1

Dealing with new devils using existing investments? Possible

Estimated reading time: 4 minutes

Qualys has continuously grown in the last decade, according to VP, APAC, Debashish Jyotiprakash.

He explained, “Qualys is a subscription-led model, and our renewal rates are always 100 per cent.

“So, if a customer has bought Qualys, it’s very likely you have been with us because we manage more offerings on the same platform, with the same agent.

“Once you have landed, we expanded and we never shrink!”

“It’s easy for customers to expand because we are not putting another agent or sensor on the machine just to be able to do a new thing.

Typical customer journeys with Qualys

How does it all usually begin for a customer, and what can the customer journey actually be like with Qualys?

Deb said that customers usually begin with vulnerability management, detection and response, or VMDR, which comprises multiple sensors like the endpoints, servers, the network devices, the workloads in the cloud, the containers, and so on.

“And they slowly migrate from there to do even more complex stuff like patch management in real-time, or EDR (endpoint detection and response), or file monitoring, or policy compliance.

“It’s easy for customers to expand because we are not putting another agent or sensor on the machine just to be able to do a new thing.

“It’s not a greenfield project. It’s the same agent which is really tiny and can do nine different things.”

As a result, customers have given feedback to Deb that they are able to operationalise security operations (SecOps) programmes in a much better way because they can consolidate a lot with Qualys.

New devils to deal with, using existing investments

Deb observed that the cost of cybersecurity is increasing a lot, but the value of cybersecurity has become low, in the eyes of company board members.

Risk reduction is the key, because that is the language spoken in board rooms, but CIOs are often unprepared to convey metrics in terms of risk.

‘So, when you are visibly able to reduce risk, then your board is probably better able to sync up with what the cybersecurity team is doing.

Automation is another key feature that security teams have on their wishlist. No matter how large a company is, it will never be blessed with a 200-member security team, Deb pointed out, adding that the more consolidation organisations can bring to their cybersecurity efforts, the more it will help the organisation.

The budgets do exist, but organisations want to be able to do more with their investments, also.

“Look at the fact that once you have made a new digital transformation strategy, every new asset added into the environment becomes a new attack surface!” Deb pointed out.

So really, if a company has moved out of traditional data centres to new micro services like clouds, and containers, and so on, they also have a new kind of devil to deal with.

Do more with less: consolidate and automate

All of these new realities boil down to one thing: Organisations are trying to get more out of their existing security investments.

There are a few ways to do so. For Qualys, it’s helping them consolidate the number of tools they require to stay secure.

“We’ve had customers tell us that on average, they might have somewhere between 15 to 37 different agents.

“That’s tough to manage and integrate… they end up wasting time and money buying licenses for all these and trying to integrate them all.”

Automation is another key feature that security teams have on their wishlist. No matter how large a company is, it will never be blessed with a 200-member security team, Deb pointed out, adding that the more consolidation organisations can bring to their cybersecurity efforts, the more it will help the organisation.

Imagine being able to bring in all this telemetry into one single platform, and top it off with holistic EDR response in real-time. This takes much less effort than talking to three different vendors.

Crystal-ball gazing

Qualys takes what they learn from their customers to help them solve future problems. “We ask them, what are your expectations from the investment you made with Qualys? What would you like us to solve for you next year, or the year after?

“We are always constantly asking them ‘what’s your next cybersecurity problem to solve?’”

Conversations that Deb has had recently revolve around topics like security from open source, security from software supply chain attacks, and even next-generation technologies that companies are going to build and adopt.

Qualys is even prepared to secure underlying infrastructure for new environments like metaverse, for companies that want this new technology, he said.

That said, one key concern that arises is the trend that regulation has never proved it is able to catch up with innovation.

To this, Deb opined that companies cannot afford to have a wait-and-see attitude. For example, if there is a bank that is not adopting a cyber strategy that includes clouds and containers, they are going to be left behind.

Qualys is even prepared to secure underlying infrastructure for new environments like metaverse, for companies that want this new technology, he said.

“So, you don’t have to wait for a regulation to come before you can innovate futuristic possibilities and new technologies. In the event that you do that, we can standby as a technology partner to be able to secure that!”