Qualys Security Conference 2017
The big theme of the Qualys Security Conference 2017 in London this week was Digital Transformation, how you manage security while moving your IT assets and business functions into the cloud. Key areas were security in AWS and Azure as well as containers like Docker and the supporting tools like Jenkins.
Unified Cloud Security
Qualys is building a unified security view across all these areas and it’s called CloudView. Current vulnerability assessments focus on the host targets and where possible in the case of virtualised environments (VMware / Virtualbox etc) on the hosting OS. Cloudview goes further and looks at the security of the host and how the virtual machines are provisioned, connected and controlled. This allows an administrator to review the complete risk spectrum of (for example) AWS, it’s security groups, weak security configurations, potential data exposure, and in later versions due next year, the ability to use one-button presses to reconfigure the installation and eliminate the risks.
Cloudview is aimed at AWS, Azure and Google Platform and will begin General Availability in 2018. The plan is then to extend the service to Alibaba Cloud, Oracle Cloud and Softlayer environments.
For Docker deployments Qualys will offer a virtual scanner as a container which can be deployed alonside other containers to assess their security posture.
File Integrity Monitoring
For a long time the ability to detect changes to critical system and application files has been a measure of the maturity of an organisation’s security capabilities. To achieve this though has traditionally been expensive and technically challenging. It normally relies on a plethora of scripts to be deployed to hosts and a method provide for collecting the information and then forwarding it to a central location.
Qualys has overcome this by utilising the Cloud Agent to collect the data from the host and use the proven method of pushing the information securly to the cloud. This means no scripts or other agents to deploy and the automatic integration of this new information with existing vulnerability and compliance data.
Using a wizard style menu system, policies for what needs to be monitored and what action to take on changes are configured and made live with no need to distribute the changes to the endpoints.
As per all Cloud Agent capabilities this is provided for All versions of Windows from XP SP3 up, and many (soon almost all) versions of Linux and UNIX.
The ability for Qualys to handle the remediation of the issues it discovers has long been requested. If Qualys tells you that a patch is missing or a configuration file has insecure settings, why can’t it make the change or install the patch ? That is exactly what Qualys has been working on in 2017 and in the new year we will see patch deployment for vulnerability management and configuration changes for Compliance. Examples of both were shown at the conference and there was very strong interest from all present, resulting in many questions in the Q&A sessions.
There were plenty more technical announcements and updates made on the day.
Indication of Compromise again makes use of Cloud Agent to detect the aritifacts of malware that denote the deployment of compromise code. Behaviour and Family based models allow the detections to keep up with changing threats. Historic logging of threat evidence allows for Hunting activities to locate other devices which may be suffering from the same compromises. This is a big area for Qualys and promises to provide unparalleled visibility for organisation that are serious about the effects of malware.
Malware Insight is a new service that will allow customers to upload suspicious files to be then analysed by the Qualys Malware Team. As well as reporting on the submission it will allow a definition of this new malware to be brought back into your Qualys subscription and the Hunting function to be used to find other locations that may be suffering the same attack.
CertView takes the existing auto-detected certificate tool in Qualys VM to a new level by providing SSL Labs integration and a unified view across all areas of the estate.
Security Assessment Questionnaire has made big steps forward with new Vendor Assessment workflows, Event Scheduling and Risk Scoring.
All these modules will benefit from a UI overhaul in 2018 which is a simpler and cleaner (and faster due to it’s pre-fetch and lighter file download capabilities.
More Cloud Apps
The Qualys platform has come a long way from it’s origins as a Vulnerability Management service. A total of 18 services are either available now or shortly and each aims to bring another piece of the security jigsaw into reach. With more information, automatically integrated in the cloud, companies can gain control of their security infrastructure and plan to avoid costly mistakes as the prospect of more and more complex attacks seems certain.