In today’s constantly changing and evolving cloud environments, being able to quickly provide information on misconfigurations and security policy violations in your cloud accounts and assets has become a critical need to the success of your security operations. Many cloud platforms offer tools within their specific cloud environments to provide this type of visibility. However, security operations teams are quickly learning that in a multi-cloud environment, they need tools that provides this information across all three major cloud providers in a seamless and centralized way, with normalized data streams. They need a single source of truth for their account security regardless of the public cloud provider or the asset metadata.

Continue reading …

Today we’re starting a blog series focused on how to integrate Qualys solutions into DevSecOps for securing cloud infrastructures. In this initial post, we’ll discuss the importance of assessing vulnerabilities and misconfigurations on AWS pipelines.

When developing golden Amazon Machine Images (AMIs), DevOps teams should run continuous and automated checks to eliminate vulnerabilities and misconfigurations in them. It’s a critical security and compliance practice that Qualys recommends its customers adopt. 

To that end, Qualys partnered with Amazon to integrate the AWS Golden Amazon Machine Image Pipeline reference architecture with Qualys scanners for vulnerability and configuration compliance assessment.

The result: Qualys has just published a GitHub repository and documentation for implementing Qualys scanning of instances in a golden AMI pipeline. This will help customers detect and fix critical vulnerabilities and compliance issues in the image creation pipeline, before they reach production environments.

Continue reading …