This release of the Qualys Cloud Platform version 2.35 includes updates and new features for AssetView, Cloud Agent, Security Assessment Questionnaire, and Web Application Scanning, highlights as follows. (Note: this post has been edited after publishing to remove the Azure Cloud Connector, which will be available in a subsequent release.)
Qualys is expanding its security and compliance capabilities for Microsoft Azure, by adding protection for the on-premises Azure Stack and extending capabilities for public cloud deployments.
By using Qualys’ platform to defend hybrid IT environments, organizations get a unified view of their security posture, and can apply the same standards and processes on premises and in clouds.
“The advantages of doing so all within a single pane of glass is to reduce your total cost of ownership, and to have all the data in one place,” Hari Srinivasan, a Qualys Director of Product Management, said during a presentation at Microsoft’s Ignite 2018 conference.
That way, when a major attack like WannaCry is unleashed, organizations can quickly assess their risk and take action from a single console, instead of scrambling to assemble fragmented information from siloed tools.
Read on to learn more about Qualys’ comprehensive offerings for Azure.
As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes.
Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their cloud assets and resources, and a misunderstanding of cloud providers’ shared security responsibility model. As a result, there have been a multitude of easily preventable security mishaps in public cloud deployments due to leaky storage buckets, misconfigured security groups, and erroneous user policies.
These security breakdowns have caused data breaches and other compromises at organizations large and small, including Verizon, Viacom, the Republican National Committee, Tesla and the U.S. Department of Defense. The key to protect public cloud workloads lies in adopting a cloud-native way of supporting and securing your resources in a hybrid IT environment, so as to have full visibility and control.
“Rather than having bifurcated tooling or bifurcated processes or even bifurcated teams, organizations need a unified view of their resources and security posture across on-premises and cloud environments,” Hari Srinivasan, Director of Product Management at Qualys, said during a recent webcast.
Read on to learn about cloud security challenges, best practices, and how Qualys can help you secure any infrastructure, at any scale, on-premises and in cloud, via a unified interface, using uniform standards and processes.
This release of the Qualys Cloud Platform version 2.33 includes the release for CertView, plus updates and new features for AssetView, Cloud Agent, EC2 Connector, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. (This posting has been edited to include an update to WAS that is available in a patch release.)
With organizations aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, Google Cloud, and Microsoft’s Azure, protecting these environments is critical for compliance with the EU’s General Data Protection Regulation (GDPR).
These public cloud platforms are being used to power digital transformation initiatives across a wide variety of business functions, including supply chain management, customer support, employee collaboration, sales and marketing.
In all of these business tasks that are being digitally transformed in the cloud, customer personal data regulated by GDPR is likely to be stored, processed and shared.
Organizations are aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, Google Cloud, and Microsoft’s Azure, upping the ante for InfoSec teams, which must protect these new environments.
Driving this growth in cloud computing adoption is its essential role in digital transformation initiatives, which help businesses be more efficient, effective, flexible and innovative in areas like e-business, supply chain management, customer support and employee collaboration.
Digital transformation projects are typically delivered using web and mobile apps created in DevOps pipelines, where developers and operations staff work collaboratively at every step of the software lifecycle, releasing apps or app updates frequently.
But security must be integrated throughout the DevOps process — planning, coding, testing, releasing, deploying, monitoring — in an automated way, organically building it into the software lifecycle instead of bolting it on at the end.
That way, vulnerabilities, misconfigurations, policy violations, malware and other safety issues can be addressed before code is released, reducing the risk of exposing your organization and your customers to cyber attacks.
In a recent webcast, Hari Srinivasan, Qualys’ Director of Product Management for Cloud and Virtualization Security, explained how Qualys can help you secure your cloud and container deployments across your DevOps pipeline.
It’s happening all over the business world. Organizations of all sizes and in all industries are aggressively deploying innovative products to new online consumer channels, digitizing their core services and transitioning core business workloads to public clouds as part of digital transformation efforts aimed at increasing business efficiency and effectiveness.
This trend represents both a challenge and an opportunity for InfoSec teams. The challenge: To ensure the security and compliance of these cloud instances, without interrupting their deployment. The opportunity: To become a partner to business units by facilitating the adoption of public cloud services and other digital transformation technologies.
The digital transformation opportunities ahead are immense, according to Qualys’ CISO. Digital transformation programs are yielding tangible business benefits, but fundamental security challenges remain, he said during the recent webcast “Securing Your Public Cloud Infrastructure.”
Specifically, InfoSec teams must gain visibility into these cloud workloads, so that they can monitor those assets, identify vulnerabilities and misconfigurations, and promptly remediate problems. Continue reading …
As organizations seek digital transformation benefits and aggressively move workloads to public cloud platforms, InfoSec teams must support their business units’ efforts by adapting and properly protecting these environments.
This may sound surprising to those who think that, when you use a public cloud service, the platform provider takes on all security and compliance tasks. Rather, these public cloud service providers operate on a “shared security responsibility” model, so the burden is split between you and them.
In other words, you get to define your controls in the cloud to protect your data and infrastructure, while the cloud provider takes care of the security of the cloud.
This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements:
- Authentication Vault integration with BeyondTrust
- Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and audit frameworks.
- Expanded support & features for scanning Cloud Environments such as Amazon EC2, Azure, and Google GCE.
- VM Scanning, Reporting, and SSL Labs Improvements
- Ability to export/import UDC definitions with Policy XML and Qualys Library Content
- Policy Compliance support for PostGRE SQL and UDC Support for Amazon Linux 2016
- Qualys Cloud Platform 8.10 (VM/PC) API Notification 1
- Qualys Cloud Platform 8.10 (VM/PC) API Notification 2