.

Qualys: A Fresh Approach to Cyber Security

SumedhThakar

President & CEO


“The power of the Qualys Cloud Platform is our revolutionary cloud architecture that unifies security and compliance bringing together unparalleled visibility, prevention, detection and response. In addition, our growth has been fueled by an ability to understand the customer’s evolving pain points and to respond quickly with a unique set of security solutions.”

It’s a common scenario that organizations struggle with a failure to oversee risk management thereby failing to mitigate risk adequately. An effective GRC strategy ensures that the organization takes a comprehensive look at risk across the enterprise. Having an effective GRC strategy with the right tactics, structure, and team brings together the risk, compliance, and governance functions in a complex organization. Even for businesses preparing for digital transformation, building security, IT, and compliance into a unified process helps accelerate digital maturity. However, past security solutions focused on specific parts of the IT footprint, either the endpoint, network or applications in isolation. On-premises tools failed to work with SaaS applications.

While digital transformation is often the forcing function, there are security and regulatory reasons for consolidation as well. The US Department of Defence requires its technology vendors to assess the maturity of their security operations through the Cybersecurity Maturity Model Certification (CMMC). This is where Qualys comes in. Qualys helps businesses automate the full spectrum of auditing, compliance, and protection of IT systems. 

The highly advanced Qualys Cloud platform provides CIOs a continuous, always-on assessment of their global IT, security, and compliance posture with dashboard visibility across all IT assets, regardless of where they reside. The platform’s automated, built-in vulnerability detection, threat prioritization, automated patching, and other response capabilities comprise a complete end-to-end security solution. Its modular cloud-native architecture delivers a common data model across more than 20 integrated IT, security, and compliance services.

“The power of Qualys Cloud Platform is our revolutionary cloud architecture that unifies security and compliance bringing together unparalleled visibility, prevention, detection and response. In addition, our growth has been fueled by an ability to understand the customer’s evolving pain points and to respond quickly with a unique set of security solutions,” explains Sumedh Thakar, President & CEO of Qualys. 

A Unified Platform

The Qualys Cloud Platform is powered by a proprietary cloud agent and sensor technology that supports more than 20 apps, all fully integrated and natively sharing the data for real-time analysis and correlation. The platform leverages Qualys’ research capabilities, including attack detection, investigation and response via the Cloud Agent and consolidates information to provide broad and deep security coverage. Additionally,  adding another app to the platform is as easy as checking a box. This helps companies to eliminate siloed apps as they consolidate and reduce the tool complexity required in running a security program.

“Overall, the Qualys Cloud Platform addresses our government customer’s security challenges as the only FedRAMP authorized comprehensive cybersecurity platform. With a single agent and scanners across an agency’s entire digital footprint, our federal customers gain actionable intelligence for remediating threats from the data center to the edge,” extols Thakar. 

 Next-Gen Visibility and Vulnerability Management

For decades, companies have struggled to maintain detailed, up-to- date security asset inventories. With the rapid explosion of new cloud technologies and their growing adoption rate, this isn’t getting any easier.

Qualys takes a comprehensive approach to asset visibility with Qualys VMDR (Vulnerability Management, Detection and Response) built from the ground up to seamlessly bring together discovery, assessment, detection and response into a single cloud-based app. VMDR enables organizations to automatically discover every asset in their environment, including unmanaged assets appearing on the network, inventory all hardware and software, and classify and tag critical assets. It also continuously assesses these assets for the latest vulnerabilities and applies the latest threat intel analysis to prioritize actively exploitable vulnerabilities. Next, it automatically detects the latest superseding patch for the vulnerable asset and easily deploys it for remediation. By delivering all this in a single app workflow, VMDR automates the entire process and significantly accelerates an organization’s ability to respond to threats.

Meanwhile, Qualys Cybersecurity Asset Management builds on its asset visibility prowess and moves the needle beyond inventory by adding security context and response. “At a deeper level, it is IT asset management reimagined for security teams with a core focus on comprehensively identifying all systems, detecting at-risk assets, and mitigating with appropriate actions,” explains Thakar.

For two decades, Qualys has been a pioneer in delivering cutting- edge security and compliance services. Qualys established itself as one of the first vendors to offer vulnerability management capabilities through a SaaS delivery model. Today, Qualys has more than 19,000 customers in 130 countries, with customers among the majority of the Forbes Global 100 and Fortune 10.

To best explain the company’s value proposition, the story of how Qualys assisted consumer identify protection company to thwart its security challenges is illustrative. While the company moved an increasing number of its business systems to the cloud, this also created new challenges from an information security perspective. As its cloud workloads grew, the consumer identify protection company realized that its existing approaches to cloud security would be unable to meet its long-term objectives. the company harnessed Qualys CloudView for unparalleled visibility, continuous security and monitoring of its public-cloud workloads and infrastructure. The Qualys solution met several critical requirements for the client including ease of configuration and use, scalability and reliability. This allowed the client’s rapid and reliable access to actionable insights while helping its teams quickly understand its exposure across hundreds of assets on its AWS and Azure cloud infrastructure with ease.

A History of Innovation to Fuel the Future of Defense

Qualys has always been an innovator. Today it enjoys a global, blue-chip customer base, with 66% of the Forbes Global 50, 46% of the Global 500, and 25% of the Global 2000 standardized on Qualys. Over the last decade, the company has significantly invested in its best-in-class integrated cloud platform with a vision to reduce the security toolset that most customers are saddled with today. The goal is fewer tools, fewer platforms. It becomes more seamless for customers to manage their security posture while complying with changing regulations. Today, the company has 11 shared cloud platforms (data hubs)supporting its customers throughout the world. It continually adds new solutions and approaches to its platform to enable customers to solve emerging security issues and consistently reduce risk. 

As Qualys looks to the future, it will continue to add capabilities that allow its customers to leverage automation to relieve overworked cybersecurity teams, get ahead of threats and bolster companies’ defenses against attack.

“Recently, we added intelligent automation that allows three capabilities: prioritization of vulnerabilities based on threat indicators such as ransomware, matching of prioritized vulnerabilities with known patches, and a zero-touch “set and forget” feature to proactively patch devices and applications per predefined policies. All these together lead to increased productivity. This way, an organization can create a policy to keep (e.g.) Adobe Reader software always patched on all employee laptops,” points Thakar. 

On the immediate horizon, Qualys looks forward to its Extended Detection and Response (XDR) solution entering the market in early 2022. XDR is the company’s next-generation security analytics and incident response application. It will natively integrate and correlate asset inventory, risk-based vulnerability management, patching, EDR, and FIM security telemetry with additional third-party data integration to provide high-fidelity detection and response.

“Additionally, we are expanding our partner network and have recently announced TD SYNNEX as our North American distribution partner. They will offer the Qualys Cloud Platform to their base of resellers in the regions they serve. Our core focus is on executing on our immediate opportunities with prioritized Go-to-Market investments while advancing new product initiatives that create further competitive differentiation,” concludes Thakar.