Qualys has released TotalCloud 2.0. It is the latest version of its AI-powered cloud-native applications protection platform (CNAPP), and it has substantially extended its capabilities. It now delivers protections for multi-cloud, SaaS and any assets exposed externally.
Sumedh Thakar, president and CEO of Qualys, said, “Managing security across multiple cloud and SaaS applications can lead to scattered risk scores that are challenging for organizations to prioritize, let alone remediate.
“TotalCloud 2.0 silences the noise from disparate security tools, offering a clear, prioritized view of risk across multi-cloud, SaaS applications, and assets. This ensures swift resolution of critical issues, dramatically reducing the organization’s risk.”
TotalCloud is addressing wider cloud security
Organisations face a number of challenges when securing applications and data in the cloud. There is an increasing move towards multi-cloud environments as organisations look at specialist clouds for certain apps. Additionally, the move to SaaS applications lowers software costs but creates challenges around data security.
A further and ongoing challenge is the protection of all externally exposed assets. While organisations have been exposing assets through websites for three decades, security is still a work in progress. Adding to that is the amount of data exposed through cloud-native and SaaS applications.
For many organisations, the solution has been to deploy multiple security solutions. While they might all be considered “best of breed”, integrating them is rarely simple and leaves gaps in coverage. What Qualys is offering is a single solution that assesses risk across everything that is cloud-related.
What is new in TotalCloud 2.0?
Qualys lists four key benefits that TotalCloud 2.0 delivers.
Singular, Prioritized View of Cloud Risk: Delivers a single view of risk indicators from multiple Qualys products in a single dashboard. It uses Cloud Workload Protection (CWP), Cloud Security Posture Management (CSPM), and Cloud Detection and Response. A wider view is provided through the use of External Attack Surface Management (EASM) solutions.
Comprehensive Protection for SaaS Applications: Uses SaaS security posture management (SSPM) to integrate configurations and permissions for SaaS apps into existing security controls.
Supply Chain Risk Mitigation: Reduces supply chain risk from open-source software using agent and agentless techniques. It also identifies vulnerabilities across multi-cloud environments.
Operationalized Risk Reduction: Integrates IT and security with ITSM integrations to remove information silos. Automatic assigning of tickets ensures better orchestration of remediation with ITSM tools such as ServiceNow and JIRA.
Enterprise Times: What does this mean?
There has been a significant move towards the need for better risk assessment as part of cybersecurity. The challenge is that, like other areas of cybersecurity, risk assessment is complex and there are multiple tools looking at different types of risk. Where those tools are used, they are often standalone and not integrated into the cybersecurity stack.
Qualys has been working on changing that through things like TruRisk. Integrating it here into TotalCloud makes perfect sense. Ensuring that all the Qualys discovery tools push findings into a single, coherent engine also makes sense. However, Qualys is not the only company providing wider risk management solutions.
For Qualys customers, this offers a more consistent view of what is happening across their entire portfolio and moves them from reactive to proactive.