The problems around securing a hugely distributed workforce have always been present for decision-makers in the APAC; it’s just that the current situation has made the issue jump to the top of any executive’s priority list. Remote working, BYOD in the workplace, and distributed applications and services (in-house, in local data centres and on public cloud instances) all create complexity, that, in terms of cybersecurity and data governance, needs to be addressed.
Luckily, for business decision-makers looking for answers to keeping distributed workforces secure, there were more than a few answers presented to the region on May 12th, via live webcast, courtesy of Qualys. (Don’t worry if you missed the event – see below for details on how to catch up.)
As a supplier of the class-leading VMDR (vulnerability management, detection, and remediation) app, the company is keen that people working remotely can leverage its solutions – which are offered free for 60 days – as a valuable resource that ensures they are safe in all their online activities. You can hear more, and see a deep dive into the security platform by Qualys’ Sumedh Thakar, but it’s worth highlighting some of the key features of the platform that will help workforces maintain their working patterns safely and securely.
In these times of sudden and unexpected change, it comes as welcome reassurance that Qualys VMDR comprises of an always-on, iterative detection and remediation system that’s backed by a company whose infrastructure handles over nine petabytes of security information. Additionally, the Qualys VMDR leverages machine learning that adapts and learns new threats, and deeply granular context-sensitive asset scanning and remediation routines. Here are some of the highlights Sumedh covered, which are available to any organization, today, completely free for 60 days (hopefully enough to get every company through the crisis).
A circle of safety
Rather than a fingers crossed approach to cybersecurity, the VMDR app that the webinar explores is autonomously involved in keeping itself and therefore, your organization safe. That means that each of the four pillars of its operations is continuously evolving and repeating, so as new nodes are discovered on the network, or new vulnerabilities appear, the platform proactively helps identify, prioritize and remediate problems. And like its operations, IT staff can see all this happening in real-time, allowing unparalleled control right across the enterprise.
– Asset inventory. The software constantly scans the network for new devices, new cloud instances spinning up, even new containers being deployed. In a massively distributed hybrid topology, this type of proactive awareness is invaluable. And as well as auditing, the platform also categorizes intelligently, in ways that make sense to your organization. For example, you could choose to create groups of particular models of ThinkPad, or just databases, or remote cloud services, or Apple devices.
– Vulnerability and configuration. Scanning of every endpoint, IoT device, operational technology (OT) instance, server, fileshare, or remote filesystem, the Qualys cloud-based VMDR app assesses the threats that any device, application or service might be under: known vulnerabilities, patching status, software version, firmware status, and so on. That gives IT functions an end-to-end oversight onto every element at play in the organization’s entire IT provision, all through a highly configurable dashboard.
– Threat risk and prioritization. Unlike some cybersecurity suppliers whose only risk assessment method is an AI “brain”, VMDR uses AI as just one of many tools to assess risks and create priorities for remediation. Risk threats may be deduced by news of zero-days, dark web “chatter”, instances of high lateral movement or sudden large-scale data egress. Combined with the petabytes of intelligence data in the Qualys cybersecurity backend, companies get the full, informed and expert picture.
Detecting threats on endpoints is handled by a subset of anti-malware solutions termed IOC (indicators of compromise). That’s clearly crucial: without knowing that something is awry, how can you respond? But Qualys VMDR takes this one step further, with its IOC evolving into a discrete, full detection & response offering (EDR) this coming August (watch this space).
Prioritization for remediation is a smart combination of detected threats and the context of the organization’s individual assets. Threats may exist, for instance to a particular point release of database, but those public-facing will be prioritized over developers’ test rigs, for example. This is intelligent cybersecurity that’s attuned to an individual business’s needs and everyday reality.
– Patch and remediation. With careful and automate able patch-to-vulnerability correlation, you can be sure that cloud applications and services, mobile devices, remote workers’ desktops and even industrial OT deployments are covered off as threats present and priorities determined.
Source: Qualys
It’s worth noting that according to the latest Verizon Data Breach Investigation Report (PDF), companies still aren’t patching older flaws and vulnerabilities — too often we talk about zero-days and the latest and “greatest” vulnerabilities. But organizations have to continue to patch all their assets to stay safe, and that’s no simple task without at least a degree of automation.
All of the above “steps” repeat, so the dynamic nature of today’s enterprise networks are always protected, however changes may happen or decisions maybe taken. The Qualys cloud-based VMDR keeps teams up to speed in real-time as to the evolving picture of assets, vulnerabilities, threats and priorities. No other solution offers this always-on, always-improving state of protection.
The visible nature of safety
The Qualys dashboard is simple, clear, and as detailed as you need it to be. Capable of drilling down to granular levels of detail, or presenting oversights suitable for any type of audience the GUI is highly configurable to show the types of data you need to see when you need to see them.
Dashboard “widgets” can even be created according to your specific requirements, so you can track every asset, every threat, and every patch or fix as it’s applied, keeping every part of the extended enterprise network safe. Learn more from the webinar, below, and see both an in-depth demonstration of the platform and hear the Q & A session that explores real-life examples of deployment in these challenging times.
IT teams need to know that the organization’s infrastructure is not in jeopardy, and the VMDR from Qualys is now available free for 60 days, so the stretched attack surface many companies are currently presenting can be covered over. With a solution that’s in use all over the world, protecting companies, organizations and businesses like yours, in the same climates as you’re operating in, get the lowdown on staying safe.
Prospective users can sign up for the free 60-day endpoint protection offering here or sign up for the all-in-one Qualys VMDR app here. VMDR Live is available to watch on demand now and IT security pros can register to watch the recording at the following link.