Qualys, Inc. (NASDAQ: QLYS), a pioneering provider and leader of cloud-based compliance and security solutions, has announced the availability of TotalCloud 2.0, a significant upgrade to the Cloud Native Application Protection Platform (CNAPP) powered by AI, offering a unified and prioritized view of cloud risks and extending its protection to SaaS applications.
The transition to SaaS and multi-cloud environments offers companies the opportunity to be more agile and innovative, but also presents complex security challenges. This has led to the adoption of numerous security tools with different, and sometimes contradictory, perspectives on the organization’s risk level. Managing these diverse risks across fragmented environments poses a challenge for companies, hindering effective prioritization, reporting, and remediation of risks.
TotalCloud 2.0 with TruRisk Insights provides a unique and prioritized view of cloud risks by correlating unique indicators from various Qualys sources such as Cloud Workload Protection (CWP), Cloud Security Posture Management (CSPM), and Cloud Detection and Response (CDR), and combining them with SaaS and infrastructure data to enable organizations to quickly address the most critical threats.
The improvements incorporated in Qualys TotalCloud 2.0 streamline operations by providing:
– A unified and prioritized view of cloud risks: TruRisk Insights streamlines the identification of high-risk assets. By analyzing anonymous customer data*, Qualys located over 120,000 internet-accessible cloud workloads, and less than 10% had confirmed vulnerabilities. Qualys TruRisk Insights correlated risk indicators and identified less than 0.3% of workloads with a confluence of suspicious activities, malware, and misconfigurations. This simplified approach allowed organizations to prioritize critical issues by eliminating 99% of workloads that did not require immediate attention. Additionally, TotalCloud 2.0 integrates data from External Attack Surface Management (EASM) solutions, providing visibility into how external threats can perceive and target cloud assets.
– Comprehensive protection for SaaS applications: Current threats extend beyond the public cloud to the critical SaaS applications of organizations. Without adequate protection, these applications can serve as entry points for lateral movements into the cloud environment. The recent SEC regulation requires public companies to disclose cyber incidents and comply with certain cybersecurity requirements for data stored in SaaS systems. TotalCloud is the first CNAPP solution to incorporate SaaS Security Posture Management (SSPM), ensuring that configurations and permissions in applications such as Microsoft 365, Zoom, Slack, Google Workspace, etc. seamlessly integrate into the organization’s overall security posture for better decision-making.
– Supply chain risk mitigation: TotalCloud easily scans all open-source software before and after deployment in various computing workloads, including containers, using both agent and agentless techniques. This comprehensive approach significantly reduces supply chain risk by identifying vulnerabilities in multi-cloud environments.
– Reduction of operational risks: Streamlines operations and eliminates silos between IT and security teams through ITSM. It also enables automatic ticket assignment and orchestration of remediation through ITSM tools such as ServiceNow or JIRA to significantly reduce risk and accelerate remediation time.
“The security management of multiple SaaS and cloud applications can result in scattered risk scores that organizations find difficult to prioritize, let alone remediate,” highlighted Sumedh Thakar, President and CEO of Qualys. “TotalCloud 2.0 silences the noise from different security tools, providing a clear and prioritized view of risk across multiple clouds, SaaS applications, and assets. This ensures rapid resolution of critical issues, drastically reducing the organization’s risk.”
*(Source: Qualys customer data, 2021)
In conclusion, the release of TotalCloud 2.0 represents a significant advancement in cloud security, addressing the growing complexities and challenges presented by SaaS and multi-cloud environments. With its unified view of cloud risks and comprehensive protection for SaaS applications, Qualys continues to demonstrate its commitment to providing innovative and effective security solutions for organizations navigating the evolving landscape of digital transformation.