Published in Shows and Events

Qualys talks to us about getting a handle on security and feature parity in the cloud

by on09 August 2016 1660 times

Black Hat 2016, Las Vegas, NV
We had the chance to sit down with Chris Carlson, vice president of product management for Qualys and talk a little about what Qualys is up to and where they are moving to in the security market. For many Qualys is a name that brings vulnerability management and reporting   to mind. This is due to the fact that this has been their bread and butter for a number of years. Now they are moving into new verticals in the market to expand on their knowledge in this arena. One of the highlights of the talk was in coving their Cloud Agent which brings a whole new set of features to the Qualys product line.

Now, before anyone gets too twitchy we want to cover something that Chris made very clear. Unlike many products that make a shift to the cloud there is no loss of features in moving from on-prem. You also are not locked into using the cloud as they have a Private Cloud Platform Appliance in case you still want to keep things in house. Feature parity between on-prem and the cloud is a pretty big deal these days considering how often you do not get it.

But just what do you get with the Qualys Cloud Platform? According to Chris you get a lot including global asset inventory, continuous monitoring and add-ins for vulnerability management and compliance (existing products). This goes even further and can be rolled into web application scanning and web application firewall, threat protection performance all in a single application space. According to Chris the Qualys Cloud Agent is a very complete tool although there is never going to be a single tool for everything.

Still in looking over items like Qualys Cloud Platform we see do see that it covers a large part of your security and monitoring concerns. Looking at the threat protect feature we find that it continually monitors the environment and allows for rapid prioritization and can be adjusted (mapped) to fit into different verticals. What this means is that you can prioritized based on the security needs of your company. For example, if you need to maintain PCI compliance you can adjust the system to monitor for PCI impacting vulnerabilities with live exploits in the wild. This can be to automate rules to your web application firewall to adjust for threats as they happen.

If you are a Microsoft Azure user Qualys has some good news for you as they have baked a Qualys Cloud Agent into their systems, all you need is a Qualys ID and you can get things going on any systems you have there.

Private Cloud Platform Appliance Normal 0 false false false EN-US X-NONE X-NONE

Last modified on 14 August 2016
Rate this item
(2 votes)

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.