Qualys announced two new free groundbreaking services: CertView and CloudView.
Harnessing the power and scalability of the Qualys Cloud Platform, Qualys CertView and CloudView enable organizations of all sizes to gain such visibility by helping them create a continuous inventory and assessment of their digital certificates, cloud workloads and infrastructure that is integrated into a single-pane view of security and compliance.
CertView helps customers inventory and assess certificates and underlying SSL/TLS configurations and vulnerabilities across external-facing assets to prevent downtime and outages, and to mitigate risks associated with expired or vulnerable SSL/TLS certificates and configurations.
- Certificate Discovery: Enabling Infosec and other teams to continuously scan global IT assets from the same console to discover every internet-facing certificate issued from any certificate authority.
- Certificate Inventory: Enabling reduced administrative costs by bringing the entire certificate estate under central control with comprehensive visibility of all external certificates in use across DevSecOps, InfoSec and IT teams.
- TLS Configuration Grades: CertView generates certificate instance grades (A, B, C, D, etc.) using SSL Labs’ methodology that allows administrators to assess often-overlooked server SSL/TLS configurations without having to become SSL experts.
- Continuous Monitoring: Automation built into the Qualys Cloud Platform identifies critical issues, weaknesses and vulnerabilities for DevSecOps, InfoSec and IT teams.
- Reports and Dashboards: Dynamic dashboards provide teams with a holistic and contextual view of their external certificate estate, and power automatically created downloadable reports of certificate-related vulnerabilities, certificate expirations and non-compliant certificates across externally facing IT assets.
Customers can extend the power of these same features across their internal certificates by upgrading from Qualys CertView to Qualys Certificate Inventory (CRI) and Assessment (CA) Apps.
CloudView delivers customers topological visibility and insight about the security and compliance posture of their public cloud infrastructure for major providers including Amazon Web Services (AWS), Microsoft Azure and Google Cloud.
- Asset discovery and inventory: CloudView continuously discovers and tracks assets and resources — instances, virtual machines, storage buckets, databases, security groups, Access Control Lists, Elastic Load Balancers and users — across all regions, multiple accounts and multiple cloud platforms in one central place.
- Complete comprehensive, multi-faceted searches: CloudView powers asset searches to help teams discover their threat posture based on attributes and relationships. It lets them find leaky storage buckets, ungoverned instances, and those scheduled for retirement. Complex lookups allow teams to identify assets that are at greater risk of attack, such as those that have high-severity vulnerabilities or that exist at the edge rather than inside the DMZ.
CloudView is free for up to three accounts per public cloud platform. Customers can instantly upgrade their subscription by adding Qualys Cloud Inventory (CI) and Cloud Security Assessment (CSA) Cloud Apps, which include:
- Continuous security monitoring: Boosts the security of public clouds by identifying threats caused by misconfigurations, unwarranted access, and non-standard deployments. It automates security monitoring against industry standards, regulatory mandates and best practices to prevent issues like leaky storage buckets, unrestricted security groups, and crypto-mining attacks.
- Insight and threat prioritization: Provides a 360-degree view of cloud assets’ security posture, which includes cloud host vulnerabilities, compliance requirements and threat intelligence insights, so users can contextually prioritize remediation.
- Quick identification of incident causes: Quickly uncovers the root cause of incidents. Simple yet powerful queries deliver search results across a complete cloud resource inventory that shows assets’ configurations and complex associations, allowing teams to also identify similar assets and mitigate issues in a unified way.
- Comprehensive DevOps protection: Powers automated security checks, identifies and eliminates issues, and standardizes deployment and formation templates to make production environments more secure. All features are supported via REST APIs for seamless integration with the CI/CD tool chain, providing DevSecOps teams with an up-to-date assessment of potential risks and exposure.
Qualys will showcase these new services during RSA Conference 2018, at Booth #N3815.
“Securing the digital transformation starts with visibility of hybrid IT environments and the ability to react immediately with accuracy to threats on the new attack surface,” said Philippe Courtot, chairman and CEO, Qualys, Inc.
“CertView and CloudView bring the power of the Qualys Cloud Platform to global organizations, helping them discover and monitor their digital certificates and create full inventory of their public cloud assets. These are key capabilities that will help both CIOs and CISOs to adopt more proactive approaches to securing critical data during their journey to the cloud.”