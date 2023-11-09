Qualys CEO Sumedh Thakar: Mission to provide a holistic, integrated and streamlined approach to IT , [+] risk management. qualis

Software variety is abundant. Because enterprise organizations have an inherent size and scope, they typically run at scale, deploying various cloud and data services as well as multiple database and application layers. In basic terms, this is a good thing i.e. having a diverse IT stack means companies can support multiple internal organizational nuances, address different regional compliance requirements… and expertise across different departmental use cases. Champions can support technology diversity by enabling

But with great technology diversity also comes great management responsibility. In the modern age of digital business, mission-critical applications are running in the public cloud, on-premises deployments inside company headquarters and now in edge computing estates inside the smart machines populating the Internet of Things (IoT), to name a few. Suddenly, there is a new business risk factor to manage.

Twisted IT Equipment Topography

Software application development engineering teams working with cybersecurity experts know this truth well. Favorite industry terms like spaghetti code (inefficient and potentially fragile application structures) and twisted tool topographies (a plethora of security, system observability, and security management solutions, all attempting to work closely together, but usually to some extent create noise) spread realistically. World Organization’s IT Systems.

Security modernization and operations company Anomaly tells us that, “Enterprises frequently deploy new security tools and services to address changing needs and increasing threats. According to recent findings, mature security organizations have deployed, on average, between 15 and 20 security tools for small businesses; Medium-sized companies: 50 to 60 security devices; And enterprise: more than 130 device protection tools.”

The suggestion here is that – in real practical terms inside real companies running real-world deployments with real-time data workflows – it is becoming harder not only to manage IT systems, but also to identify all the risks and mitigate the most But being able to prioritize mitigation processes is becoming difficult. Serious risk. Even more difficult, the management and classification of ‘risk’ itself needs to be defined so that we can distinguish between those misconfigurations, threats or vulnerabilities that materially represent the greatest business threat.

Dynamically Organized IT Units

Cloud-based risk management and IT security solutions company Qualys is working to broaden the scope, function and applicability of its platform to respond to these software infrastructure challenges. CEO Sumedh Thakar has called for enterprise software and data foundations to be treated as ‘dynamically orchestrated entities’ that require fine-grained engineering controls. At first figuring out which risks to pursue seems like a complicated task.

In a company-sponsored whitepaper detailing the progress of the Qualys platform for IT, security, and compliance, IDC analysts Megan Szurely and Philip D. Harris suggest that, “There is a need for a method by which prioritization occurs about an asset.” Considers the information in a configuration management database (CMDB), how it is stored or classified, misconfigurations, threat scenarios, the organization’s overall attack surface, various threat indicators and whether any are active, among other factors. combined with [weaponized] Malware related to vulnerabilities.”

risk management above all else

Then again, with those capitalized functions and practices mentioned above, it’s not ‘just’ cyber security, which is why Qualys is known as an expert in all other risk management. These are practices that cover system health and well-being in a broad sense. In particular, when it comes to cloud computing, enterprises now need to be able to discover, evaluate, prioritize, defend against, and remediate vulnerabilities, threats, and misconfigurations in mostly hybrid multi-cloud environments. Will happen. So the message here is that it is about de-risking that entire scenario.

Furthermore, we can see that Qualys aims to break down organizational silos and become a unique repository tool for security and operations teams to review and view data. This means that, if a business runs organizational silos across different groups, at least in theory, we can sidestep the debate around risk management. This is because with Qualys, information and modules are consolidated onto one platform for greater consistency and control regarding all aspects of risk management.

CEO Thacker spoke to the press and analysts this month and detailed what he claims is a ‘seismic change’ in the way his company’s technology is now developing. Elaborating on the new Qualys Enterprise TrueRisk platform, Thacker says their engineers have now created a technology that is capable of aggregating cyber risk signals from a collection of diverse sources (tools from other security vendors and more) , then it coordinates them into a quantitative risk assessment and exposure. Scoring framework. Its purpose is to provide users with a centralized means of measuring, communicating, and eliminating their IT risk with accurate remediation and mitigation.

