Although companies have been taking steps in this direction for years, in some ways digital transformation has only just begun. The pandemic may have accelerated migration to the cloud, but future business will drive further transformation and innovation.
However, to get the most out of investing in the cloud and other transformation technologies, organizations need to be agile to respond to unexpected and planned changes. Last week at QSC 2021 in Las Vegas, it quickly became clear that customers want to defend now and secure in the future – and that Qualys has spent most of the last year innovating to meet those needs.
The challenges
Organizations face a number of challenges as they transform themselves, some of which stem directly from operational changes and some of which are external forces:
-
According to Chris Krebs, the former Cybersecurity and Infrastructure Security Agency (CISA), they are increasingly the target of harmful cyber attacks carried out by “experienced actors”.
-
You collect, manage, use and share more data – much of it sensitive – than ever before.
-
You operate in an expanding, networked world that creates a complex ecosystem of partners, suppliers and customers.
-
You have to manage an explosion of Internet of Things (IoT) devices that need to be managed and secured.
-
Remote working will remain, and most organizations will have to support hybrid environments in the future – they struggle to deliver a consistent employee experience regardless of where an employee is, and there are many security concerns.
-
You’ve moved to the cloud, but have yet to squeeze out the value of your investment and grapple with security concerns.
-
You must be accountable to executives and boards of directors who deal with budgets, security and risk mitigation.
The solutions
To address these challenges, public and private sector organizations are turning to technology to:
automation. As Krebs and Qualys President and CEO Sumedh Thakar said, security teams overwhelmed by the relentless attacks on their systems are turning to automation to automatically offload their load and strengthen their organizations’ defenses against attacks.
Faster resolution. Thakar noted that whoever gets there first wins. And unfortunately, it is often a threat actor who reaches an unpatched vulnerability first. Security teams are looking for ways to discover, manage, and remediate faster
Gain visibility. Asset visibility has become particularly important as companies move workloads to the cloud. Organizations invest in solutions that allow them to see across multi-cloud environments to identify vulnerabilities and unusual activity.
Introduction of a zero trust network architecture (ZTNA). Businesses turn to ZTNA, assuming no one and nothing is to be trusted, for identity verification and more.
AI and machine learning. These emerging technologies can help organizations respond more quickly to vulnerabilities and security incidents by providing insights into cybersecurity threats by quickly analyzing a sea of data.
Harmonize IT and security. Francis Finley, Equifax Vice President of Cyber Detection, Response and Vulnerability Management, emphasized the importance of IT and technology hand in hand to combat security threats and increase efficiency.
The innovations
Help is on the way. It is clear that Qualys innovated to meet challenges. The company has:
-
The Qualys cloud platform was recently updated to improve prevention and add detection and response features such as asset inventory management and streamlining compliance management.
-
Redesigned asset management so security teams can monitor the health of their company’s assets by applying business criticality and risk context, identifying security risks and prioritizing vulnerabilities, and reacting quickly to reduce what Constantine Vorobetz, Product Manager, Assets and Reporting, does Qualys, called “Debt Threat.”
-
Provides companies with an integrated approach that can help them discover assets and then discover and prioritize vulnerabilities based on risk profiles. You can also have closed loop correction from a single platform. Integrated patch management shortens the time to rectification. Qualys also gives security teams a way to integrate with ITSM workflows like ServiceNow so they can better work together to fix vulnerabilities and prioritize and track bugs.
-
Extends his approach to containers, vulnerability management, configuration and compliance in Kubernetes environments and advocates a shift left strategy that supports a preventive approach to DevOps and security. The company’s cloud platform has adopted a microservices-based architecture that runs on containers. Qualys used its own security solutions when it containerized most of its workloads.
-
Extends his approach to containers, vulnerability management, configuration and compliance in Kubernetes environments and advocates a shift left strategy that supports a preventive approach to DevOps and security.
-
Introduced a microservices based architecture for its cloud platform that runs on containers. Qualys used its own security solutions when it containerized most of its workloads.
-
Provides an innovative way for companies to purchase, configure, and use third-party integrations in minutes through the Qualys Integration Hub.
-
Extended functions of the Qualys Cloud Platform through third-party integrations to solve cross-product use cases.
-
Advances in External Attack Surface Management (EAPM), a new security specialty that addresses the complexities of building complex and potentially vulnerable cloud assets.
The proof lies in the customers
During the two-day conference, representatives from various organizations came to explain how Qualys has helped them solve their many security challenges.
District K. The retailer struggled to keep track of its assets as it targeted new businesses through acquisitions and, like most companies in the world, sent its employees home to work remotely in 2020. “Everyone is distributed. Everyone is everywhere, “said Todd Sherinian, senior manager, global cyber operations, Circle K.” So you need tools to discover the same level of visibility for your remote users, remote systems, or the cloud. ”
“Qualys CSAM gives us all of that, and of course everything related to our threat detection and remediation,” said Sherinian. “Does this fix actually work? Because often people post patches and fix something and we see that it isn’t really right.”
Circle K also uses Qualys to keep auditors happy, quickly see how software is being used, and to see where assets are and where data is going. “It saves many hours and it worked very well with the auditors from these organizations,” he said.
Equifax. As the credit monitor firm rebuilt its image after a devastating breach, it took steps to align its IT and security operations and increased its investment in security solutions and initiatives, according to keynote speaker Francis Finley, VP Cyber Threat Detection, Response and Vulnerability Management , Equifax. It brought Qualys into play about a year ago, “mostly with the idea of buying a vulnerability management solution,” said Finley. “We quickly found that it solved many other needs for us and the technical team as well.”
The company now has “more than 700 users in our environment who are currently logging into our Qualys infrastructure, most of them our incident response responders and our security operations center,” he said. But technology teams also use the solution. It can help them plan things like end of life of devices.
Euronet worldwide. Getting a single, accurate, and timely view of risk exposure was the best way to help the company’s global IT teams maintain robust controls over information security and data governance. “Our global IT teams are responsible for delivering business services to our units, helping them maintain robust information security and data governance controls, and quickly addressing risks when new threats such as zero-days emerge. For this reason, Euronet Worldwide chose Qualys VMDR® with integrated. chose apps for asset identification and management, vulnerability management, threat detection and prioritization, and response.
Montana State University. MSU had hoped to achieve this when they joined the Qualys XDR beta program to address the challenges of their security environment and eventually, according to MSU security engineer Jacob Hahn, XDR became part of the university’s 20,000-student security practice close.
To learn more about how Qualys solutions can solve security challenges, visit the Qualys website. And don’t forget to check out the sessions at QSC 2021 Las Vegas, which are now available upon request.
Related
Disclaimer of liability
Qualys Inc. published this content on November 29, 2021 and is solely responsible for the information contained therein. Distributed by public, unedited and unchanged, on November 29, 2021 16:50:04 UTC.
