, responding rapidly to reduce what Constantine Vorobetz, product manager, assets and reporting, at Qualys, called “threat debt.”
- Offered organizations an integrated approach that can help them discover assets then uncover and prioritize vulnerabilities based on risk profiles. They can also have closed-loop remediation from a single platform. Integrated patch management betters time to remediation. Qualys also offers security teams a way to integrate with ITSM workflows like ServiceNow so they better collaborate to remediate vulnerabilities and prioritize and track flaws.
- Extended its approach to containers, managing vulnerabilities, configuration and compliance in Kubernetes environments and advocates for a shift-left strategy that supports a preventative approach to DevOps and Security. The company’s Cloud Platform has adopted a microservices-based architecture that runs on containers. Qualys used its own security solutions as it moved most of its workloads to containers.
- Extended its approach to containers, managing vulnerabilities, configuration and compliance in Kubernetes environments and advocates for a shift-left strategy that supports a preventative approach to DevOps and Security.
- Adopted a microservices-based architecture for its Cloud Platform that runs on containers. Qualys used its own security solutions as it moved most of its workloads to containers.
- Provided an innovative way through the Qualys Integration Hub for organizations to acquire, configure and use third-party integrations in just minutes.
- Extended Qualys Cloud Platform capabilities through third-party integrations to solve cross-product use cases.
- Made strides in external attack surface management (EAPM), an emerging security specialty that addresses the complexities of building complex, and potentially vulnerable cloud assets.
The Proof is in the Customers
Throughout the two-day conference, representatives showed up from various organizations to detail how Qualys had helped them solve their many security challenges.
Circle K. The retailer struggled to keep track of its assets as it bolted on new companies through acquisition and like most of the world’s companies sent its workforce home to work remotely in 2020. “Everybody’s spread out. Everybody’s everywhere,” said Todd Sherinian, senior manager, global cyber operations, Circle K. “So, you need tools to identify that same level of visibility to your remote users, remote systems or the cloud.”
“Qualys’s CSAM gives us that and of course that all rounds up to our threat detection and remediation,” Sherinian said. “Is that remediation actually working? Because a lot of times folks will push patches and resolve something and we’ll see it’s not really right.”
Circle K also uses Qualys, to satisfy auditors, quickly identifying how software is being used and to see where assets are located and where data is going. “It saves a lot of hours and it’s worked out extremely well with the auditor from those organizations,” he said.
Equifax. As the credit monitoring company rehabilitated its image after a devastating breach, it took steps to align its IT and security operations and upped its investment in security solutions and initiatives, according to keynote speaker Francis Finley, VP Cyber Threat Detection, Response and Vulnerability Management, Equifax. It brought in Qualys about a year ago, “primarily with the idea of buying a vulnerability management solution,” said Finley. “We quickly found out it solved a lot of other needs for us and the technical team as well.”
The company now has “700-plus users from our environment that can log into our Qualys infrastructure right now, most of those our incident response responders and our security operations center,” he said. But tech teams use the solution, too. It can help them plan for things like end of life for devices.
Euronet Worldwide. Gaining a single, accurate—and timely—view of risk exposure was the best way to help the company’s global IT teams maintain robust information security and data governance controls. “Our global IT teams are responsible for delivering business services to our entities and helping them to maintain robust information security and data governance controls and rapidly address risks as new threats like zero-days emerge. That’s why Euronet Worldwide turned to Qualys VMDR® with integrated apps for asset identification and management, vulnerability management, threat detection and prioritization, and response.
Montana State University. MSU was hoping to do when it joined the Qualys XDR beta program to meet the challenges of its security environment and eventually, according to MSU Security Engineer Jacob Hahn, make XDR a part of the 20,000-student strong university’s larger security practice.
To find out more about how Qualys solutions can solve security challenges visit the Qualys site. And don’t forget to check out the sessions at QSC 2021 Las Vegas now available on demand.