Qualys Unveils CertView to Manage SSL/TLS Certificates 

LAS VEGAS, July 24, 2017, Black Hat USA, Booth #899 – Qualys, Inc. (NASDAQ: QLYS) today announced CertView, a new app framework in the Qualys Cloud Platform that enables customers to discover, assess and manage SSL/TLS certificates on a global scale, and announced CloudView, a new App framework in the Qualys Cloud Platform for comprehensive and continuous protection of cloud infrastructure, delivering InfoSec and DevSecOps teams a “single pane of glass” view of security and compliance across cloud infrastructures.

CertView will help prevent downtime and outages, audit and compliance failures, and mitigate risks associated with any expired and/or vulnerable SSL/TLS certificates on their business-critical systems. The first two apps in CertView include Certificate Inventory (CRI) and Certificate Assessment (CRA).

Qualys will showcase CertView and its two new Apps during Black Hat USA 2017 at booth #899.

Machines rely on X.509 certificates to communicate securely with each other both internally and externally, and this communication creates new attack surfaces — particularly amidst the rise of DevOps and public clouds. In order to stay ahead of this risk, organizations must automate visibility and tracking of their certificate deployments for DevSecOps. Qualys CertView allows them to do so by centralizing visibility of certificate vulnerabilities into their overall continuous view of security and compliance state, and by enabling customers to rapidly see and remediate expired or vulnerable certificates.

"While several offerings exist to discover X.509 certificates, most organizations rely on spreadsheet-based tracking methods and manual processes to keep track of certificates, resulting in many undocumented installations and increased exposure to risks," said David Anthony Mahdi, Research Director, Gartner. "When using discovery tools, security leaders are often surprised by the amount of unknown certificates, from multiple certificate authorities (CAs) that exist in their environment."1

"Thriving in today's business environment requires constant and secure global communication and collaboration between machines-to-machines and people," said Philippe Courtot, chairman and CEO, Qualys, Inc. "Qualys CertView delivers customers added visibility of this critical infrastructure layer as it grows, and allows them to more confidently achieve digital transformation securely - all from a 'single pane of glass' view, further consolidating their security and compliance stack in one unified platform and reducing costs."

CertView initially consists of two new apps as follows:

The Certificate Inventory (CRI) app offers:

• Discovery: Enabling infosec and other teams to continuously scan global IT assets from the same console to discover every certificate issued from any CA.

• Inventory: Enabling reduced administrative costs by bringing the entire certificate estate under central control with comprehensive visibility of all certificates in use across DevSecOps, InfoSec and IT teams.

The Certificate Assessment (CRA) app offers:

• Continuous Monitoring: Automation built into the Qualys Cloud Platform identifies critical issues, weaknesses and vulnerabilities and sends targeted alerts to DevSecOps, InfoSec IT and IT teams.

• Reports and Dashboards: Dynamic dashboards provide teams with a holistic and contextual view of their certificate estate, and power automatically created downloadable reports of certificate-related vulnerabilities, certificate expirations and non-compliant certificates across global IT assets.

Availability

Qualys CertView will be available in beta starting September 2017, with general availability in Q4. The initial release will include these two apps: CRI and CRA. Qualys is working to add full certificate lifecycle management into the single-pane view of the Qualys Cloud Platform. Future versions of CertView will add new apps to include back-end integration with major CAs and application servers, as well as workflows for policy enforcement.

Qualys Unveils CloudView to Deliver Unparalleled Visibility and Continuous Security of Public Cloud Infrastructure

New app framework in Qualys Cloud Platform allows organizations to continuously monitor and secure public cloud infrastructure against misconfigurations, malicious behavior and non-standard deployments

CloudView delivers to customers topological visibility and insight about the security and compliance posture of their complete public cloud infrastructure for major providers including Amazon Web Services (AWS), Microsoft Azure and Google Cloud. The first two apps in CloudView include Cloud Inventory (CI) and Cloud Security Assessment (CSA).

Qualys will showcase CloudView and its two new Apps during Black Hat USA 2017 at booth #899.

According to Cisco’s Global Cloud Index forecast1, cloud workloads will account for 92 percent of all data center traffic by 2020. To prepare for this shift, InfoSec teams must adapt their practices to the scale and elasticity of cloud workloads, and define their share of joint security responsibility with public cloud providers. Qualys CloudView addresses this need by extending Qualys’ unparalleled visibility of security and compliance from cloud hosts to the entire cloud infrastructure.

CloudView augments the existing Qualys view of host-related vulnerability, compliance and threat intelligence with a real-time inventory of all cloud services. This combination helps security teams monitor, assess and deliver reports from within the DevOps pipeline to ensure that cloud workloads throughout the Continuous Integration/Continuous Development (CI/CD) toolchain are configured in-line with Identity and Access Management, Network and Administrator access policies and regulations, thus drastically reducing exposure to attacks.

“Accelerated cloud adoption requires new adaptive security solutions that support fast-moving digital transformation efforts,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Our new CloudView and its apps add unparalleled visibility and continuous security of all cloud workloads to provide customers complete cloud security in a single, integrated platform and drastically reducing their spend.”

The initial release of Qualys CloudView includes two apps as such:

Cloud Inventory (CI) App offers:

• Comprehensive Inventory: Qualys CloudView integrates with the native APIs available from public cloud providers to continuously discover resources and automate security monitoring against industry standards and architectural best practices.

• Topological Visibility: It provides topological views of the infrastructure and relationships across other cloud resources. Users can drill down into the deployment architecture across different dimensions like location, network layouts and security group view to quickly get to the root cause of issues.

Cloud Security Assessment (CSA) App offers:

• Continuous Security Monitoring: Qualys CloudView automates security monitoring against industry standards to identify threats caused by misconfigurations, unwarranted access and non-standard deployments, and provides remediation steps to manage risks. CloudView also automates evaluation of regulatory mandates like PCI-DSS,HIPAA, NIST and ISO 27001. Users can check for compliance against the mandates and generate reports to submit to their auditors.

• Insight and Threat Prioritization: Complete cloud resource inventory information in CloudView powers simple yet powerful search queries across an asset’s configuration and complex associations to quickly identify the root cause of an incident. To track and understand trends in fast-changing elastic clouds, CloudView provides both a real time and a historical view of the inventory. Security posture visibility includes cloud host vulnerability, compliance and threat intelligence data from the existing Qualys platform, enabling users with context to effectively prioritize and remediate threats.

• Automated Security Throughout the DevOps Pipeline: Qualys CloudView supports REST APIs for seamless integration with the CI/CD tool chain, providing DevSecOps teams with an up-to-date assessment of potential risks and exposure. The solution can be integrated with Governance, Risk and Compliance, Security Information and Event Management, and ticketing service providers to help InfoSec teams automate processing of threats and remediation.

Availability:

Qualys CloudView will be available in beta for AWS starting Q4 2017, with future versions supporting other major cloud providers like Azure and Google Cloud. The first two apps include Cloud Inventory (CI) and Cloud Security Assessment (CSA).

Source: Qualys