As business applications and on-premises infrastructure migrate to the cloud, security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Additionally, teams must deal with a plethora of industry acronym-driven point solutions that provide a fragmented view of risk without context. This approach increases security costs and complexity while leaving cloud applications vulnerable to attacks.
“Qualys is enhancing its widely used platform to deliver visibility, context, speed, automation, and orchestration in a comprehensive solution to help organizations scale their security and compliance programs for modern software development,” said Melinda Marks, senior analyst at ESG. “Qualys TotalCloud incorporates security into development workflows, enabling them to release secure, reliable code while giving security teams the control and visibility they need to manage risk by reducing their attack exposure and rapidly responding to threats.”
“As a finance organization, we need a continuous view of the security and compliance posture across our cloud applications, with clear insights into risk,” said Prabhuram Rajarathinam, CISO at Cholamandalam Investment and Finance Company. “Qualys TotalCloud with FlexScan will enable our cloud security and DevOps teams to use the multiple assessments to further strengthen the security of our cloud applications.”
With more than 31 million workloads already secured by Qualys, Qualys TotalCloud extends the industry-leading accuracy of VMDR with cloud-native FlexScan assessments to unify Cloud Posture Management and Cloud Workload Security in a single view with risk insights.
TotalCloud automates inventory, assessment, prioritization and risk remediation via an easy-to-use drag-and-drop workflow engine for continuous and zero-touch security from code to production cloud applications. Qualys FlexScan Qualys TotalCloud introduces FlexScan a comprehensive cloud-native assessment solution that allows organizations to combine multiple cloud scanning options for the most accurate security assessment of their cloud environment.
Security teams will have multiple hybrid assessment capabilities to secure the entire cloud attack surface including:
• Zero-touch, agent-less, cloud service provider API-based scanning for fast analysis. • Virtual appliance-based scanning to assess unknown workloads over the network for open ports and remotely exploitable vulnerability detection.
• Snapshot assessment that mounts the workload snapshot for periodic offline scanning including vulnerabilities and OSS scanning.
• Qualys Cloud Agents in the workload for comprehensive, real-time vulnerability, configuration and security assessment.
Qualys TotalCloud provides security teams with:
Immediate multi-cloud posture insights – The unified cloud posture dashboard provides inventory, security and compliance posture insights across multi-cloud environments in minutes. Teams can easily identify and prioritize the misconfigurations that cause the highest risk with additional context on workload vulnerability and security posture. Unified security view to prioritize cloud risk with TruRisk – A single view of cloud security insights across cloud workloads, services and resources is provided via the console. Additionally, Qualys TruRisk quantifies security risk by workload criticality and vulnerability detections and correlates it with ransomware, malware and exploitation threat intelligence to prioritize, trace and reduce risk.
Fast remediation with no code, drag-and-drop workflows – The integration of QFlow technology into TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-profile threats, remediating misconfigurations, and quarantining high-risk assets.
Shift-left security to catch issues early – TotalCloud provides shift-left security integrated into developers existing CI/CD tools to continuously assess cloud workloads, containers and Infrastructure as Code (IaC) artifacts. This allows for the rapid identification of security exposures and remediation steps during the development, build and pre-deployment stages while providing support for the major cloud providers including AWS, Azure and Google Cloud.
“Cloud security is getting very fragmented with too many point solutions, which brings more complexity,” said Sumedh Thakar, president and CEO of Qualys. “Our customers want seamless, comprehensive insight into cyber risk across their multi-cloud and non-cloud assets. With our innovative TotalCloud offering, we bring flexible, high-quality cloud-native risk assessment to our customer base as they look to expand into the cloud with Qualys.”
Qualys TotalCloud is currently in preview. It will be generally available by the end of the year. To request a free trial, visit Qualys.com/totalcloud-trial. Learn more by reading the TotalCloud-blog.