handout

Fixing and finding vulnerabilities – syncing the two

Estimated reading time: 5 minutes

Qualys wants to democratise cybersecurity and make it possible for organisations of all sizes to have world-class cybersecurity efforts.

Their main advantage is that they have always offered cybersecurity solutions via the cloud, and according to Debashish Jyotiprakash (Deb), Qualys VP for APAC, “We’ve never been an enterprise software, and we were always on the cloud since Day one, because customers wanted it.”

That is not all that they have achieved however, as Deb also admitted they are trying to bring all of their products together so they can be viewed via a single pane of glass.

This is important because Deb believes that companies of today are spending a lot of money in security programmes that are separate, and siloed.

“So, today when we look at our portfolio, we might have 26 different products from a product portfolio point of view, but it’s all about stitching the whole act of cybersecurity into one single piece,” he pointed out.

This is important because Deb believes that companies of today are spending a lot of money in security programmes that are separate, and siloed.

“And when you make these siloed security programmes, it does attend to a siloed security problem. They are not talking well to each other and companies end up spending more to manage them all.

‘Actual ROI is never established.”

Relevance

In recent times, organisations are getting the sense that they have to be able to scale their cybersecurity solutions. And on-premise enterprise software was not addressing the issue.

Deb observed that these days, it is more and more about increasing threat vectors, the volume of threats, and the kind of talent that they have to be able to deal with them.

It was as though they had a crystal ball over two decades ago that showed data centres would slowly vanish, and cyberseccurity would become more complex with increasing asset categories.

“So, automation is a big problem, and cloud kind of solved it,” he said, adding that when they started delivering their cloud-based solutions 25 years ago, their early adopters were ‘actually as visionary as our founders.’

It was as though they had a crystal ball over two decades ago that showed data centres would slowly vanish, and cyberseccurity would become more complex with increasing asset categories.

Just a decade ago, hyperscalers like Amazon Web Services did not exist, and neither did hypervisors that enabled software to do the work of hardware like servers, storage, and networking. Cloud and containers were unheard of 15 years ago, but today they help to address challenges of scale.

“We are actually fit for every size, and as you grow you never have to worry about capacity management. We helped to solve a big problem!”

All Qualys infrastructure

Deb firmly believes that cloud is the way to go, and that this is evidenced by security vendors today forced to move to the cloud.

“For us, it came naturally because we were prepared since day one, right?”

Qualys cloud solutions also come with the added advantage of not being hosted on public cloud.

“We have eleven data centres to take care of customers’ regional data security needs, and their data sovereignty needs.”

“We have our own data centres. This gives a lot of confidence to our customers. On top of that, our data centres are managed and monitored by ourselves.

“We have eleven data centres to take care of customers’ regional data security needs, and their data sovereignty needs.”

There are plans to set up a data centre in Singapore as well, and decisions like data centre locations are driven by their purpose to ensure customers who do business where data is very sensitive, do not get pushed out of using software-as-a-service (SaaS) because of regulatory reasons.

“We make it possible for them… from a functionality, coverage, and regional regulatory standpoint,  to adopt a cloud service like Qualys,” Deb said.

Qualys also offers an on-premise service for customers in locations where Qualys has no data presence yet. “We miniaturise the offering into a single box for the private cloud platform that can be hosted in their own premise.”

Deb explained that the Qualys private cloud platform is hoted within the customer’s network, and the functionality, feature, and codebase are an exact replica of the solution on public platforms.

In essence: The value of scale

What exactly do Qualys’ customers get when they sign up to the software-as-a-service? Deb says there is a plethora of technologies on offer, within a single platform.

“It starts with inventory assessment, health and hygiene for your assets, things like even remediation… so we are not just telling you what the problem is, but actually going ahead and fixing the problem for you, at scale.”

In essence, regardless of the nature of an organisation’s assets, or where the asset is located (mobile, cloud, containers etc), there is always a sensor to protect it.

The nature of the sensor, be it agent-based or scanner-based, depends on the nature of the asset that they want to secure.

“But, there is absolutely no category of asset that we do not touch.. every kind of asset can be secured.”

Helpful sensors

These sensors in turn, have the role of collecting telemetry from these various assets for example, identifying open ports, installed software, vulnerabilities,  misconfigurations, activities of malware behaviour, and more.

All these telemetry data is pushed back to the platform to be processed, so that the endpoint device is not stressed with having to do so much compute.

Deb claims that architecturally, their solutions take up a very small footprint and is just “super light.”

For example, Qualys has to protect over 400, 000 endpoints that were being used at home. Each endpoint (or computer machines) were located at homes and outside corporate firewalls. Each were equipped with an agent that was able to identify, assess, and even remediate issues, at scale.

Deb claims that architecturally, their solutions take up a very small footprint and is just “super light.”

Deb concluded, “So today we have customers saying they have one dashboard that shows vulnerabilities Qualys is finding, and another that shows vulnerabilities Qualys is fixing… and both are in sync!”