QUALYS as a Cloud Security Provider
QUALYS is an American Cloud Security provider offering "software-as-a-service" model of security. The company started as a small security system in 1999 based on Redwood City in California. They target small to medium businesses garnering 9,300 customers in almost hundred countries and growing. They establish partnership with other solution providers in obtaining the optimal cyber security solutions to offer for their customers. The company is one of the founders of CSA or Cloud Security Alliance that provides compliance in the cyber security systems. QUALYS is a pure-play Cyber-security systems provider for the past 18 years. Customers can purchase cost of ownership and they provide the system security solution for them. Services offered were mostly top-scaled authentication, anti-virus and early detection of DoS attacks. While they were part of the global Cybersecurity companies, they focus on providing SeCaaS which is highly scalable.
QUUALYS' solutions revolve around cloud system security and compliance to Cyber Security Standards. This is a list of standards and guidelines that promotes good practices needed in order to have a safe cloud environment. The list is expanding as new technologies are being introduced. QUALYS dominates in Cloud Security and compliance. QUALYS' solutions include:
Endpoint Security through QUALYS AssetView. QUALYS is a promoter of compliance to the cyber security standards. The main defense in any cybersecurity solution is of course the knowledge of the customers in the location of their data. Asset, or in information security jargon is any information that was meant to be protected from any unauthorized access. QUALYS provides a browser-based, inventory of all the customer's assets laid down on a dashboard. Their product - AssetView. On their own summary, the product gives "single pane of glass" view of all the assets running around the company. It operates in a form of a dashboard, giving the customers an inventoried view of assets on their endpoints. It is linked to other different solutions from the QUALYS. AssetView serves as the gateway for the customers to check in within their assets. The clients were provided with on-time, track location of their assets in every registered endpoint they have.
Network Security. QUALYS network security is divided into two parts: The Vulnerability Management and The Continuous Monitoring. These are the two options the client can have for the Network Security solutions of QUALYS. In every company that provides cybersecurity solutions, early detection, timely response, and good set of knowledge database of attacks were the needed ingredients to have an ideal defense. QUALYS offers third party network security solutions containing both the visibility and the response:
VM (Vulnerability Management) - in connection with the AssetVIew, this part of network solution provides the full scale anatomy of any endpoint that accessed the database. The application, maps and details all the information and vulnerabilities within the system. The IT operators can handle the flagged items separately or with the help from QUALYS, a report was generated containing the list of red items. The app can work hand in hand with other solution system and it's a certain kind of early detection scheme.
CM (Continuous Monitoring) - CM menu works with the VM. Vulnerability Management provides the intelligence behind each access and analysis of Assets. The Continuous Monitoring is sort of customer notification system that feeds real-time asset checks. Number of suspicious instances were plotted as Attacks on a dashboard. It gives continuous detail and the fact that this is a real-time operation, customers can be updated depending on the filter or any configuration of update they assigned on the system.
QUALYS Threat Protect. QUALYS network security offers Threat Protect Scheme. The app functions as the "sort & analyze" system that scales the level of threats based on the vulnerabilities. On a given example, if a customer were having a set of Assets that were purely listed on a specific location, the Threat Protect will focus its defense system on the labeled important locations. Customers can now have another layer of intelligence on what should be treated first for remediation. In a given company, there can be numerous attack that can happen every day. Being them monitored and listed down on a list can clog up the system. In any way, this can also be anticipated as clogging the list, slowing the response of the defense system, attackers would find a way to infiltrate the whole asset without the system's immediate reaction. In a summary of the 2016 Verizon Data Breach Investigation Report, 99% of the malware hashes are seen for only 58 seconds or less. If a certain client were clogged up with a list of vulnerabilities and attacks, paired with a slow-responding system, the attacks can happen before it was even listed. The Threat Protect has a way of "sorting" the most alarming attacks, make it DoS (Denial of Service, most common) attack or an attempt to shut down a database. Threat Protection sorts it all for the client's team to react accordingly. Small to Large companies can be benefited, with or without an IT team.
Compliance Monitoring. Standardization is important in large firms. QUALYS is a promoter of Cloud Security and compliance in which they are one of the founders of CSA (Cloud Security Alliance). There were some standards and mandates that should be incorporated in businesses involved in using cloud system in order to protect them best. These standards came from research and contributions of different sectors promoting protection in cloud attacks. QUALYS platform includes PC (Policy Compliance) and PCI check within their servers to check and ensure client's Policy status were up to date with the current mandates and standardization.
