Merging traditional enterprise security and compliance with cloud platforms

on Wednesday, June 8, 2022 at 1:54:00 am

Estimated reading time: 7 minutes

Debashish Jyotiprakash, Vice President, Asia & Managing Director, India, Qualys

EITN: What in your opinion is traditional security, and how does Qualys’ cloud strategy bring value to customers?

Debashish: Traditional security frameworks involve purchasing, installing and maintaining IT devices on-site. This approach can be expensive for a few reasons. Firstly, with increasing amounts of data collected, organisations require more machines to handle larger data processing functions. In addition, traditional security typically also requires more personnel to manage the hardware. Compared to using cloud platforms, traditional security approaches significantly limit an organisation’s ability to scale.

Qualys has evolved its approach to scale up alongside the demand for cloud and support some of the largest deployments globally. The Qualys Cloud Platform is a highly scalable, end-to-end solution for all aspects of IT security and once deployed, it seamlessly adds new coverage, users and services as required.

The XDR module leverages this telemetry and the platform’s cloud agent response capabilities including patching, fixing misconfigurations, killing processes and network connections and quarantining hosts.

The Qualys Cloud Platform processes more than nine trillion data points across its native sensors and third-party logs. Although widely known for its vulnerability and asset management, the company has added cloud and container security capabilities, along with endpoint detection and response (EDR) and extended detection and response (XDR).

The XDR module leverages this telemetry and the platform’s cloud agent response capabilities including patching, fixing misconfigurations, killing processes and network connections and quarantining hosts.

Qualys Cloud Platform in numbers:

20+ apps integrated IT, security and compliance apps
8+ trillion data points indexed elasticsearch clusters
2+ trillion security events per year
6+ trillion Internet protocol (IP) scans and audits per year
99.9996% Six Sigma scanning accuracy
5+ billion Kafka messages per day

EITN: Please share examples of how Qualys customers leverage its solutions to reduce risk, protect assets and comply with regulations.

Debashish: Fortune 500 Qualys customer, Aflac provides vital financial protection to millions of people worldwide through its supplemental insurance policies. It operates in a highly regulated industry and must maintain strong security posture backed by robust systems and processes for data governance and compliance.

Each week, Aflac must scan over 50,000 assets across its global business for vulnerabilities and when requested, demonstrate to regulators that remediation work has been completed correctly. Aflac needed a way to reduce the time required to gather this data during audits.

“To meet security requirements set by the U.S. Department of Insurance (DOI), we must scan all our IT assets for vulnerabilities on a weekly basis — and we also perform similar types of vulnerability management activities to meet the requirements of PCI DSS and SOC 2 audits. Failing a DOI audit would expose the business to significant risk, so it’s essential that we have the proper controls in place,” said Brian Penn, Security Posture Manager, Aflac.

“Qualys vulnerability management, detection and response (VMDR) delivered all the core functionalities Aflac was looking for. As well as providing a full audit trail for the entire vulnerability management lifecycle, VMDR allows us to apply a practically unlimited number of tags to our assets. Using tags, we can create fine-grained Qualys dashboards that highlight vulnerabilities across specific groups of assets, such as production servers or employee workstations.”

In another example, when the internet shaking Log4Shell vulnerability hit, customers immediately turned to the Qualys Cloud Platform to help them find and remediate the vulnerability. One Fortune 50 global manufacturing customer’s CISO gave the directive to take all servers completely offline if they had not remediated the Log4Shell vulnerabilities in days. Log4Shell was so severe that until organisations had a complete understanding that this threat has been eliminated – they refused to put systems online. Qualys enabled this customer (and many others) to mitigate this vulnerability, keep their servers up and running and ultimately maintain business continuity.

“To meet security requirements set by the U.S. Department of Insurance (DOI), we must scan all our IT assets for vulnerabilities on a weekly basis — and we also perform similar types of vulnerability management activities to meet the requirements of PCI DSS and SOC 2 audits. Failing a DOI audit would expose the business to significant risk, so it’s essential that we have the proper controls in place.
Brian Penn, Security Posture Manager, Aflac.

EITN: What are the common issues that arise concerning the complexities of managing multi-cloud environments?

Debashish: Cloud-based software allows organisations to run business far easier and more efficiently – it is foundational to our modern workplace. According to a Gartner report, more than 75 per cent of organisations currently use multiple public cloud services. As multi-cloud environments become a must-have to maintain business continuity, new security challenges have come to fruition.

“Qualys vulnerability management, detection and response (VMDR) delivered all the core functionalities Aflac was looking for. As well as providing a full audit trail for the entire vulnerability management lifecycle, VMDR allows us to apply a practically unlimited number of tags to our assets. Using tags, we can create fine-grained Qualys dashboards that highlight vulnerabilities across specific groups of assets, such as production servers or employee workstations.”
Brian Penn, Security Posture Manager, Aflac.

First is the issue of visibility. Without a centralised view of activity across each environment, security and IT teams will likely miss vital details – opening the door for damaging attacks and breaches. To manage and monitor complex multi-cloud environments, organisations must use a variety of different tools, with issues arising around the ability to consolidate insights from tools used. If you fail to do this, getting a comprehensive and complete view of your infrastructure is nearly impossible. This lack of visibility creates gaps that expose your organisation to severe risks. On top of this, many organisations do not have the time or resources to monitor and build security controls around each cloud provider. Consolidating different security tools to achieve a single-pane-of-glass view is key to securing your multi-cloud environment.

EITN: How does global visibility and a centrally managed platform provide enhanced security that is scalable, extensible and self-updating?

Debashish: The cyber needs of organisations – no matter the industry or size – are endless in today’s threat landscape. On premises, at endpoints, on mobile, in containers or in the cloud, organisations need continuous security. Therefore, global visibility from a centrally managed platform is vital for success.

For example, the Qualys Cloud Platform always has sensors on that provide continuous 2-second visibility of all IT assets. It is remotely deployable, centrally managed and self-updating and the sensors come as physical or virtual appliances/lightweight agents. Platforms such as ours work to simplify the complexity associated with managing multiple security solutions, while at the same time increasing the automation, effectiveness and proactive nature of security.

The Qualys Cloud Platform continuously monitors and proactively addresses new vulnerabilities and threats, attacks or suspicious activities in real-time with alerts for action. Actions could include globally deploying the most relevant superseding patch with a single click, quarantining vulnerable assets or files, uninstalling software, killing process and network connections and much more.

EITN: How do cloud platforms enable vendor and stack consolidation?

Debashish: Today’s security involves different teams and uses multiple point solutions — significantly adding complexity and time to scanning and remediation processes. Traditional endpoint solutions do not interface well with each other, creating integration headaches, false positives and delays. This can result in issues such as devices being left unidentified, critical assets being misclassified, vulnerabilities being poorly prioritised and patches not getting fully applied.

The need to reduce the number of vendors is top of mind for most organisations, fueling consolidation. When most network and security functions are consolidated and delivered over the cloud, organisations can more quickly and effectively respond to threats and maintain business continuity.

Instead of adding new security capabilities through mergers and acquisitions (M&A) and trying to piece different technologies together, Qualys has uniquely crafted its portfolio by building new modules natively on its platform. This allows seamless integration and quick customer ramp-up on net new solutions. Qualys provides an advantage around tool consolidation and security team efficiency, allowing customers to significantly reduce their security tool line-up without sacrificing visibility or quality of security.