Qualys announced Security Configuration Assessment (SCA), a new add-on for Vulnerability Management (VM) that provides customers cloud-based tools to automate configuration assessment of global IT assets using the latest out-of-the-box Center for Internet Security (CIS) benchmarks.
Configuration issues are a major source of breaches, and basic hardening of all systems — whether on-premise or in the cloud — is required to protect today’s complex environments. To help customers with this challenge, Qualys is introducing SCA for automated configuration assessment of large and small IT environments.
SCA provides benchmark-based guidance and simplified workflows for scanning and reporting, eliminating the cost, resource and deployment issues associated with traditional configuration management software point products. Leveraging the Qualys Cloud Platform, SCA enables more customers to better safeguard global endpoints, on-premise and cloud assets against today’s evolving cyber threats.
“In the era of plug and play, rapid application development, one-click installations, and pressing business deadlines, systems are often put into production with default settings and without hardening,” according to Gartner. “In such cases, readily available and approved baseline configuration standards can be used prior to deployment to ensure and maintain a standard and consistent configuration throughout the enterprise. This will not only help to achieve a better security posture, but also increased compliance and business effectiveness and efficiency.”
“Recent global cyber-attacks have served as a reminder that companies must take a proactive stance in securing the infrastructure and operations underpinning their digital transformation,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Qualys SCA helps customers automate the security best practices behind leading benchmarks, and integrate them with DevSecOps for a more proactive approach towards securing today’s digital business.”
Qualys SCA offers:
Broad coverage: Qualys’ SCA add-on offers leading CIS benchmark coverage with support for the latest CIS benchmark releases of operating systems, databases, applications and network devices.
Accountability for controls: Qualys SCA controls are developed and validated in-house by Qualys security experts and certified by CIS. The controls are optimized for performance, scalability, and accuracy.
Ease of use: SCA provides CIS assessment via a web-based user Interface and delivered via the Qualys Cloud Platform, enabling centralized management with minimal deployment overhead. CIS controls can be selected and customized per an organization’s security policies.
Remote scanning and auto-discovery of instances: SCA uses the same data collection technologies as Qualys Policy Compliance and VM, allowing for agent or agentless data collection.
Reports and dashboards: SCA users can schedule assessments, automatically create downloadable reports of configuration issues, and view dashboards for improving their security posture.
Availability and pricing: SCA will be generally available starting July 2017 as an add-on to VM, and annual subscriptions are priced on a cost-per-IP basis.