RSA Conference 2014: Qualys Adds Cloud-based Continuous Monitoring and Web App Firewall

The Qualys booth at this year's RSA Conference in San Francisco
The Qualys booth at this year's RSA Conference in San Francisco

Continuous monitoring as a category gives organizations the ability to proactively identify threats and unexpected changes in internet-facing devices within their DMZ, cloud-based environments, and web applications before they are breached by attackers. It brings a new paradigm to vulnerability assessment (VA), empowering customers to continuously monitor mission-critical assets throughout their perimeter and immediately get alerted to anomalies that could expose them to cyber-attacks.

It’s been described as a key to combatting next-gen threats and is being implemented in public sector agencies as part of an overall security refresh and group of requirements.

In particular, the National Institute of Standards and Technology (NIST) 800-53 requirements for "continuous monitoring" serve as an accelerator for the frequency of VA use.”

“Gartner's vulnerability management life cycle activities include the secure configuration of IT assets, regular assessment of vulnerabilities and compliance with security configuration policies, remediation of vulnerabilities or security configuration issues, and ongoing monitoring to detect malicious events or activities,” said Gartner analyst Kelly Kavanagh, in its MarketScope for Vulnerability Assessment. “The use of VA products or services as a best practice has been incorporated into a number of prescriptive compliance regimes, including the PCI DSS, the U.S. Federal Information Security Management Act (FISMA) and desktop configuration requirements.”

Qualys’ functionality allows companies to continuously monitor hosts and devices exposed to the internet to see whenever systems appear, disappear, or are running unexpected operating systems; digital certificates; ports and services open on each system; vulnerabilities on hosts or applications and related exploits and patches; and applications installed on perimeter systems.

When the Continuous Monitoring module detects changes in the perimeter that could lead to exploitation, it alerts the responsible IT staff assigned to these assets to take the appropriate mitigation measures.

“The cloud is expanding the boundaries of the corporate perimeter to include every browser, device or application that touches the internet, leaving us more exposed to cyber-attacks than ever,” said Philippe Courtot, chairman and CEO for Qualys, in a statement. “With our groundbreaking Continuous Monitoring service, companies can see their perimeter the way today’s hackers do, so that threats can be identified and addressed before they turn into breaches.”

Meanwhile, Infosecurity caught up with Wolfgang Kandek, CTO at Qualys, during this week's RSA Conference. We asked him: what makes this CM service so groundbreaking? "I think it’s a great service that uses the data we have been collecting forever about vulnerabilities", he responded. "It monitors changes in your environment, and you can use it immediately, if you want to monitor your perimeter – it’s a 15 minute setup. You can monitor all external IP addresses and changes. It’s what hackers do – monitoring to see where changes have occurred."

In addition, deployed as a virtual image alongside web applications, the QualysGuard WAF technology shields websites by applying sets of rules to HTTP conversations to prevent them from being attacked. The in-house version of WAF capability is typically costly and difficult to apply because the rules need to be updated often to cover application updates and to address changing threats. However, the QualysGuard WAF cloud service is constantly updated with new rules to keep up with application updates and newly emerging threats on behalf of its clients.

“Companies today are challenged with protecting their websites against attacks and complying with the Payment Card Industry (PCI) standard for transactions on their sites. But many organizations, especially smaller businesses, do not have the expertise or resources to effectively deploy WAFs,” said Charles Kolodgy, research vice president at IDC, in a statement. “By introducing a lower cost, easy-to-use and deploy WAF cloud solution, Qualys can aid organizations in improving protection of their websites and web applications.”

Also, WAF can be centrally managed from a dashboard showing timelines and geolocation graphs of events.

“Large organizations typically have thousands of web applications to protect, while smaller businesses don’t have the resources and IT staff to protect them,” said Philippe Courtot, chairman and CEO for Qualys. “The general availability our WAF service will offer customers the flexibility they need to protect their applications no matter where they reside and whether they have a few or thousands of them.”

"The main attraction is that it’s very easy to deploy", Kandek added. “People have a hard time fixing web appliations. It can take months to address web applicaton vulnerabilities, but with the WAF you can immediately mitigate problems by applying certain rules."

What’s hot on Infosecurity Magazine?