Qualys, a provider of cloud-based security and compliance solutions, has launched CloudView – a new app framework in the Qualys Cloud Platform. The new solution would bring comprehensive and continuous protection of cloud infrastructure, delivering InfoSec and DevSecOps teams a ‘single pane of glass’ view of security and compliance across cloud infrastructures.
CloudView delivers to customers topological visibility and insight about the security and compliance posture of their complete public cloud infrastructure for major providers including Amazon Web Services (AWS Cloud), Microsoft Azure and Google Cloud. The first two apps in CloudView include Cloud Inventory (CI) and Cloud Security Assessment (CSA).
CloudView augments the existing Qualys view of host-related vulnerability, compliance and threat intelligence with a real-time inventory of all cloud services. This combination would help security teams monitor, assess and deliver reports from within the DevOps pipeline to ensure that cloud workloads throughout the Continuous Integration/Continuous Development (CI/CD) toolchain are configured in-line with Identity and Access Management, Network and Administrator access policies and regulations, “thus drastically reducing exposure to attacks.”
“Accelerated cloud adoption requires new adaptive security solutions that support fast-moving digital transformation efforts,” said Philippe Courtot, chairman and CEO of Qualys. “Our new CloudView and its apps add unparalleled visibility and continuous security of all cloud workloads to provide customers complete cloud security in a single, integrated platform and drastically reducing their spend.”
Cloud Inventory, Cloud Security Assessment
Qualys CloudView will be available in beta for AWS Cloud starting Q4 2017, with future versions supporting other major cloud providers like Microsoft Azure and Google Cloud. The first two apps include Cloud Inventory (CI) and Cloud Security Assessment (CSA).
The Cloud Inventory (CI) App would offer:
- Comprehensive Inventory – Qualys CloudView integrates with the native APIs available from public cloud providers to continuously discover resources and automate security monitoring against industry standards and architectural best practices.
- Topological Visibility – CI provides topological views of the infrastructure and relationships across other cloud resources. Users can drill down into the deployment architecture across different dimensions like location, network layouts and security group view to “quickly” get to the root cause of issues.
The Cloud Security Assessment (CSA) App would offer:
- Continuous Security Monitoring – Qualys CloudView automates security monitoring against industry standards to identify threats caused by misconfigurations, unwarranted access and non-standard deployments, and provides remediation steps to manage risks. CloudView also automates evaluation of regulatory mandates like PCI-DSS, HIPAA, NIST and ISO 27001. Users can check for compliance against the mandates and generate reports to submit to their auditors.
- Insight and Threat Prioritization – Complete cloud resource inventory information in CloudView would power “simple yet powerful” search queries across an asset’s configuration and complex associations to “quickly” identify the root cause of an incident. To track and understand trends in fast-changing elastic clouds, CloudView provides both a real time and a historical view of the inventory. Security posture visibility includes cloud host vulnerability, compliance and threat intelligence data from the existing Qualys platform, “enabling users with context to effectively prioritize and remediate threats.”
- Automated Security Throughout the DevOps Pipeline – Qualys CloudView supports REST APIs for “seamless” integration with the CI/CD tool chain, providing DevSecOps teams with an up-to-date assessment of potential risks and exposure. The solution can be integrated with Governance, Risk and Compliance, Security Information and Event Management, and ticketing service providers to help InfoSec teams automate processing of threats and remediation.
