Security in the Digital Age
Qualys is a leading provider of disruptive cloud-based IT, security and compliance solutions and is a key exhibitor at this year’s GISEC being held alongside GITEX. Giuseppe Brizio, CISO EMEA, Qualys discusses the solutions they would be showcasing and also details some of the key trends in security
What was the focus for Qualys at GISEC this year?
We have released a couple of game-changing innovations over the last few months and used GISEC 2020 as a platform to showcase these to our Middle East customers and partners.
Showcased at our stand was Qualys VMDR — Vulnerability Management, Detection and Response. VMDR provides an all-in-one, cloud-based app that automates the entire vulnerability management cycle, significantly accelerating the ability for companies to respond to threats and prevent breaches while drastically reducing licensing and operating cost. We will also show Qualys Multi-Vector EDR — taking a new multi-vector approach to Endpoint Detection and Response (EDR), Qualys now brings the unifying power of its highly scalable cloud platform to EDR.
As part of our participation at the event, we also had two speaking sessions. The first focused on how enterprises get breached. The second discussed the MITRE ATT&CK framework for threat hunting.
We also announced Qualys UAE Cloud, a platform that will allow public and private enterprises across the Middle East to innovate as Qualys brings them unprecedented security and visibility across their hybrid IT environment. The Qualys UAE Cloud will offer all the company’s key solutions including VMDR, (Vulnerability Management, Detection and Response), Multi-Vector EDR, Global IT Asset Inventory, Configuration Management, Certificate Inventory, Threat Protection, Continuous Monitoring, Patch Management, Container Security, Web Application Scanning and Web Application Firewalls.
How do you think the concept of security is getting redefined more in the cloud era? With SASE gaining ground, discuss how this approach is addressed as part of your offerings?
In the Digital and Cloud Era, Enterprise IT environments are made of several different components such as multi-cloud, on prem, endpoints, containers and more. The Enterprise IT environments keep constantly evolving and expanding at unprecedented pace, becoming increasingly hybrid and more and more difficult to secure in a hyper connected world. The pandemic has accelerated the digital transformation initiatives, by pushing the migration to the cloud even further, in order to support the shift to remote and mobile working. The drastic changes brought by the cloud, have had an impact on how organizations provide seamless security across the hybrid IT environments.
To serve the purpose of constantly reducing the time to remediate, the next generation security architecture needs to provide Visibility, Prevention, Detection and Response capabilities, all built-in and natively integrated in a cloud-based platform. What is required in today’s increasingly cloud-based world, is a security Open Cloud Platform able to (a) consolidate point solutions (b) collect all the telemetry in one place to better analyze and correlate — in real time — massive amounts of data (c) build effective intelligence, eliminating false positives/negatives and enabling automation and (d) communicate with other platforms.
Qualys developed a complete platform where metadata is continuously collected by specialized sensors across the entirety of the digital landscape — traditional datacenters, web apps, CI/CD pipelines, mobile workforce, application containers, and multi-cloud environments. This data is centrally indexed, enriched, and processed into actionable information that is consumed through an integrated set of applications, accessible from anywhere with standard secure communication protocols and a browser. This approach provides the flexibility and agility needed by security practitioners to operate at the speed of business, to achieve operational effectiveness and a continuously validated security posture; harmonizing the needs of IT, Security, and Compliance.
Discuss the transforming threat landscape in terms of threat vectors with distributed edge networks becoming more prevalent?
With the continuous evolution and expansion of IT hybrid environments, and consequently more distributed edge networks, the threat landscape is transforming with some threat vectors developing quicker than others. For instance, as part of the industry 4.0 robotics and automation process, operational technology (OT) is increasingly being deployed on shopfloors and industrial controlled system environments, becoming a very concerning threat vector especially for the manufacturing industry. In addition, connected objects as part of the internet of things (IoT) — potentially affecting any company — are climbing the list of threat vector rankings, considering their projected expansion from 30 billion connected devices in 2020 to over 60 billion by the end of 2025. Remote access. which has dramatically increased due to the pandemic, is a significant threat vector particularly when corporate devices use unsecured wireless hotspots and get compromised thereby impacting the corporate network. With the 5G era coming soon, the mobile threat vector will become even more relevant with a much broader attack surface, as the industry will diversify and enlarge its services offering. The 5G will also add further complexity to the network, increasing the workload on security operations teams and potentially allowing attackers remaining unnoticed for significant longer periods of time, unless emerging artificial intelligent technologies will be used to increase the efficiency of security operations centres.
Can you please elaborate on the impact that the new hybrid workforces have in terms of expanding the attack surface?
