As you all know, it’s Black Hat 2017 time. This year Qualys seems to be the main newsmaker among Vulnerability Management vendors. Qualys Team renewed logo and website, updated marketing strategy, presented two new products: CloudView and CertView. I decided to take a look.
Talking about design, I liked the old logo more. I don’t see “Q” here. Mirrored “9” maybe. 🙂 However, I did not like the blue nut of Tenable before and now it looks right and familiar.
Site design was also changed and simplified. I really liked well-structured qualys.com, where and every scan mode (“Cloud Apps”) had it’s own color and icon.
Now everything looks the same and it’s a bit confusing.
Maybe they realized that customers don’t really care what scanner can do. Maybe the goal, to make the things less concrete, make it look like site of management service company, not a software vendor. Who knows.
They also presented two marketing brochures. One of them is called CIO/CISO eBook, but in fact it consists of 7 pages of pictures and huge titles such as “Everything is visible. Everything is safe”. This slogan also seems to be a bit odd. I am really in all this IT visibility thing, but please, in real life everything is possible, everything is hackable. 😉
Highlights of CIO / CISO eBook:
- Qualys is a single platform for different teams InfoSec, AppSec, Endpoint, DevSec, Cloud with single UI (AssetView)
- Qualys CMDB integration (ServiceNow)
- Continious security and compliance assessment
- Designed for Digital Transformation! (Whatever it means)
Highlights of Corporate Brochure:
- Sensors provide continuous visibility
- Real time data analysis and response to threats
- Single-pane-of-glass user interface
- Unique advantages in cloud nature (costs, scaling, always up-to-date). Here also about on-premise deployment (Standalone appliance, Virtual rack, Full server rack)
- List of Cloud Platform apps with betas of Container Security, Indications of compromise, File Integrity Monitoring and Cloud Security Assessment
- Single platform for different teams (with small descriptions)
But all this beautiful pictures and marketing texts, of course are not the main things. Products are.
Release of a new product or feature is important for vendor’s customers, but always a moment of truth for the vendor’s competitors, especially CI/CA (competitive intelligence and competitive analysis teams).
- If some vendor has released something new, how we will answer our customers whether our solution can do this things?
- If some vendor has released something new, that means that this vendor was missing some important functionality before. Right? Have we used in competitor’s sales battlecards?
Let’s take a look at just presented CloudView, Cloud Inventory (CI) and Cloud Security Assessment (CSA) apps, “for comprehensive and continuous protection of cloud infrastructure”.
With the development of cloud services and virtualization, the Vulnerability Management will be shifting from using standard transports to API.
Ironically, the first cloud vulnerability scanner did not have the functionality to control clouds. And Tenable had vulnerability scanning using APIs of Amazon AWS, Microsoft Azure, Rackspace, Salesforce.com for a long time (see “Tenable Nessus: registration, installation, scanning and reporting“). I think it was really a good argument of Tenable sales managers. And this will be changed soon.
upd. However, it must be admitted that Qualys had AWS integration since 2013:
The QualysGuard connector for use with AWS provides automated discovery and tracking of AWS-hosted assets by detecting and synchronizing changes to customers’ virtual machine instance inventories. The instances can be tracked over time, even as their IP addresses change, and are scanned for vulnerabilities using QualysGuard Virtual Scanner Appliances deployed on Amazon EC2 or Amazon VPC
Approximately the same situation with the Container Security, that was announced not so long time ago. This looks like Qyalys is responding to the Tenable purchase of FlawCheck and integration into the Tebable.io (read more at Bye-bye Nessus Cloud, hello Tenable.io) and also the Forrester’s “Vulnerability Management vendor landscape 2017”.
- Discovery, inventory, and near-real time tracking of container events
- Vulnerability analysis for image registries and containers
- Integration with CI/CD toolchain using APIs (DevOps flow)
- New Qualys ‘Container Sensor’
And finally, one more SSL security product – Qualys CertView. It look like an attempt to monetize https://www.ssllabs.com/.
I tried to work with it directly, see “Qualys SSL Labs console client“. Great service. And now it will be available right in the Qualys interface.
So, solutions of large vendors become closer to each other. And it is probably good for everyone.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Hi,
as far I know Qualys had/has functionality to retrieve all running AWS hosts dynamically and perform scan 1 year ago.
Tenable has not this as I know. May be I’m mistaking
Yep, you are right. They had this functionality since 2013.
https://globenewswire.com/news-release/2013/02/25/525902/10022872/en/Qualys-Extends-Vulnerability-Management-Solution-to-Customers-With-QualysGuard-Connector-for-Amazon-Web-Services.html
I added this to the post. Thanks!
Pingback: Vulnerability Management for Network Perimeter | Alexander V. Leonov