Increased use of the cloud and hybrid systems is bringing new challenges for businesses needing to ensure their systems are secure and compliant.
A new Cloud Agent Platform (CAP) from cloud security specialist Qualys provides organizations with a flexible solution to assess the security and compliance of their IT assets in real time, whether they're on-site, cloud-based or mobile endpoints.
Qualys CAP provides a lightweight agent that can be installed on any host such as a laptop, desktop, server or virtual machine. Qualys Cloud Agents then extract and consolidate vulnerability and compliance data and update it continuously within the Qualys Cloud Platform for further analysis and correlation. This allows it to offer a continuous view of the security compliance status of a network.
The agent installer can be embedded in system images, deployed via group policy or run from the command line. It can also be embedded into images on cloud servers allowing it to work with environments like Azure. The agent is light on CPU resources, using around five percent at peak and less than two percent in normal operation. Once installed it takes a full assessment of its host while running in the background, and sends that assessment snapshot back to the Qualys Cloud Platform for evaluation. From then on a configurable profile controls how often the agent sends host changes back to the platform to incorporate with the snapshot. Initial, full snapshots are only a few megabytes, and subsequent updates just a few kilobytes. This reduces the network bandwidth consumption to far below that of traditional scanning as well as other agent-based solutions.
CAP also makes for easy inventory management as admins can interrogate all of their systems from a central location. Assets can be monitored for the latest operating system, application and certificate vulnerabilities as well as tracking missing critical patches on each device. The system can also check for compliance with standards like HIPAA.
"Traditional vulnerability scanning methods present a number of challenges for IT security teams who either don’t have the proper credentials, or are scanning assets that aren't always connected to the local network," says Philippe Courtot, Chairman and CEO of Qualys. "Qualys Cloud Agent Platform is a game changer and a new paradigm of continuously assessing IT systems. This platform provides our customers with the flexibility and choice they need to conduct real-time vulnerability and compliance management for IT assets whether it's on-premise, cloud-based or mobile endpoints".
Qualys Cloud Agent Platform is currently available on a trial basis for Windows systems and will go live on May 15. Unix and OSX versions will be available later in the year. For more information and to sign up for a trial visit the Qualys website.
Photo Credit: wavebreakmedia/Shutterstock