Qualys Debuts CloudView App Framework
July 31, 2017
is a new App framework in the Qualys Cloud Platform for
comprehensive and continuous protection of cloud infrastructure,
delivering InfoSec and DevSecOps teams a “single pane of glass”
view of security and compliance across cloud infrastructures.
CloudView delivers to customers topological visibility and
insight about the security and compliance posture of their
complete public cloud infrastructure for major providers
including Amazon Web Services (AWS), Microsoft Azure and Google
Cloud. The first two apps in CloudView include Cloud Inventory
(CI) and Cloud Security Assessment (CSA).
According to Cisco’s Global Cloud Index forecast1, cloud
workloads will account for 92 percent of all data center traffic
by 2020. To prepare for this shift, InfoSec teams must adapt
their practices to the scale and elasticity of cloud workloads,
and define their share of joint security responsibility with
public cloud providers. Qualys CloudView addresses this need by
extending Qualys’ unparalleled visibility of security and
compliance from cloud hosts to the entire cloud infrastructure.
CloudView augments the existing Qualys view of host-related
vulnerability, compliance and threat intelligence with a
real-time inventory of all cloud services. This combination
helps security teams monitor, assess and deliver reports from
within the DevOps pipeline to ensure that cloud workloads
throughout the Continuous Integration/Continuous Development
(CI/CD) toolchain are configured in-line with Identity and
Access Management, Network and Administrator access policies and
regulations, thus drastically reducing exposure to attacks.
“Accelerated cloud adoption requires new adaptive security
solutions that support fast-moving digital transformation
efforts,” said Philippe Courtot, chairman and CEO, Qualys, Inc.
“Our new CloudView and its apps add unparalleled visibility and
continuous security of all cloud workloads to provide customers
complete cloud security in a single, integrated platform and
drastically reducing their spend.”
The initial release of Qualys CloudView includes two apps as
Cloud Inventory (CI) App offers:
•Comprehensive Inventory: Qualys CloudView integrates with
the native APIs available from public cloud providers to
continuously discover resources and automate security monitoring
against industry standards and architectural best practices.
•Topological Visibility: It provides topological views of the
infrastructure and relationships across other cloud resources.
Users can drill down into the deployment architecture across
different dimensions like location, network layouts and security
group view to quickly get to the root cause of issues.
Cloud Security Assessment (CSA) App offers:
•Continuous Security Monitoring: Qualys CloudView automates
security monitoring against industry standards to identify
threats caused by misconfigurations, unwarranted access and
non-standard deployments, and provides remediation steps to
manage risks. CloudView also automates evaluation of regulatory
mandates like PCI-DSS,HIPAA, NIST and ISO 27001. Users can check
for compliance against the mandates and generate reports to
submit to their auditors.
and Threat Prioritization: Complete cloud resource inventory
information in CloudView powers simple yet powerful search
queries across an asset’s configuration and complex associations
to quickly identify the root cause of an incident. To track and
understand trends in fast-changing elastic clouds, CloudView
provides both a real time and a historical view of the
inventory. Security posture visibility includes cloud host
vulnerability, compliance and threat intelligence data from the
existing Qualys platform, enabling users with context to
effectively prioritize and remediate threats.
•Automated Security Throughout the DevOps Pipeline: Qualys
CloudView supports REST APIs for seamless integration with the
CI/CD tool chain, providing DevSecOps teams with an up-to-date
assessment of potential risks and exposure. The solution can be
integrated with Governance, Risk and Compliance, Security
Information and Event Management, and ticketing service
providers to help InfoSec teams automate processing of threats
Qualys CloudView will be available in beta for AWS starting Q4
2017, with future versions supporting other major cloud
providers like Azure and Google Cloud. The first two apps
include Cloud Inventory (CI) and Cloud Security Assessment