Next generation Security-as-a-Service platform
Qualys introduced its Security-as-a-Service platform to host the QualysGuard IT security and compliance Software-as-a-Service (SaaS) suite of applications in the cloud.
The Qualys security-as-a-service platform provides an integrated framework with new functionality in all Qualys security and compliance applications. Standards-based integration and middleware ties together the browser, all Qualys applications, six platform services and engines, the user’s security and compliance data, scanners, and the QualysGuard KnowledgeBase.
With the new platform, users will get prioritized job management, modular services to ensure highest uptime and performance, dynamic analysis and reporting capability, and support for physical and virtual appliances – from Qualys or deployment by other cloud solution providers.
The new platform uses open source and commercial technologies, including a Web 2.0 user interface (UI) and a Java-based backend infrastructure. The browser integrates with the platform’s backend via a standard JSON API and Web Services API. These provide the interface to all Qualys IT security and compliance applications.
Platform services and engines include Reporting & Dashboard, Questionnaire & Collaboration, Remediation & Workflow, Correlation & Risk Calculation, and Alerts & Notification.
The platform’s data layer includes modules for Scan Management & Scheduling, Indexing & Tagging, and Data Management & Security. In turn, these integrate with internal and external scanners, virtual or hardware scanners, and the QualysGuard KnowledgeBase hosted in Oracle RAC DB.
New technologies implemented in the new platform include:
- Multi-dimensional, extremely fast, clustered data indexing and tagging using Apache Solr.
- Customizable reporting engine using BIRT for multi-format output.
- Web-scale application clustering using Terracotta and Ehcache technologies.
- SOAP and REST based XML web services for high volume API interaction.
The integration benefits of the new platform will touch all security and compliance applications hosted by the platform, including:
- New UI with dynamic and interactive interfaces, wizards and new report templates to present scan data with wide range of presentation options to match users’ needs.
- New customizable template-driven reporting engine outputs reports in a variety of formats (csv, doc, xls, pdf, xml, ppt) based on users’ criteria.
- Fast searching of several extensive Qualys data sets, including scan results, asset data, scan profiles, users, vulnerabilities, and more.
- Patent-pending technology for hierarchical dynamic asset tagging and role-based user access.
- Dynamic distribution of scans on multiple scanners based on availability and load to optimize scanning of large networks, drastically reducing the overall scan time required to complete large scan jobs.
- Virtualized scanning platform for enterprises, consultants and cloud-based environments.