Content, Cloud Security, Security Program Controls/Technologies, Vertical markets

Qualys Launches Security Configuration Assessment Tool


Qualys, which specializes in cloud-based security and compliance solutions, has introduced a vulnerability management (VM) add-on for the Qualys Cloud Platform.

The add-on, Security Configuration Assessment (SCA), helps organizations assess, report and remediate security-related configuration issues by leveraging Center for Internet Security (CIS) security benchmarks, Qualys said in a prepared statement.

SCA, unveiled at this week's Gartner Security and Risk Management Summit, offers the following features:

  • CIS assessment via a web-based user interface.
  • Controls that are optimized for accuracy, performance and scalability.
  • Dashboard and reporting capabilities.
  • Remote scanning and auto discovery of instances.
  • Support for the latest CIS benchmark releases of operating systems, databases, applications and network devices.

SCA will be generally available starting July 2017 as an add-on to VM, and annual subscriptions are priced on a cost-per-IP basis.

What Does SCA Mean for MSSPs, Organizations?

With SCA, organizations can automate the configuration of large and small IT environments, Qualys noted in a prepared statement.

SCA provides benchmark-based guidance and simplified workflows for scanning and reporting, Qualys pointed out.

Also, SCA enables organizations "to better safeguard global endpoints, on-premise and cloud assets against today's evolving cyber threats," Qualys stated.

"Qualys SCA helps customers automate the security best practices behind leading benchmarks, and integrate them with DevSecOps for a more proactive approach towards securing today's digital business," Qualys CEO Philippe Courtot said in a company statement.

We're checking to see if SCA has a multi-tenant capability for MSSPs that want t manage multiple customer installs.

Qualys Expands Cloud Platform

In addition to the unveiling of SCA, Qualys this week launched a solution that extends single-pane visibility and continuous security to Docker containers.

The new solution, Qualys Container Security, enables organizations to build security into Docker container deployments and DevOps processes at any scale, Qualys said in a prepared statement.

Qualys Container Security provides inventory and real-time tracking of changes to Docker containers deployed across on-premises and elastic cloud environments, along with vulnerability detection and policy compliance checks to image registries, containers and hosts, Qualys indicated.

Moreover, the solution can be integrated into an organization's DevOps toolchain to help users identify and remediate risks early in development cycles, according to Qualys.

Qualys Helps Federal Agencies Address Cybersecurity Requirements

Meanwhile, Qualys has also made a vertical market push. The company recently said its FedRAMP-certified Qualys Cloud Platform now supports the requirements defined by the 2017 White House Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

Furthermore, Qualys Policy Compliance (PC) can help federal agencies streamline technical control assessment and reporting, Qualys stated.

This solution has been updated with Defense Information Systems Agency Security Technical Implementation Guides content and mapping of controls to the National Institute of Standards and Technology Cybersecurity Framework, according to Qualys.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.