Knowing what’s on your hybrid-IT environment is fundamental to security
In this Help Net Security podcast recorded at Black Hat USA 2019, Shiva Mandalam, VP of Products, Visibility and Control at Qualys, talks about the importance of visibility.
Whether on-prem (devices and applications), mobile, endpoints, clouds, containers, OT and IoT – Qualys sensors continuously discover your IT assets providing 100% real-time visibility of your global hybrid-IT environment.
Here’s a transcript of the podcast for your convenience.
Good afternoon everybody. My name is Shiva Mandalam and I’m a VP of Products for Visibility and Control solutions here at Qualys. I wanted to talk to you about what has changed in the visibility and control of the need for controlled solutions — how they need to really change — and talk to you about some of the trends which are happening, and also what Qualys is actually doing in this area.
With the fragmentation of IT and also the fact that an average enterprise uses at least 5+ security tools — in some cases it’s actually 10, in some cases 20 — we see that has actually led to poor visibility, or the visibility which kind of once existed in the enterprise is no longer there.
We are also seeing the raise of IoT devices and how the number of devices coming into the enterprise is accelerating. So, I’ve talked to multiple CISOs across the enterprises and virtually everybody’s asking the same question: “How do I get to a 100% visibility, real-time visibility of my environment across all of these different heterogeneous infrastructure and architecture?”
And there is another problem actually, with regards to visibility is that an average enterprise uses 5, 6, 7, 8 tools from security, and all of these are really collecting information about the assets. Unfortunately none of this is standard. So, when a threat detector or somebody in the security team is actually taking a look at all this data and trying to stitch them all together to coordinate all them together, it is very manual, laborious and time consuming today. Something has to be done actually about visibility, and that is the problem which we are trying to tackle from a Qualys perspective.
The IT Asset Inventory solution, which we have introduced recently from Qualys, really addresses a lot of these challenges from a customer perspective. The IT Asset Inventory solution can work with both the managed devices as well as the unmanaged devices. It can also really look at actually the devices as well as the software, as well as the applications, etc. Everything in one place cross your on-premise, endpoints, mobile, cloud, containers, and IT and IoT, OT environment as well.
So, it is kind of a comprehensive visibility solution. We feel like the rest of the industry is not really going to be able to deliver on the solution like we did, because you need a different and unique architecture. From a Qualys perspective, to deliver on the solution we built it on the cloud-based architecture which is our platform, and we also support different models through which we can consume data.
We offer a collection of agentless and agent-based, as well as API-based, solutions to really collect the data from wherever — your managed devices or unmanaged devices — and then really bring in all this telemetry to the Qualys’ cloud platform.
The cloud platform is actually where things are normalized and categorized. This is another big differentiation in terms of how we think about Qualys’ solution. The rest of the industry is thinking about asset as a unidimensional view of “here’s the asset, here’s my hostname, here’s my MAC address, here’s my IP address.” The challenge is that, if you think about an organization and the asset aspect of it, you not only have those raw data attributes, you also have essentially a manufacturer which is actually bringing in a Windows operating system, for example, as different versions of, actually, the Windows. Let’s say a particular product — a server product — has different versions of Windows 2008, Windows 2012, Windows 2015 for example, and each of these have different releases like an R1, R2, R3, and each one of these have different patches as well.
The aspect of really thinking about asset as in “here’s my IP address or a MAC address” is no longer valid. You really need to be able to understand the asset from a multi-dimensional view and then normalize and organize and categorize all this information, depending on where you belong.
Why is it important? If you think about what Amazon did to shopping was that they created actually a store, and they created a catalog which really made it very, very easy for people to kind of go and search for products. The other people who did this at the time could not do this. So, with the Qualys’ IT Asset Inventory solution, because it’s normalized and categorized, you can very quickly search for this solution, anything you want in a matter of seconds.
The other aspect of the platform, which really supports this capability, is the ability to really take all the data from the sensors which we talked about, and then bringing all that and index all that data through our Elastic search clusters so that that information is available to you at your fingertips. Beyond the aspect of really being able to recognize the different type of devices, the other thing you need to solve from a security perspective is to really provide remediation capabilities.
Understanding the aspect of an asset and also understanding the different vulnerabilities of an asset, understanding the different compliance or non-compliance of an asset, you want to be able to take an action associated with really being able to segment an asset or quarantine an asset, because some examples of why you would want to do this is that they have exhibited a malicious behavior, or that they have actually downloaded a piece of software which they should not be doing, that they have some sort of threat indication or compromise for the devices which can put an organization at risk.
How do you really bring in this information of context and really start to drive towards remediation capabilities? Our visibility and control solutions allow you to do both, not only understanding the assets but also really you have a way to remediate the challenges.
We recently announced that this Global IT Asset Inventory solution is something which is the cornerstone for doing proper security. From an offer perspective, we’ve announced a free IT Asset Inventory solution and that solution is something which can work in any environment and is available for free for an unlimited number of devices.
There’s nothing actually in the marketplace which allows you to address the problem head-on like me have done. Take advantage of that, we definitely invite you to go to qualys.com/inventory to get yourselves familiar with the Asset Inventory solution and also try and actually download, start a trial, get the free app, because it pretty much costs you nothing. All the data for you is indexed as well less actually categorized and everything’s available for you at your fingertips.