AWS Security Hub is designed to provide users with a view of their security alerts and compliance status by aggregating, organizing, and prioritizing alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from other AWS Partner Network (APN) security solutions. The findings are then summarized on integrated dashboards with actionable graphs and tables.
Vulnerability and configuration assessments are key to any security program. By integrating Qualys findings from Vulnerability Management, Policy Compliance and Cloud Security Assessment within AWS Security Hub, customers will get visibility into their security and compliance posture, directly in the AWS console. These insights gained by the correlation of Qualys information with other data in AWS Security Hub allow customers to detect risks in their AWS environments, and take remediation actions.
“AWS Security Hub gives enterprises the ability to build security and compliance visibility directly into all of their development and cloud projects,” said Philippe Courtot, chairman and CEO, Qualys. “By enabling Qualys within the AWS Security Hub, developers can easily leverage up-to-date insights about security risks, and ensure their clouds conform to company policies and standards.”
“AWS Security Hub makes it easier for customers to identify and manage all of their AWS-related security and compliance findings,” said Dan Plastina, vice president, Security Services, Amazon Web Services. “Users can also combine these rich findings with additional data from multiple security services, including integrated Qualys Cloud Apps, to find further insights and actionable intelligence for every identified vulnerability.”
Qualys Vulnerability Management, Policy Compliance and Cloud Security Assessment are now available within AWS Security Hub.
Users can identify the following across their AWS workloads and infrastructure:
- Instances and AMIs with vulnerabilities, missing critical patches, and which may be publicly exposed or have publicly exploitable vulnerabilities.
- Compliance with Center for Internet Security (CIS), PCI, NIST and HIPAA along with the standards customized and adapted to their organizations.
- Misconfiguration in their Amazon Virtual Private Clouds (Amazon VPCs), AWS security groups, Amazon Simple Storage Service (Amazon S3), AWS Identity and Access Management (IAM) against CIS web services benchmarks and best practices.
Qualys will continue to add security insights from other products within its cloud platform’s integrated security solution into AWS Security Hub.
The Qualys Cloud Platform
As a cloud-based architecture, the Qualys Cloud Platform offers customers a view of IT, security and compliance across on-premises assets, endpoints, clouds, containers and web applications, reducing the cost and complexity of managing multiple security vendors.
The Qualys platform currently delivers 18 fully integrated, centrally managed and self-updating security and compliance solutions. By gathering and analyzing security and compliance data from IT assets anywhere in one single-pane view, the Qualys Cloud Platform gives customers the scalability, visibility, accuracy and breadth of capabilities to fight cyber-attacks and build security into their digital transformation initiatives.