SAN FRANCISCO - RSA CONFERENCE 2017 - Cloud-based security and compliance solutions provider Qualys this week announced new tools and features to provide customers with improved detection capabilities, expanded web application security features, and improved vulnerability data sharing.
Qualys added two new detection solutions to its Cloud Platform, in the form of Qualys File Integrity Monitoring (FIM) and Indicators of Compromise (IOC), both meant to deliver more critical security and compliance functions in a single cloud-based dashboard. FIM and IOC bring to the Qualys Cloud Agent a combination of prevention and detection by adding continuous visibility of breaches and system changes to the single-pane view of security and compliance posture that the Agent already offers.
Qualys FIM was designed to log and centrally track file change events across global IT systems, while offering a single-view dashboard for identifying critical changes, incidents, and audit risks caused by various factors, including normal patching and administrative tasks, change control exceptions or violations, and malicious activity.
A cloud-based solution, FIM doesn’t require the deployment and maintenance of complex security infrastructure, which also results in improved compliance, reduced downtime, and limited damage from compromise. With FIM, customers get features such as out-of-the-box profiles based on industry best practices and vendor-recommended guidelines, real-time change engine to monitor files and directories specified in the monitoring profile, and automated change reviews of workflows.
Qualys IOC, on the other hand, continuously monitors endpoint activity for suspicious activity that could signal the presence of known malware, unknown variants, and threat actor activity on devices both on and off the network. The solution brings together endpoint detection, behavioral malware analysis, and threat hunting techniques, the company says.
Qualys IOC provides customers with continuous event collection through Cloud Agent's data collection and delta processing techniques, as well as with highly scalable detection processing (as analysis, hunting, and threat indicator processing are performed in the cloud). Moreover, the solution offers actionable intelligence for security analysts, to help them prioritize responses for critical business systems.
According to Qualys, security administrators will benefit from multiple enhancements that FIM and IOC bring to the Cloud Agent and cloud-based processing platform, including easy setup and no maintenance needs (modules can be instantly activated), minimal impact on performance (the Cloud Agent monitors file changes and system activity locally but sends all data to the Cloud Platform), unified security posture (FIM and IOC alert data is presented in a single, integrated view), and integration with AssetView (providing dynamic dashboards, interactive and saved searches, and visual widgets to analysts).
“Breaches continue to rise despite the investments in traditional mechanisms that organizations have deployed to support their businesses in the new era of digital transformation. Our new disruptive services for FIM and IOC extend the capabilities of our Cloud Agent platform, allowing companies to get the visibility and prevention they need against cyber threats from one single platform, drastically reducing their security costs,” Philippe Courtot, chairman and CEO, Qualys, said.
Expanded web application security offerings
With the release of Qualys Web Application Scanning (WAS) 5.0 and Web Application Firewall (WAF) 2.0 this week, the company added new functionality to its web application security offerings, in an attempt to provide customers with scalable fast scanning, detection and patching of websites, mobile applications and Application Programming Interfaces (APIs), in one unified platform.
The newly released WAS 5.0 offers not only programmatic scanning of Simple Object Access Protocol (SOAP) APIs, but also the testing of REpresentational State Transfer (REST) API services, Qualys announced. Moreover, it delivers scanning of IoT (Internet of Things) services and mobile apps, as well as API-based business-to-business connectors, and can automatically load-balance scanning of multiple applications across a pool of scanner appliances for efficiency. Moreover, improvements made to Progressive Scanning allow customers to scan very large sites, one slice at a time, to cover large applications that are problematic to scan in a short window.
WAF 2.0, on the other hand, offers one-click virtual patching feature to address both false-positives and the inability to quickly patch vulnerabilities; out-of-the-box security templates for popular platforms such as Wordpress, Joomla, Drupal and Outlook Web Application; and support for VMWare, Hyper-V, and Amazon Web Services, along with features such as load-balancing of web servers, health checks for business-critical web applications, custom security rules based on HTTP request attributes, reusable Secure Socket Layer profiles, detailed event log information, and centralized management.
Both Qualys WAS 5.0 and WAF 2.0 are available now as annual subscriptions. Pricng for Qualys WAS starts at $1,695 for small businesses and $2,495 for larger enterprises, while pricing for the WAF soluton starts at $1,995 for small businesses and $9,995 for larger enterprises.
Vulnerability data sharing
In addition to the expanded portfolio, Qualys also announced a partnership with crowdsourced security testing company Bugcrowd to allow joint customers to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs.
The joint integration between Bugcrowd Crowdcontrol and Qualys Cloud Platform brings together automated web application scanning (WAS) and penetration-testing crowd in a single solution. Thus, joint customers should be able to eliminate vulnerabilities discovered by Qualys WAS from their list of offered bug bounties, while focusing on Bugcrowd programs and critical vulnerabilities that require manual testing.
The initial stage in this collaboration allows Bugcrowd customers who also have Qualys WAS to import vulnerability data into the Bugcrowd Crowdcontrol platform and use it to optimize their bug bounty program scope and incentives. In the future, joint customers running a bug bounty platform on Bugcrowd will be able to import unique vulnerabilities from Crowdcontrol into Qualys WAS and apply one-click patches through the fully integrated Qualys Web Application Firewall.
“With the move of IT to the cloud and all the digital transformation efforts underway, web apps are exploding and securing these apps is now front and center. By combining the automation of Qualys Web Application Scanning (WAS) and Bugcrowd's crowd sourcing platform, organizations can now cover a much larger number of applications and secure them more effectively at a lower cost,” Sumedh Thakar, Chief Product Officer, Qualys, said.