Cloud agent platform for continuous IT asset inventory, security and compliance
At RSA Conference 2015, Qualys announced the launch of Qualys Cloud Agent Platform (CAP), which extends Qualys’ Cloud Security and Compliance Platform with lightweight agents to continuously assess security and compliance of organizations’ global IT infrastructure and applications.
Conventional host-based scanning methods combined with network scanning have been the de facto way for organizations to identify vulnerabilities as well as update and verify patches to mitigate threats. However, the challenges of establishing scanning windows and authenticated scans, managing and updating heavyweight agents, and the rise of the cloud and mobile environments, have proven difficult and cost prohibitive for most companies.
The Qualys Cloud Agent Platform resolves this conundrum by combining the power of its Cloud Platform with lightweight agents that are extensible, centrally managed and self-updating, and provides organizations with a flexible solution to assess and address the security and compliance of their IT assets in real time, whether on-premise, cloud-based or mobile endpoints.
“Traditional vulnerability scanning methods present a number of challenges for IT security teams who either don’t have the proper credentials, or are scanning assets that aren’t always connected to the local network,” said Philippe Courtot, Chairman and CEO for Qualys. “Qualys Cloud Agent Platform is a game changer and a new paradigm of continuously assessing IT systems. This platform provides our customers with the flexibility and choice they need to conduct real-time vulnerability and compliance management for IT assets whether it’s on-premise, cloud-based or mobile endpoints.”
Core Cloud Agent Platform (CAP)
Leveraging Qualys’ Cloud Architecture, Qualys CAP provides an entirely new security assessment platform that can scale to handle millions of devices. It provides a lightweight agent (1mbytes) that can be installed on any host such as a laptop, desktop, server or virtual machine. Qualys Cloud Agents extract and consolidate vulnerability and compliance data and update it continuously within the Qualys Cloud Platform for further analysis and correlation, thus providing a continuous view of the security compliance posture of the global network.
The cloud agents are deployed via a compact agent installer that can be embedded in system images, deployed with Group Policy, or simply run from the command line. The agent consumes very little CPU resources, ranging from 5% at peak to less than 2% in normal operation. Once installed, the agent will take a full assessment of its host while running in the background, and send that assessment snapshot back to the Qualys Cloud Platform for evaluation. Thereafter, a configurable profile controls how often the agent sends host changes as small deltas back to the platform to incorporate with the snapshot. Initial, full snapshots are only about a few megabytes, and subsequent deltas are a few kilobytes. This reduces the network bandwidth consumption to far below that of traditional scanning as well as other agent-based solutions.
Additionally, using the Qualys asset tagging solution, assets with deployed agents can automatically or manually provide attribute updates to the Qualys Cloud Platform such as the asset group, business owner, technical owner and criticality of the device.
Asset Inventory Service
IT or security administrators can deploy the Cloud Agent on their IT assets on a global scale, including on-premise systems, cloud-based servers or mobile endpoints. The inventory service allows IT professionals to search millions of assets in a matter of seconds.
Cloud Agent Platform capabilities
Once these Cloud Agents are installed the following additional capabilities can be turned on instantly per IT asset:
Cloud Agent for Vulnerability Management (VM)
The Cloud Agent continuously monitors assets for the latest Operating System, Application and Certificate vulnerabilities as well as tracks the missing critical patches on each device in real time. This eliminates the need for establishing scanning windows or integrations with credential vaults for systems, as well as the need to actually know where a particular asset resides. Qualys users can combine network scans with Cloud Agents for devices such as firewalls, routers etc. where it is not practical to install agents. Customers can also leverage the Qualys Continuous Monitoring (CM) solution to take this real-time data and turn it into instant alerts.
In future releases, Qualys will provide Indication of Compromise (IOC) detection capabilities via the Cloud Agent.
Cloud Agent for Policy Compliance (PC)
Likewise, the Cloud Agent turns Qualys’ Policy Compliance offering into a real-time solution and extends it to endpoints, which until now could not be performed by traditional network scanning solutions. This now allows customers to continuously evaluate all relevant assets against standards and benchmarks such as PCI DSS, CIS, ISO and HIPAA and many others.
In future releases, Qualys will provide File Integrity Monitoring (FIM) and Policy Enforcement (PE) capabilities via the Cloud Agent.
Cloud Agent for Elastic Cloud Environments
Qualys Cloud Agent architecture simplifies asset discovery and tracking as well as security and compliance monitoring in highly dynamic cloud environment like Amazon EC2 and Microsoft Azure since it gives customers the ability to embed the agent into the master images of their cloud servers. As soon as a new instance is created from the master image, it automatically activates the agent, which instantly registers, and tracks the security and compliance of each and every instance eliminating the need to implement a separate discovery mechanism or to build automation around spawning new scanners to scan the new instances.
Cloud Agent CONNECT
All the data collected by the millions of Cloud Agents installed within an IT environment resides within the Qualys Cloud Platform, which makes it easy to transfer this data via published APIs to existing third-party tools including Security and Event Management (SIEM), big data analytics platforms such as Splunk, CMDBs and help desk systems.
In future releases, Qualys will provide automatic synchronization with such solutions.
Availability
Qualys Cloud Agent Platform is now available for a free trial on all Windows platforms and will go live on May 15, 2015. Cloud Agents for Unix and Apple OSX will be available in Q3 of 2015. Annual subscriptions for Enterprise users start at $29.95 per agent for packages of 256 agents, and for SMB users at $19.95 per agent for packages of 64 agents. All subscriptions include 24×7 support and product updates.