Qualys is a company that, since 1999, has been delivering security and compliance solutions to large enterprises. They’re one of these companies that works behind the scenes delivering solutions that are decidedly unsexy, but critically important. A member of the Cloud Security Alliance, Qualys has, over the past few years, been morphing its products to better address the needs of modern enterprises who now have to cope with distributed applications and a far more complex security risk profile than before.
The company is today announcing a new continuous monitoring service that speaks to this new need. Announcing at the RSA security conference, this new offering gives organizations the ability to identify threats and unexpected changes in Internet-facing devices within their DMZ, cloud-based environments, and web applications. The idea being that if changes are identifies, it’s more likely that actions can be taken before they are breached by attackers. The idea of the product is to move from irregular monitoring to a continuous monitoring paradigm for the most important workloads. The new service monitors several different aspects of infrastructure:
- Hosts and devices exposed to the Internet – to see whenever systems appear, disappear, or are running unexpected operating systems
- Digital certificates – to track SSL certificates used on systems to know if they are weak or self-signed, and when they’re due to expire
- Ports and services open on each system – to keep tabs on which network ports are open, which protocols are used, and whether they change over time
- Vulnerabilities on hosts or applications – to know when vulnerabilities appear (or reappear), whether they can be exploited, and if patches are available
- Applications installed on perimeter systems – to find out when application software gets installed or removed from these systems
Continuous monitoring is important because it carries a double benefit – firstly, and as I mentioned previously, it moves from a capture-some to a capture-all notion of flow – such that any activity can be tracked by the solution. Secondly, because IT operatives aren’t waiting for the results of scheduled scanning windows, they are able to be more efficient – the process of issue-notification can be far more automated.
As I’ve mentioned in the past – modern IT is a far more complex beast than ever before, solutions like continuous monitoring help to reduce the significant operational stress that creates.