Thacker said, “Despite market pressure to release more cyber risk ‘measurement’ solutions, security leaders and stakeholders still have a long way to go to collect, correlate cyber signals from the growing cybersecurity stack, and develop meaningful cyber risk mitigation and remediation.” There is no reliable means of translating strategies into action.” , in a technical statement. “Today, CISOs and security leaders must measure and communicate cyber risk in the form of key performance indicators (KPIs) that provide the business impact of vulnerabilities, threats and their risk posture in real-time. However, this is easier said than done. With an average of more than 60 security tools, security leaders are forced to sift through a maze of risk data from a collection of disparate solutions managed by different teams and calculate cyber risk across their expanding infrastructure. To clarify and remediate, it is divided between IT and security. ,

The story revolves around the proposition that the enterprise TrueRisk platform provides a centralized way for organizations to measure and eliminate their cyber risk. But going even further, it gives software engineering staff and the businesses they work with their own real-world experience with a given set of applications, data services, open source components, application programming interfaces (APIs), and other connection points. Also informs about ‘risk situation’. The IT department makes deployment decisions in response to requests from business stakeholders.

“The launch of the enterprise TrueRisk platform marks Qualys’ commitment to helping CISOs, cybersecurity practitioners and risk stakeholders measure the impact of their cyber risk on their businesses, with concise remediation and mitigation to eliminate that risk. Contains actionable routes for. Through this advancement, customers will now be able to gain even more benefit from the extensive Qualys Threat Library and the more than 25 threat intelligence feeds they already receive, providing customers with tangible business context to the cyber risk situation in their organizations. This will empower them to more effectively reduce pollution. Thacker, in a company blog.

single pane of glass

Qualys CEO Thacker called for a higher level of orchestration between solutions (and he says his team has created it) – and this is now a major trend for enterprise technology platform companies. Every vendor wants to integrate with partners – even competitors – and then provide a so-called ‘single pane of glass’ to enable high-level orchestration, management and decision making.

Thacker explained how the Qualys Enterprise TrueRisk platform today ‘aggregates cyber risk signals’ from ‘a wide range of different sources’. It then describes these signals as a ‘single integrated view’ for measurable risk insights using the unified TruRisk risk scoring framework.

To put it in basic terms, Qualys is saying that its platform is now able to capture, integrate, and incorporate risk management data from other third-party security and IT analytics management platforms and tools. Along with the inevitable software tool diversity that we noted in our first line here, it’s all about that single pane of Glass mission that the company wants to deliver.

external data upgrade

The third-party tools that Qualys is ready to welcome include (at the time of writing) in no particular order Snyk, Microsoft Defender for Endpoint, Synopsys, Normalize, Veracode, SentinelOne, Assimili, SafeBreach, Security Scorecard, and Viz .

“The move to incorporate and integrate this range of disparate sources is necessary because, today, no single tool exists to meet every system security need,” Thacker explained. “If we think about the fact that security protection varies from firewalls to vulnerability management, we can also see that for mobile security, for corporate IT security, for cloud datacenter security, etc. A different approach is required. By providing the integration and orchestration layer that brings these functions together and aligns their security needs with business outcomes, we can reduce the security risks and associated operational risks they can create across a business.

To illustrate this point by talking about modern homes, most of us have now realized that we need a separate app to handle heating and air conditioning, for an electronic front doorbell, for a door lock. One for monitoring, one for gas/electricity energy consumption and one for the app. If we are lucky we have a digitally enabled smart refrigerator.

Whether the technology industry ever reaches a single pane of glass is a very difficult question to answer. As we can see here, it’s more likely that we’ll get a single pane view into IT risk management, a single view into HR systems, a single window into database management and data exchange systems, a simplified view of finance and procurement, plus The solution (and more than just the vendor after this crown) is to have a single unified view of an organization’s hybrid multi-cloud assets.

That might be single pane plural, but it’s still a clear picture if we keep these windows clean and neat, pass the squeegee, please.