For many IT managers, moving your company's backbone to the cloud brings a certain sense of freedom. However, the task of caring for and protecting your assets remains. After all, the operative word in "virtual server" is "server"; virtual or not, it’s still a fully functioning server from an operational sense, carrying the same risks and vulnerabilities inherent in physical servers. You'll need vulnerability management tools to ensure those servers are secure.
To that end, Qualys announced this week that QualysGuard—its cloud-based suite of security and compliance tools—now works with Amazon's popular cloud services.
The rate at which new vulnerabilities are discovered is staggering. An estimate from 2010 put the figure at two per second. That may be on the extreme high end, but the point is that securing a server—virtual or physical—is a fluid, constantly changing process. You have to monitor regularly to determine which vulnerabilities your servers are exposed to, what the potential impact is, and what you can do to eliminate or mitigate the risk.
The new QualysGuard connector uses Amazon APIs to connect with virtual servers in the Amazon cloud. Businesses that use Amazon EC2 or VPC cloud services can use QualysGuard to conduct automated scans of virtual server assets, and generate reports to help IT admins address potential risks.
Qualys worked with Amazon to ensure the QualysGuard scans are pre-authorized, and to prevent any inadvertent scanning of third-party virtual servers in the Amazon cloud. Customers don’t have to get explicit permission from Amazon before conducting a QualysGuard vulnerability scan because the activity is pre-approved by Amazon.
The native Amazon API connectors can be connected to one or more Amazon accounts, and automatically sync asset inventories from the Amazon EC2 and VPC services. Amazon attributes and context data are automatically collected during the import process, and IT admins can assign Dynamic Asset Tag data, which is used by QualysGuard for applying policies and generating reports.
Qualys customers who already subscribe to the QualysGuard Service and use Amazon cloud services will welcome the new capabilities. For companies starting at square one in search of a vulnerability scanning solution for Amazon cloud virtual servers, though, Qualys isn’t the only choice. QualysGuard is the only thing that comes up in the Amazon AWS Marketplace if you search for "vulnerability scanning", but Eeye Retina Cloud Security also provides vulnerability management for Amazon EC2.
The new features are currently available to Qualys customers as part of their QualysGuard subscriptions. Annual QualysGuard subscriptions start at $2495 per year for 32 IP addresses. At least one QualysGuard Virtual Scanner Appliance license at $995 per year is required for internal network scanning functionality on Amazon. For more information, visit the Amazon AWS Marketplace.