Finding a Common and Advanced Ground in the Fragmented Space of Cloud Security

The human excellence is rooted in a variety of factors, but none contribute more to it than our commitment of improving under all situations. This progressive approach, on our part, has already got the world to hit upon some huge milestones, with technology appearing as a major member of the stated group. The reason why technology enjoys such an esteemed stature among people is, by and large, predicated upon its skill-set, which guided us towards a reality that nobody could have ever imagined otherwise. Nevertheless, if we look up close for a second, it will become clear how the whole runner was also very much inspired from the way we applied those skills across a real world environment. The latter component was, in fact, what gave the creation a spectrum-wide presence, and consequentially, kickstarted a full-blown tech revolution. Of course, this revolution then went on to scale up the human experience through some outright unique avenues, but even after achieving such a monumental feat, technology will somehow continue to produce the right goods. The same has grown increasingly evident in recent times, and assuming one new GRC-themed development pans out just like we envision, it will only propel that trend towards greater heights over the near future and beyond.

Qualys inc., a pioneer and leading provider of disruptive cloud-based IT security and compliance solutions, has officially launched an upgraded version of its AI-powered cloud native application protection platform (CNAPP). Named as TotalCloud 2.0, the stated version will bring to the fore a single prioritized view of cloud risk, while simultaneously becoming the first proponent to extend its protection to SaaS applications. To fully understand the significance of such an upgrade, though, we must acknowledge how embracing multi-cloud and SaaS environments has created for us a big problem in the form of security challenges. Now, we have tried to navigate through the given problem using numerous cutting-edge security tools, but doing so has opened up a whole another Pandora box. You see, each of these security tools has displayed a tendency to deliver different and sometimes conflicting perspectives on the organization’s risk level. Hence, when you consider that in the context of already fragmented business cloud environments, it unsurprisingly threatens to birth ineffective risk prioritization, reporting, and remediation. With the problem statement duly covered, we can turn to unpack the way Qualys’ latest brainchild will help us break this deadlock. Basically, the solution will correlate unique indicators from diverse Qualys sources, such as Cloud Workload Protection (CWP), Cloud Security Posture Management (CSPM), and Cloud Detection and Response (CDR). Next up, it will combine these indicators with SaaS and infrastructure posture to let organizations fix the most harmful threats in record time. Talk about Total Cloud 2.0 on a slightly deeper level, we begin from a specialized component in TruRisk Insights, a component which streamlines the identification of highest-risk assets. In case you are looking for some evidence here, we can take into account an analysis conducted by Qualys where it studied anonymized customer data, containing more than 120,000 internet-accessible cloud workloads. Leveraging the TruRisk mechanism, the company’s platform successfully correlated risk indicators and identified that less than 0.3% of workloads actually had a confluence of suspicious activities, malware, and misconfigurations. In hindsight, one can claim this approach helped the researchers eliminate 99% of workloads that didn’t require immediate attention, thus empowering them to become more focused and productive. Alongside TruRisk, the stated update also integrates data from your External Attack Surface Management (EASM) solutions to generate visibility into how external threats may perceive and target your cloud assets.

Anyway, next up, we can get into the update’s promise of delivering comprehensive protection for SaaS applications. As the modern cyber risks have now made their way to organizations’ critical SaaS infrastructure, protecting the same has become one of everyone’s top most priorities. This is because, without proper security, these SaaS applications can easily become entry points for lateral movement into the cloud environment. The call for some action would grow even louder after the introduction of new SEC regulations that mandate companies to disclose cyber incidents and meet cybersecurity readiness requirements for data stored in SaaS systems. Focused on addressing the stated gap, TotalCloud 2.0 has presented the first ever CNAPP solution to incorporate SaaS security posture management (SSPM). By doing so, it essentially made sure that configurations and permissions in apps like Microsoft 365, Zoom, Slack, and Google Workspace, etc. are seamlessly integrated into your overall security posture for enhanced decision making.

“Efficiently managing risk and responding quickly to threats or attacks on cloud workloads is challenging for organizations,” said Melinda Marks, practice director, Cybersecurity at Enterprise Strategy Group. “Qualys TotalCloud 2.0 provides a unified platform to identify and consolidate all cloud data across diverse multi-cloud environments, providing broader visibility and context for efficient remediation of security issues. This approach fosters improved collaboration among security, IT, and development teams, to efficiently mitigate risk and protect business-critical applications.”

Then, we have the prospect of mitigating the supply chain risks. Here, the centerpiece idea is to scan all open-source software pre-and-post deployment across various compute workloads like containers. Not just that, the solution also performs the said scanning through both agent and agentless techniques. Hence, serving up the user a holistic view across multi-cloud environments, the feature enables you to stave off vulnerabilities at scale and achieve significant cut back on the risk plaguing your supply chain. Rounding up highlights is a more operationalized take on TotalCloud’s part to prepare you for modern day threats. In practice, this take involves streamlining operations and removing silos between IT and security with ITSM integrations.  To compliment the same, the platform also allows automatic assigning of tickets, while practicing a similar stance when it comes to orchestrating remediation with your ITSM tools such as ServiceNow and JIRA. So, as far as reducing the risk quotient and speeding up mean time to remediation is concerned, the automation angle carries a chance to be one welcoming addition.

“Ensuring the security of our customers is paramount to us, so we turned to our trusted partner Qualys to help us secure our cloud solutions,” said Rodrigo Herrera Villalón, head of application security at Banco BCI. “Qualys TotalCloud enables us to holistically secure our cloud environment by providing insights into our risk exposure. It brings together and analyzes vulnerability and posture assessment and threat mitigation data, so we can quickly identify and mitigate the most critical issues.”

Founded in 1999, Qualys’ rise comes from a deep understanding of applying a single agent to continuously deliver critical security intelligence and let enterprises automate the full spectrum of vulnerability detection, compliance, and protection. This the company has done for IT systems, workloads, and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. At present, Qualys’ proprietary platform boasts index elastic search clusters made up of more than 9 trillion data points. Supporting 20+ integrated IT, security, compliance apps, the platform in question is also known for conducting well over 2 trillion security events every year, performing 6 billion IP scans and audits in the same duration, and handling over 5 billion Kafka messages on a daily basis. A detail which solidifies its case even further is rooted in the company’s subscriber base of more than 10,000 customers, a subscriber base which is dominated by Forbes Global 100 and Fortune 100 companies. Other than that, Qualys also integrates its vulnerability management capabilities into security offerings from leading cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations.

“Managing security across multiple cloud and SaaS applications can lead to scattered risk scores that are challenging for organizations to prioritize, let alone remediate,” said Sumedh Thakar, president and CEO of Qualys. “TotalCloud 2.0 silences the noise from disparate security tools, offering a clear, prioritized view of risk across multi-cloud, SaaS applications, and assets. This ensures swift resolution of critical issues, dramatically reducing the organization’s risk.”

Hot Topics

Related Articles