New asset inventory app helps security teams identify and respond to gaps in their security and compliance program
Foster City, CA, May 18, 2021 — Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced CyberSecurity Asset Management (CSAM), built on the Qualys Cloud Platform, to inventory the complete IT ecosystem, detect security gaps and respond to the risk, all from a unified platform.
Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforce. This digital shift calls for a new approach to asset visibility since traditional asset administration responsibilities like inventory, software support and license oversight are the purview of IT and addressed with IT inventory-focused tools. Security teams need to monitor IT asset health from a cybersecurity perspective by detecting security tool blind spots and responding to exposures quickly.
“As an organization focused on Security Operations, we believe that ‘you can’t protect what you don’t understand,’ with understand being the key word. Hence, asset management in the security operations context isn’t just ‘seeing’ an asset; it is having the right ‘risk’ context of each and every software, hardware and IoT asset at our fingertips,” said Jatinder Pal Singh, director of security operations at Informatica. “Our SOC asset management leverages the Qualys CyberSecurity Asset Management app to not only provide the visibility we need, but it goes a step further and assesses every asset’s security risk, enabling our SOC to not only get relevant alerts but enable the IR analyst to take appropriate and timely actions.”
CyberSecurity Asset Management is an all-in-one solution that leverages the power of the Qualys Cloud Platform with its multiple native sensors and CMDB synchronization to continuously inventory known and unknown assets, discover installed applications, and overlay business and risk context to establish asset criticality. It identifies unauthorized or end-of-life and end-of-service software, the absence of required security tools, and assesses the health of the attack surface. Further, CSAM enables response options with threat alerts and software removal and delivers regulatory reporting in support of FedRAMP, PCI-DSS and other mandates.
“CSAM is more than a list of IT assets, as it leverages vital context from the Qualys Cloud Platform to identify, consolidate and prioritize critical assets. The platform, in turn, provides the orchestration needed for the security team to take swift action to mitigate risk while eliminating the need to pass reports back and forth between IT and security. By providing a platform-based approach to the challenge of asset security response, Qualys is helping to distinguish itself in this market,” noted Tanner Johnson, principal analyst at Omdia.
Qualys CSAM is purpose-built for security teams. It is supported by the same Qualys sensors and multi-function cloud agent used for vulnerability management, patching, compliance, file integrity monitoring and endpoint detection and response. CSAM enables orgs to:
Build a Comprehensive Up-to-Date Asset Inventory (Free Global AssetView app) – Leverage multiple native Qualys sensors to collect and correlate asset data using agentless technology, cloud agents and APIs to see an accurate inventory of managed and unmanaged assets. Auto-classify assets by category across IT, cloud and IoT environments for a single structured view of your IT infrastructure.
Sync with CMDB and Assign Risk Profile – Use the ServiceNow CMDB sync app or Qualys Asset APIs for two-way synchronization of attributes and business context. Auto-tag assets and assign risk criticality based on asset and ownership information. CSAM helps maintain your CMDB as a single source of truth for your IT and security teams.
Detect and Monitor Security Gaps – Detect unauthorized assets connecting to the network. Monitor assets for installed, unauthorized software, identify assets that lack required security tools and track externally exposed assets allowing security teams to eliminate inventory blind spots and mitigate risk.
Alert, Report and Respond – Alert security teams as soon as asset health is impacted to avoid potential compliance issues. Create asset health status reports for auditors with out-of-box templates for mandates like PCI, FedRAMP, etc. Quickly take manual or automatic response actions by uninstalling unauthorized software using the cloud agent to eliminate potential issues.
“We’ve built upon our popular free Global AssetView app, which provides customers with insights on millions of devices, to reimagine asset management for security teams, so they have a clear picture of the security context of assets,” said Sumedh Thakar, president and CEO of Qualys. “CSAM uses telemetry from multiple sensors including the Qualys Cloud Agent to bring security teams the automation they need to identify and manage the gaps in their IT asset inventory.”
AssetView Live, June 2
Qualys Cybersecurity Asset Management will be available in June. If you would like to sign up for the free trial waiting list, qualys.com/CSAM-trial
- View the CyberSecurity Asset Management video
- Read our CEO’s blog on CyberSecurity Asset Management
- Read the detailed blog on CyberSecurity Asset Management
- Details on the Qualys Cloud Platform
- Follow Qualys on LinkedIn and Twitter
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security and compliance solutions with over 19,000 active customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings.
The Qualys Cloud Platform and its integrated Cloud apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance, and protection for IT systems and web applications across on premises, endpoints, cloud, containers, and mobile environments. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading cloud providers like Amazon Web Services, Microsoft Azure and the Google Cloud Platform, and managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.
Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.