LAS VEGAS – Philippe Courtot, Qualys (QLYS) founder and CEO, said outdated software, security related application flaws, poor system configurations, obtaining an accurate view of asset inventory, and advanced threats are all continuous problems that security professionals must contend with when working to keep their applications and data secure.
The antidote, he said, are security tools that provide fast, accurate information and insight about the enterprise’s security posture. Yet, “Putting data together is a challenge we face today in security,” Courtot said, and described how security solutions and data today are too compartmentalized, organized in silos. Breaking those silos down are “The challenges that we live,” he said in his keynote at the Qualys Security Conference 2014 today.
Courtot cited Gartner analyst, Neil MacDonald’s research, Rethinking Security, Architecting a New Approach for Continuous Advanced Threat Protection as a good descriptor of the security landscape:
The problem is more complex than just stating that security signatures are dead.
Enterprise detection and response capabilities are more important than blocking and prevention.
“Incident response” is the wrong mindset.
Protection should be delivered in an integrated fashion, not in siloed approaches.
Monitoring and analytics should be at the core of all next generation security platforms.
That last point is essential. Continuous monitoring and analysis are at the core of the ability to predict, prevent, detect, and respond, Courtot said.
The Qualys Cloud Platform is well positioned to keep extending its capabilities with its cloud oriented architecture to provide integrated security solutions, Courtot said. “Beyond vulnerability management, we’re now looking at solving the bigger problems that include asset discovery, securing web applications, policy compliance, but most importantly bringing in all of that associated data and providing a complete view of all of that data,” he said.
That’s no small undertaking today, as security needs to be continuously delivered across physical data centers, virtual data centers, public clouds, remote offices, and a highly mobile workforce. Not to forget the exponential growth of web applications. And if users are working on smartphones, tablets, on premise applications, and web applications – imagine how fragmented enterprise data is.
Going forward, enterprises are going to need ways to continuously monitor and remediate weaknesses. “It’s about insight through data, and we are providing a platform that can evolve as technology trends evolve. And this data needs to be real time,” Courtot said.
As for Qualys and its future, Courtot said the company is going to continuously improve its offerings, and suggested that Qualys is at a stage now where acquisitions may make sense soon, and hinted at potentially making a move to bolster technical services through such an acquisition.