Qualys integrates with Security Command Center for Google Cloud Platform for continuous security and compliance



Qualys, vendor of cloud-based security and compliance solutions, announced this week its integration with the Cloud Security Command Center (Cloud SCC) for Google Cloud Platform (GCP), a security and data risk platform helping enterprises to gather data, identify threats, and act on them before they result in business damage or loss.

Cloud SCC provides security teams a single pane for security features, policies, and insights across Google Cloud platform. Qualys’ integration expands on existing data within Cloud SCC by adding vulnerability management and threat data for compute engine instances within a GCP project.

The Qualys Cloud Platform offers customers a streamlined solution for avoiding the cost and complexities of managing multiple security vendors. By automatically gathering and analyzing security and compliance data from IT assets anywhere in one single-pane view, the Qualys Cloud Platform gives customers the scalability, visibility, accuracy and breadth of capabilities to fight cyber attacks and build security into their digital transformation initiatives.

Customers can gain access to Qualys-generated vulnerability and threat posture data within Cloud SCC by deploying Qualys’ lightweight Cloud Agents on workload images. This step will either bake the agent within the image or automatically deploy the agent in the compute engine instance.

This new capability builds on Qualys’ prior GCP integration to give customers visibility of Qualys data within Cloud SCC and allow DevOps and security teams to protect their workloads by gaining full visibility of vulnerability and threat posture at-a-glance.

Users can further drill down to find details and actionable intelligence for every identified vulnerability, and can navigate with a single click back to their Qualys subscription for additional reports and threat intelligence.

The new Cloud SCC can discover assets across Google App Engine, Google Compute Engine, Google Cloud Storage, and Cloud Datastore and view them in one place, and review historical discovery scans to identify new, modified, or deleted assets. It also discovers which storage buckets contain sensitive and regulated data using the Cloud Data Loss Prevention (DLP) API. Help prevent unintended exposure and ensure access is based on need-to-know. The DLP API integrates automatically with Cloud SCC.

The offering will also uncover common vulnerabilities such as cross-site-scripting (XSS), Flash injection, mixed content (HTTP in HTTPS), and outdated/insecure libraries that put Google App Engine applications at risk with Cloud Security Scanner. Cloud Security Scanner integrates automatically with Cloud SCC. It also helps ensure the appropriate access control policies are in place across cloud resources and get alerted when policies are misconfigured or unexpectedly change.

Cloud SCC can also identify threats like botnets, cryptocurrency mining, anomalous reboots and suspicious network traffic with built-in machine learning technology developed by Google; integrate output from existing security tools into Cloud Security Command Center to detect DDoS attacks, compromised endpoints, compliance policy violations and network attacks; receive Cloud SCC alerts via Google mail, SMS and Jira with Pub/Sub notification integration; and leverage the Cloud SCC REST API for integration with existing security systems and workflows.

“As businesses leverage new technologies to accelerate their digital transformation efforts and move into the cloud, their focus needs to shift towards building security into applications, as well as interconnected devices, right from the start. And this is what Google is doing with their Cloud Platform, helping businesses build security into the fabric of their workloads,” said Philippe Courtot, chairman and CEO, Qualys.

“Now more than ever, the cloud is where an increasing number of enterprises are turning to protect their data and stay secure,” said Andy Chang, Senior Product Manager, Google Cloud. “With Cloud Security Command Center, we are helping security teams gather data, identify threats, and quickly act on application and data risks. By working with industry leaders like Qualys, we are giving our customers the capabilities they need to keep up with today’s ever evolving security challenges especially as they move workloads to the cloud.”

Leave a Reply

WWPI – Covering the best in IT since 1980