As organizations embrace digital transformation to boost business processes, traditional IT environments get altered, becoming distributed, elastic and hybrid. “That’s creating a new challenge for security,” Chris Carlson, Qualys’ Product Management VP, said during QSC18 Virtual Edition.
As elements like cloud services, mobility, IoT, and DevOps are incorporated into IT environments, security teams often struggle with asset visibility, credential issues, authentication failures, remote-user scanning, and scheduled scan ineffectiveness.
But these challenges also offer “an opportunity to redefine how security programs and controls are done,” he said during his presentation titled "Securing Hybrid IT Environments from Endpoints to Clouds."
Carlson went on to explain how organizations can secure digital transformation efforts with Qualys’ platform, and emphasized the benefits of Cloud Agent sensors. Read on to learn more.
Qualys offers security teams a broad variety of sensors to collect security, IT and compliance data from assets in hybrid environments. Scalable, self-updating and centrally-managed, Qualys sensors include:
This versatile set of sensors gives security teams valuable options for collecting data from many IT asset types. The Qualys Cloud Agent in particular is a game changer, according to Carlson.
“We developed it to be a new platform paradigm,” he said.
Because Cloud Agents work in concert with the Qualys Cloud Platform, customers can easily add security and compliance capabilities. Delivering multiple functions via a single agent “changes how security leaders are developing and creating security programs across their hybrid IT enterprise,” Carlson said.
The Cloud Agent is lightweight, consuming negligible computing and network resources. After a comprehensive initial data collection of the asset, it only gathers changes. Broad OS support includes Windows, Linux, MacOS, and “cloud native” platforms such as AWS, Azure and Google Cloud. It works on premises, in clouds and remote endpoints.
Its many benefits for securing hybrid environments include:
Qualys customers have taken notice, having deployed 7.3 million agents between March 2017 and March 2018. One customer put 1 million in cloud assets, and 150,000 in user devices.
Carlson highlighted the key role the agent plays in securing DevOps pipelines, citing as an example the integration between Qualys and Azure Security Center (ASC). Windows sysadmins, typically unfamiliar with security tools, can add Qualys Vulnerability Management (VM) to an Azure instance with a few clicks.
ASC automatically puts a Cloud Agent into the instance, whose data is collected and sent for analysis to the Qualys platform, which returns it to Azure. This gives Windows sysadmins a comprehensive view of the instance’s vulnerabilities, context around severity and risk, and the ability to drill down into details.
This screenshot shows the integration between Azure Security Center and Qualys VM. Instance vulnerabilities are detected by the Qualys Cloud Agent.
With these insights, sysadmins can programmatically prevent instances with high-severity vulnerabilities from launching into production, for example. “That really is DevSecOps. That’s really ‘shifting left’ into security,” Carlson said.
Carlson also explained how, using the Cloud Agent and the Qualys apps that leverage it, organizations can get a multi-dimensional view of a breached asset:
“This gives you that unified view of that asset as you investigate a breach and find out what’s happening in your environment before data loss or compromise,” Carlson said.
Watch the on-demand version of Carlson’s presentation, which goes into a lot more detail on these and other topics, features demos of Cloud Agent and other products, and includes a Q&A with the audience.