Vulnerability administration vendor Qualys this week introduced the trial availability of its TotalCloud with FlexScan providing, an agentless, cloud-native vulnerability detection and response platform designed to be used in multicloud and hybrid environments.
The software program is designed to offer a holistic overview of a corporation’s cloud-based workloads and determine recognized vulnerabilities. The system additionally scans workloads to examine whether or not they’ve opened community ports, and screens a bunch of different components to supply an in depth image of a enterprise’ general vulnerability standing, monitoring publicly uncovered VMs (digital machines), databases, person accounts and exploitable vulnerabilities in public-facing property.
The corporate mentioned that a lot of TotalCloud’s capabilities are designed to be no-code, permitting customers to make use of a GUI (graphical person interface) to carry out complicated operational duties equivalent to quarantining property and setting alert parameters, which might ordinarily require coding and be rather more time-consuming.
TotalCloud, Qualys added, can also be designed as a devsecops instrument for builders, permitting them to determine and proper safety flaws at every step of the event course of.
TotalCloud options agentless design
Certainly one of TotalCloud’s primary promoting factors is its agentless design, which means that no software program has to run on the monitored property, with the concept being that the software program received’t have an effect on the workloads it’s monitoring, in response to IDC group vp for safety and belief Frank Dickson.
“Agentless safety is an excellent innovation to deal with imperfective approaches to software safety inside organizations,” he mentioned. “Basically, agentless safety mitigates cross group battle ensuing from developer objections as cloud operations is basically analyzing the surroundings behind a digital sealed pane of glass.”
What that additionally means, nonetheless, is that the agentless method to safety is basically based mostly on particular person snapshots of the programs it’s defending, not on steady, moment-to-moment monitoring. In line with Dickson, which means the system can’t defend workloads that spin up momentarily after which shut again down once more between these snapshots.
“Moreover, agentless options can’t extract exercise telemetry like course of info, L3/L4 connections exercise, reminiscence evaluation or different actual time info,” he famous. “Lastly, you’re very restricted in taking motion with out an agent so response and remediation actions are restricted. A safety skilled can be restricted within the potential to isolate a workload or redeploy a golden picture with out an agent.”
Qualys mentioned TotalCloud can be made usually out there by the tip of 2022.
Copyright © 2022 IDG Communications, Inc.
