If there were two important takeaways from this year’s Qualys Security Conference year they would be how today’s complex hybrid environments are demanding security teams find ways to increase visibility into the state of their security posture and be able to quickly mitigate new risks as they arise.

With their respective keynotes, both CEO Philippe Courtot and Qualys chief product officer Sumedh Thakar showed just how sophisticated today’s environments have become. Today, all but the most straightforward environments consist of multiple cloud services, virtualized workloads, and traditional on-premises systems; and hundreds of application containers, microservices, and serverless functions.

Continue reading …

Without APIs, it would be near impossible to see enterprises being able to digitally transform themselves. After all, APIs are the connective-tissue between applications and systems and they make the management, automation and consumption of technology possible at scale. APIs are what enable organizations to liberate data from their applications, improve integration, and standardize how claims and information is governed.

However, what about the associated API security risks? That’s the subject Gartner analyst Mark O’Neill tackled in his presentation, API Security: Enabling Innovation Without Enabling Attacks and Data Breaches at Qualys Security Conference 2018. O’Neill sees API vulnerabilities as a serious enterprise risk in the years ahead. In fact, by 2020, he predicts API abuses will be the most frequent attack vector that results in data breaches for enterprise web applications. “We see more and more APIs as a threat vector,” O’Neill said.

Attackers go after APIs, O’Neill said, because they’re a direct way to valuable data and enterprise resources. In addition to stealing data, APIs are also susceptible to other forms of attack, such a denial-of-service attacks, O’Neill said.

So what can organizations do to better secure their APIs and the resources and information they expose?

Continue reading …

The first day of Qualys Security Conference 2018 was a big one. Both CEO Philippe Courtot and Qualys chief product officer Sumedh Thakar detailed the challenges faced by many of today’s enterprises when it comes to the growth of cloud and the complexity of their hybrid environments. And they shared their visions of the road ahead on how enterprises can find ways to effectively manage their cloud environments and digital transformation efforts ahead.

A big theme of the day was how cloud security brings complexity and lack of visibility into modern environments.

Additionally, Qualys VP of engineering Dilip Bachwani provided a look at how the Qualys Cloud Platform is built to scale and perform; Jimmy Graham spoke on obtaining real-time vulnerability management, and attendees learned how to better secure their cloud deployments, containers, and web applications.

Continue reading …

Enterprises are moving full steam ahead when it comes to their digital transformation efforts. They’ve aggressively adopted cloud infrastructure and other cloud services, IoT, application containers, serverless functionality, and other technologies that are helping their organization to drive forward.

Those organizations that are way down the road in their digital transformation efforts say that they’ve witnessed improved business decision-making – both when it comes to making better decisions and when it comes to making those decisions more rapidly. They also say that they’ve improved their customer relationships by delivering an improved customer digital experience.

So it’s time to celebrate and declare digital victory, right?

Hold off before we book the band and order the champagne for the big party. In fact, those who want to move forward securely and confidently in their risk and regulatory compliance postures have some challenges ahead.

Continue reading …

The rise of cloud computing coupled with DevOps is forcing enterprises to rewrite their cybersecurity playbook, and part of that book will be written this week at Qualys Security Conference 2018 in Las Vegas.

Today, the dual cloud and DevOps mega-trends are helping companies to digitally transform how they build, deploy, and manage all aspects of their business. They’re delivering software and digital services more rapidly, able to respond with more agility to changing business and technological demands through the effective use of automation, machine learning, IoT, and the continuous delivery of new software services and features. This all comes at a price, however.

Continue reading …