Policy Compliance - with the use of the QUALYS platform, the client can have up-to-date status of their policy compliance in comparison to what's the recent mandates. QUALYS provides the summary of the policy statuses so the clients can act upon it avoiding risks of new threats as well as cost of penalties.
PCI Compliance - PCI DDS or Payment Card Industry Data Security Standard is a governing list of standards that all the companies with businesses correlated in using Credit Cards should abide by. Credit Card businesses were the main source of fraudulent activities involving theft due to unauthorized access. With the proper compliance, the risk of being targeted by these poachers can be highly reduced. QUALYS includes this in their platform to supply the needed up to date certifications for their clients.
Web Application Security - For clients that uses Mobile Apps within their businesses, QUALYS offers Web Application Security covering these applications from different attacks. In most cases, due to the developing nature of the Mobile Applications, more vulnerabilities were created on a daily basis. To reduce the risk of these threats in the system, QUALYS real-time Web Application Security covers three types of solutions:
Web Application Scanning (WAS) -WAS listed and scans all the Web Applications on a certain client and performs deeps crawls searching for vulnerabilities. From there, the reports of vulnerabilities were analyzed and prioritized into what will affect the system the likeliest.
Web Application Platform (WAF) - Creates a level of security in to access of certain endpoints. It blocks malicious intrusions specially coming from unidentified device.
Malware Detection (NYSE:MD) - A standalone component of the platform that performs as separate scan for small businesses. QUALYS promotes multi-scale of business access so small-time business can have access to their suite through purchasing of account.
QUALYS compared to different SECaaS Provider
SECaaS is a sub category of Cyber Security systems. QUALYS belongs to the SECaaS industry focusing on Cloud Security. CyberSecurity Ventures, an organization drafting all the participating Cyber Security companies worldwide listed QUALYS as Cloud Security and Compliance Solutions Company. Their products were solely focused on providing Cloud Security using Third party platform. The products they offer is "Server-Sided" in nature which does not require any installation or maintenance from the customer. Customers were provided with security by purchasing rights of ownership. Some big names reigning in the field are Root9b, FireEye and Rapid7.
QUALYS was ranked way lower compared to those big names of Cyber Security system. But in the specific field it belongs, it's raking up awards as the best in Network Security systems. In a report for IDC, International Data Corporation, QUALYS took the No. 1 spot in the Worldwide Vulnerability Assessment Market in 2016. The ranking drafts the Cyber security companies that provides Cloud security solutions solely or what it is commonly known as Vulnerability Assessment. Not only for 2016 but on the recent 2015, QUALYS was named at 1st rank. As per Robert Ayoub, Research director for IDC, "Qualys continued to drive cloud environment security forward in 2015, extending its vulnerability management solution to one that uniquely provides cloud-based monitoring and threat detection over the entire enterprise - regardless of the type or location of IT assets". 2015 is a good year for the company dropping chunk of sales on the list.
Not only on the official rankings, most Tech sites are featuring QUALYS, promoting the products it offers. On technologyadvice.com hits Top 5 of what they prefer as a good SECaaS provider. QUALYS grabbed their vote for the Network Security showing strength in number of their customers and trustees worldwide. The company, being a multi-scaled provider increased the number of their customers for their wide range of marketability. Even small companies can purchase services from them in different layer of intelligence and as well as no maintainability is required for it - Everything is on third part app. Also, as a takeout from the CEO and founder itself, Philippe Courtot, "SVM solutions can simplify the complexity associated with managing multiple security solutions while at the same time increasing the automation, effectiveness and proactive nature of security." Keeping it simple and hassle-free threat makes them a choice for thousands of customers. Find more in QUALYS: Leading Provider of Information Security and Compliance Cloud Solutions.
Verizon's Data Breach Investigations Report
Cloud Security Alliance
Cyber Security Ventures
Cyber Security Standards
IDC named QUALYS no. 1
Technology Advise Top 5
Disclosure: I am/we are long QLYS.
Additional disclosure: Some model portfolios at www.HedgedEquity.com have a long position in QLYS.
The use of this article is for educational and informational purposes only. NOT investment advice.
None of the material presented in this article should be construed as investment advice (neither direct, explicit, or implied). It is strongly suggested and recommend that you do your own due diligence and/or consult a qualified financial advisor for any investment advice based on your situation.