Vulnerability administration vendor Qualys this week introduced the trial availability of its TotalCloud with FlexScan providing, an agentless, cloud-native vulnerability detection and response platform designed to be used in multicloud and hybrid environments.
The software program is designed to supply a holistic overview of a company’s cloud-based workloads and establish identified vulnerabilities. The system additionally scans workloads to examine whether or not they’ve opened community ports, and screens a number of different components to supply an in depth image of a enterprise’ general vulnerability standing, monitoring publicly uncovered VMs (digital machines), databases, consumer accounts and exploitable vulnerabilities in public-facing property.
The corporate stated that lots of TotalCloud’s capabilities are designed to be no-code, permitting customers to make use of a GUI (graphical consumer interface) to carry out advanced operational duties equivalent to quarantining property and setting alert parameters, which might ordinarily require coding and be far more time-consuming.
TotalCloud, Qualys added, can also be designed as a devsecops instrument for builders, permitting them to establish and proper safety flaws at every step of the event course of.
TotalCloud options agentless design
One in every of TotalCloud’s principal promoting factors is its agentless design, that means that no software program has to run on the monitored property, with the concept being that the software program received’t have an effect on the workloads it’s monitoring, in response to IDC group vp for safety and belief Frank Dickson.
“Agentless safety is an excellent innovation to handle imperfective approaches to software safety inside organizations,” he stated. “Primarily, agentless safety mitigates cross group battle ensuing from developer objections as cloud operations is actually analyzing the setting behind a digital sealed pane of glass.”
What that additionally means, nonetheless, is that the agentless method to safety is actually based mostly on particular person snapshots of the programs it’s defending, not on steady, moment-to-moment monitoring. Based on Dickson, which means that the system can not shield workloads that spin up momentarily after which shut again down once more between these snapshots.
“Moreover, agentless options can not extract exercise telemetry like course of info, L3/L4 connections exercise, reminiscence evaluation or different actual time info,” he famous. “Lastly, you’re very restricted in taking motion with out an agent so response and remediation actions are restricted. A safety skilled will likely be restricted within the skill to isolate a workload or redeploy a golden picture with out an agent.”
Qualys stated TotalCloud will likely be made typically obtainable by the top of 2022.
Copyright © 2022 IDG Communications, Inc.
