Qualys, Inc. announced TotalCloud with FlexScan
delivering cloud-native VMDR with Six Sigma Accuracy via agent and
agent-less scanning for comprehensive coverage of cloud-native posture
management and workload security across multi-cloud and hybrid
environments.
As business applications and on-premises infrastructure migrate to
the cloud, security teams struggle with managing cyber risk across cloud
workloads, services, resources, users, and applications. Additionally,
teams must deal with a plethora of industry acronym-driven point
solutions that provide a fragmented view of risk without context. This
approach increases security costs and complexity while leaving cloud
applications vulnerable to attacks.
"Qualys is enhancing its widely used platform to deliver visibility,
context, speed, automation, and orchestration in a comprehensive
solution to help organizations scale their security and compliance
programs for modern software development," said Melinda Marks, senior
analyst at ESG. "Qualys TotalCloud incorporates security into
development workflows, enabling them to release secure, reliable code
while giving security teams the control and visibility they need to
manage risk by reducing their attack exposure and rapidly responding to
threats."
"As a finance organization, we need a continuous view of the security
and compliance posture across our cloud applications, with clear
insights into risk," said Prabhuram Rajarathinam, CISO at Cholamandalam
Investment and Finance Company. "Qualys TotalCloud with FlexScan will
enable our cloud security and DevOps teams to use the multiple
assessments to further strengthen the security of our cloud
applications."
With more than 31 million workloads already secured by Qualys, Qualys
TotalCloud extends the industry-leading accuracy of VMDR with
cloud-native FlexScan assessments to unify Cloud Posture Management and
Cloud Workload Security in a single view with risk insights. TotalCloud
automates inventory, assessment, prioritization and risk remediation via
an easy-to-use drag-and-drop workflow engine for continuous and
zero-touch security from code to production cloud applications.
About Qualys FlexScan
Qualys TotalCloud
introduces FlexScan a comprehensive cloud-native assessment solution
that allows organizations to combine multiple cloud scanning options for
the most accurate security assessment of their cloud environment.
-
Security teams will have multiple hybrid assessment capabilities to secure the entire cloud attack surface including:
-
Zero-touch, agent-less, cloud service provider API-based scanning for fast analysis.
-
Virtual appliance-based scanning to assess unknown workloads over
the network for open ports and remotely exploitable vulnerability
detection.
-
Snapshot assessment that mounts the workload snapshot for periodic offline scanning including vulnerabilities and OSS scanning.
-
Qualys Cloud Agents in the workload for comprehensive, real-time vulnerability, configuration and security assessment.
Qualys TotalCloud provides security teams with:
Immediate multi-cloud posture insights
- The unified cloud posture dashboard provides inventory, security and
compliance posture insights across multi-cloud environments in minutes.
Teams can easily identify and prioritize the misconfigurations that
cause the highest risk with additional context on workload vulnerability
and security posture.
Unified security view to prioritize cloud risk with TruRisk
- A single view of cloud security insights across cloud workloads,
services and resources is provided via the console. Additionally, Qualys
TruRisk quantifies security risk by workload criticality and
vulnerability detections and correlates it with ransomware, malware and
exploitation threat intelligence to prioritize, trace and reduce risk.
Fast remediation with no code, drag-and-drop workflows
- The integration of QFlow technology into TotalCloud saves security
and DevOps teams valuable time and resources. Automation and no-code,
drag-and-drop workflows help simplify the time-consuming operational
tasks of assessing vulnerabilities on ephemeral cloud assets, alerting
on high-profile threats, remediating misconfigurations, and quarantining
high-risk assets.
Shift-left security to catch issues early-
TotalCloud provides shift-left security integrated into developers
existing CI/CD tools to continuously assess cloud workloads, containers
and Infrastructure as Code (IaC) artifacts. This allows for the rapid
identification of security exposures and remediation steps during the
development, build and pre-deployment stages while providing support for
the major cloud providers including AWS, Azure and Google Cloud.
"Cloud security is getting very fragmented with too many point
solutions, which brings more complexity," said Sumedh Thakar, president
and CEO of Qualys. "Our customers want seamless, comprehensive insight
into cyber risk across their multi-cloud and non-cloud assets. With our
innovative TotalCloud offering, we bring flexible, high-quality
cloud-native risk assessment to our customer base as they look to expand
into the cloud with Qualys."
Availability
Qualys TotalCloud is currently in preview. It will be generally available by the end of the year.