Qualys, a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, has introduced Qualys SaaS Detection and Response (SaaSDR), which provides a single console for IT and security teams to gain continuous visibility, security and compliance of critical SaaS apps.
Powered by the FedRAMP-authorized Qualys Cloud Platform, Qualys SaaSDR streamlines and automates the process of managing SaaS security, risk and compliance. The result is automated, up-to-date inventory and control over SaaS apps, folders and documents to prevent malicious or unintended exposure of sensitive information and deliver a deep understanding of the SaaS apps’ compliance posture. The initial release will provide native support for Google Workspace, Microsoft Office 365, Zoom and Salesforce.
“Qualys SaaSDR helps ImagineX with our Microsoft Office 365 and Google Workspace deployments’ security and compliance. It provides the security team with visibility and control of critical SaaS apps, all from a single screen, strengthening the apps’ security posture. We also see SaaSDR as a key imperative to help guide our customers as they work to enhance SaaS apps’ compliance and shine a spotlight on potential data exposure,” said Tim Salvador, Cybersecurity Practice Director, ImagineX Consulting, LP.
“As applications migrate from on-premises to IaaS and subsequently SaaS, blind spots develop for security analysts as traditional security tools do not have the necessary visibility for SaaS application stacks,” said Frank Dickson, program vice president, security products at IDC. “The reality of the SaaS shared responsibility model is the application of security and maintenance in a SaaS context is fundamentally different as the SOC does not have control of the operating system and application layer. The security, hygiene and management have to be applied using an API-centric approach, leveraging data and identity disciplines. Qualys looks to provide SaaS application visibility to the SOC via frictionless data collection for deeper assessment, supporting CIS policies for Office 365 and Zoom while also leveraging the power of the Qualys posture management technology to augment identity and data context. Qualys SaaSDR provides an easy plug-in solution to assist CISOs in monitoring and managing the data exposure and security compliance of their SaaS applications.”
With Qualys SaaSDR, enterprises have a single solution to manage their SaaS apps, providing:
- User and Device Visibility – Automatically inventory SaaS application users and user groups (internal and external) along with the files and folders users own and can access. It also gathers detailed information on endpoints, such as an asset’s details, location, running services, installed software and more, all in a single, unified view.
- Powerful Access Controls – Get complete control over users and data access rights to quickly review and granularly assign the proper access levels – all from a single interface.
- Data Exposure Insights – Shine a spotlight on SaaS applications and third-party apps to immediately identify security weaknesses like incorrect permissions, at-risk files, file changes, misconfiguration issues, critical vulnerabilities, and exploits using advanced threat intelligence.
- Security and Compliance Posture – Realize continuous and automated security posture and configuration assessments for SaaS applications along with enforcement of compliance aligned with industry benchmarks like O365 via CIS, PCI-DSS, NIST, and CIS.
- Assess Risk – Leverage the Qualys Cloud Platform to correlate SaaS application data insights such as user access rights and data exposure, with additional security telemetry, like user location, time of access, file changes, host vulnerabilities and configurations, advanced threats, and more to manage risk.
“Qualys’ massive investment in our Cloud Platform provides the relevant context, real-time analysis, visibility and scale needed to support detection and response offerings such as SaaSDR,” said Philippe Courtot, chairman and CEO of Qualys. “Qualys SaaSDR’s native connectors build security into SaaS apps providing clarity and an unparalleled level of detail and insight – all from a single screen – so that customers can ensure their SaaS apps are secure and compliant.”
In the second half of 2021, Qualys will add proactive response capabilities such as alerting on data exposure and automated remediation to the app so customers can fix compliance and exposure issues and automatically patch misconfigurations, vulnerabilities and threats with one click. Qualys will also add support for additional solutions such as Slack, GitHub and Microsoft Teams, along with customized controls to enable targeted security posture assessments.