Qualys expands Its Cloud Platform

New solution enables customers to address security for containers in their DevOps pipeline and deployments across cloud and on-premises environments.

  • 7 years ago Posted in
Qualys has introduced a solution that extends its single-pane visibility and continuous security to the new and growing virtualization environment of Docker containers, and enables customers to proactively build security into their container deployments and their DevOps processes at any scale.
“OS containers are not inherently unsecure, but are being deployed unsecurely, driven by developers and a need for agility in service development and deployment,” according to Neil MacDonald, VP and Distinguished Analyst, Gartner. “Security and risk management leaders must address container security issues around vulnerabilities, visibility, compromise and compliance.”[1]
Further extending visibility beyond assets in traditional virtualization environments, Qualys Container Security performs inventory and real-time tracking of changes to containers deployed across on-premises and elastic cloud environments.  It also extends vulnerability detection and policy compliance checks to the image registries, containers and hosts. By integrating this solution into their DevOps toolchain, users can identify and remediate risks early in the development cycles to reduce the risk created by open development methods and their inherent sprawl.  Qualys’ high-accuracy vulnerability scanning also reduces the pain of clearing false-positives and allows security teams to focus on identifying and remediating actual risks.
“Containers are core to the IT fabric powering digital transformation,” said Philippe Courtot, chairman and CEO, Qualys, Inc.  “Our new solution for containers enables customers on that journey to incorporate 2-second visibility and continuous security as a critical part of their agile development.”
 
The initial release of Qualys Container Security features:
  • Discovery, Inventory, and Near-Real Time Tracking of Container Events: 
Container Security identifies detailed inventory and provides advanced metadata search so users can identify assets based on multiple attributes. Additionally, they can use topology views to visualize container environment assets and their relationships, in order to understand and isolate members impacted by an exposure even when deployed at scale.
  • Vulnerability Analysis for Image Registries and Containers:
Qualys provides high accuracy vulnerability scanning of images, registries and containers in addition to the underlying host operating system. This allows security analysts to rapidly analyze the cause and focus on remediation, rather than spending time clearing false positives, which can be common with ordinary off-the-shelf container vulnerability scanners.
  • Integration with CI/CD Toolchain using APIs (DevOps flow):
Users can integrate vulnerability scanning into their Continuous Integration (CI) and Continuous Development (CD) tool chain using the Qualys API, which offers the complete Qualys Container Security feature set. Qualys’ REST APIs can be integrated into various toolchains, enabling DevOps/DevSecOps teams to analyze container images for known vulnerabilities before they are widely distributed.
  • New Qualys ‘Container Sensor’:
Qualys’ has developed native container support, distributed as a Docker image. Users can download and deploy these sensors directly on their container hosts, add them to the private registries for distribution, or integrate them with orchestration tools for automatic deployment across elastic cloud environments.
SLE Micro is rapidly becoming a critical foundation of customers’ digital transformation, in...
Veritas InfoScale native deployment in Kubernetes environments, including Red Hat OpenShift, will...
Canonical has released Ubuntu 21.10 - the most productive environment for cloud-native developers...
Data from 1,200 respondents and insights from seven industry experts reveal rapid growth, some...
Civo, a pure play “cloud native” service provider, has published the result of its research on...
Now, organizations can quickly set data in motion on their private infrastructure with the...
Kubernetes, supported by a vibrant open source community, can drive outstanding innovation. To help...
New Mendix survey shows that British businesses are investing in low-code to respond to the new...