The organizations shift to new hybrid workforce models requires the implementation of new strategies for securing remote employees and protecting their digital assets from cyberthreats and cyberattacks. The pandemic has accelerated the migration to the cloud, and companies have started to adopt cloud services faster than they had originally planned, increasing consequently the attack surface and exposing security gaps to hackers. Since the beginning of the pandemic the cybersecurity complaints have dramatically increased — up to 3000+ a day, 400% increase, according to FBI reports — where phishing remains the most prevalent threat facing employees working remotely.
Many companies have reacted quickly to connect their remote workforce with secured equipment but some others had to rely on employee owned devices with lower security levels. It’s important for companies to consider a long-term plan on how to provide security to employees and protect their digital assets at a time when cybercriminals have a bigger attack surface to target. The time has come for a more strategic approach to security as companies get used to new hybrid workforces that support remote work. Interesting to highlight that a study also revealed that 43% of security incidents that occurred between March and July 2020 were caused by malicious insiders compared to the five months before the pandemic. The same study also indicated 25% increase in the number of employees attempting to extract data to unauthorized email accounts between March to July 2020, compared to the previous five months.
Can you please elaborate on the solutions you offer for container security including your strategic partnerships with cloud providers?
Driven by digital transformation and remote work, enterprises today face a proliferation of cloud infrastructure and containerized workloads. Securing this infrastructure requires a holistic approach that runs across workloads and the cloud posture. The Qualys platform approach focuses on visibility, prevention, detection, and response as key capabilities to effectively address security challenges. Qualys CloudView and Container Security provide visibility into your cloud footprint, continuously assess its security posture and helps to proactively manage the associated attack surface with automated detection and response capabilities across cloud and container resources. Qualys has partnerships with major cloud providers such as MS Azure, Google Cloud platform (GCP) and Amazon Web Services (AWS), providing native integration of its cloud agent and sensors with above mentioned CSPs. This means that when a new instance is created, you can apply a Qualys agent or sensor gaining the ability to scan all containers images in order to identify vulnerabilities, and ensure near real-time, up-to-date visibility of your security posture on CSP Security Centers. This allows customers to quickly detect risks in their CSPs environments and take rapid and automated remedial actions.
Is the Qualys Cloud meant for monitoring and managing all assets in various Cloud? What powers the Qualys cloud?
Yes, the Qualys Cloud is meant to monitor and manage all the IT assets across the entire IT hybrid environment which is made of Multi-Cloud but also of On-premise, Containers, SaaS, Mobility, OT (Operational Technology) etc.
The power of the Qualys Cloud Platform is in its ability to provide Visibility, Prevention, Detection and Response capabilities in one natively cloud-based and integrated security and compliance solution. So, it starts with a large set of sensors (e.g. cloud agent, cloud connectors, scanners etc.) able to provide visibility on IT assets throughout the IT hybrid environment and that’s not just from time to time, it’s all the time and in real time.
The Prevention capability allows organizations to identify vulnerabilities, mis-configurations etc. which could be exploited and evaluate the threats via risk-based approach in order to prioritize and apply remediation through patching or going a step further to DevOps (i.e. shifting left) for ensuring security by design.
The Detection and Response capabilities are paramount in order to swiftly detect a breach, understanding the context in which it took place and then enable rapid and effective response by quarantining and sanitizing the concerned IT assets.
What powers the Qualys open, highly scalable and extensible architecture, is made of four core layers:
• The suite of more than 20 natively integrated security and compliance applications
• Shared services for tasks like authentication, authorization, subscriptions, indexing, data sync and tagging
• Messaging, data and analytics engines, including Kafka, JanusGraph, Ceph, Elastic, Cassandra, Redis, Flink
• An infrastructure and DevOps toolchain that includes logging, monitoring, configuration management, service registry, CI/CD and Docker and Kubernetes
The Qualys Cloud Platform has indexed 8 trillion data points, moves 15 billion Kafka messages per day, processes 3 trillion security events per year, and conducts 6 billion IP scans annually, all with 99.9996% Six Sigma accuracy for the benefit of our 15,700+ customers in 130 countries
Can you please discuss the multi-vector EDR solution and its key benefits for businesses?
Qualys multi vector EDR (Endpoint Detection and Response) has the ability to detect malware live, based on the expansion of the Qualys agent, leveraging the same one single agent, which collects large amounts of telemetry (e.g. process, network, files, registry etc. all kind of parameters changing on the IT assets) and pushes it to the platform. From there, it gets enriched with other telemetry of data already collected, providing capabilities to perform highly scalable threat hunting, identifies what malware is in there and then has the ability to take comprehensive response actions.
The key differentiator here is the ability to bring in other vectors such as traffic analysis, mis-configurations, vulnerabilities, etc for a broader analysis and response, versus traditional EDR point solutions which focus only on endpoint activity to detect attacks, lacking the full context for analyzing attacks accurately. Qualys fills the gaps by bringing a new multi-vector approach and the unifying power of its highly scalable Cloud Platform to EDR, providing vital context and comprehensive visibility to the entire attack chain, from prevention to detection to response.