On the eve of Qualys’ QSC 19 in Las Vegas, Enterprise Times talked with Philippe Courtot, CEO, Qualys about the state of cyber security. One of the biggest challenges for many organisations is knowing what they need to secure. Courtot believes that the start point is asset management. “You cannot secure what you can’t see.”
But that is easier said than done. Since the end of the mainframe era, control over computing has continued to drift away from the IT department. Cloud, OT, IoT, and technology introduced by facility management teams are all outside of the IT remit.
Courtot believes that this is still manageable. It starts with understanding the network topology. That will help identify key assets. It also helps to classify those assets. The latter is particularly important. It means that those assets that cannot be updated because they were not designed to be secure, can be grouped and managed separately. They do not need to be left behind or cause a significant cost issue when it comes to replacement.
Qualys uses agents to manage assets. However, in some environments and for some technologies, agents are not the ideal solution. For those cases, such as building systems and IoT, Courtot said Qualys has released SDKs and APIs. These allow customers to integrate those systems into their security platform.
Courtot talked about automation and the benefits it brings to a security team. Importantly, he also stressed that this is about making life easier for the security analyst, not replacing them.
With Qualys announcing its latest product VMDR at the show, Courtot also talked about what benefits that brings.
To hear what else Courtot had to say, listen to the podcast
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there