We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,421 News Articles

New security tool serves Amazon Cloud users

The new QualysGuard connector conducts vulnerability scans of virtual servers in the Amazon Cloud.

For many IT managers, moving your company's backbone to the cloud brings a certain sense of freedom. However, the task of caring for and protecting your assets remains. After all, the operative word in "virtual server" is "server"; virtual or not, it's still a fully functioning server from an operational sense, carrying the same risks and vulnerabilities inherent in physical servers. You'll need vulnerability management tools to ensure those servers are secure.

To that end, Qualys announced this week that QualysGuard--its cloud-based suite of security and compliance tools--now works with Amazon's popular cloud services.

The rate at which new vulnerabilities are discovered is staggering. An estimate from 2010 put the figure at two per second. That may be on the extreme high end, but the point is that securing a server--virtual or physical--is a fluid, constantly changing process. You have to monitor regularly to determine which vulnerabilities your servers are exposed to, what the potential impact is, and what you can do to eliminate or mitigate the risk.

The new QualysGuard connector uses Amazon APIs to connect with virtual servers in the Amazon cloud. Businesses that use Amazon EC2 or VPC cloud services can use QualysGuard to conduct automated scans of virtual server assets, and generate reports to help IT admins address potential risks.

Qualys worked with Amazon to ensure the QualysGuard scans are pre-authorized, and to prevent any inadvertent scanning of third-party virtual servers in the Amazon cloud. Customers don't have to get explicit permission from Amazon before conducting a QualysGuard vulnerability scan because the activity is pre-approved by Amazon.

The native Amazon API connectors can be connected to one or more Amazon accounts, and automatically sync asset inventories from the Amazon EC2 and VPC services. Amazon attributes and context data are automatically collected during the import process, and IT admins can assign Dynamic Asset Tag data, which is used by QualysGuard for applying policies and generating reports.

Qualys customers who already subscribe to the QualysGuard Service and use Amazon cloud services will welcome the new capabilities. For companies starting at square one in search of a vulnerability scanning solution for Amazon cloud virtual servers, though, Qualys isn't the only choice. QualysGuard is the only thing that comes up in the Amazon AWS Marketplace if you search for "vulnerability scanning", but Eeye Retina Cloud Security also provides vulnerability management for Amazon EC2.

The new features are currently available to Qualys customers as part of their QualysGuard subscriptions. Annual QualysGuard subscriptions start at $2495 per year for 32 IP addresses. At least one QualysGuard Virtual Scanner Appliance license at $995 per year is required for internal network scanning functionality on Amazon. For more information, visit the Amazon AWS Marketplace.


IDG UK Sites

LG G3 release date, price, specs and new features 2014

IDG UK Sites

iPhone 5s review: why the iPhone 5s is still the best phone you can buy in 2014

IDG UK Sites

PCs vs consoles: PCs still pwn when it comes to gaming (and everything else)

IDG UK Sites

NAB 2014: Affordable 4K cameras, boundary-pushing plug-ins & drone domination