Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments. Vulnerability management vendor Qualys this week announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multicloud and hybrid environments.The software is designed to provide a holistic overview of an organization’s cloud-based workloads and identify known vulnerabilities. The system also scans workloads to check whether they’ve opened network ports, and monitors a host of other factors to offer a detailed picture of a business’ overall vulnerability status, tracking publicly exposed VMs (virtual machines), databases, user accounts and exploitable vulnerabilities in public-facing assets.The company said that many of TotalCloud’s capabilities are designed to be no-code, allowing users to use a GUI (graphical user interface) to perform complex operational tasks such as quarantining assets and setting alert parameters, which would ordinarily require coding and be much more time-consuming. TotalCloud, Qualys added, is also designed as a devsecops tool for developers, allowing them to identify and correct security flaws at each step of the development process. TotalCloud features agentless designOne of TotalCloud’s main selling points is its agentless design, meaning that no software has to run on the monitored assets, with the idea being that the software won’t affect the workloads it is monitoring, according to IDC group vice president for security and trust Frank Dickson.“Agentless security is a wonderful innovation to address imperfective approaches to application security within organizations,” he said. “Essentially, agentless security mitigates cross organization conflict resulting from developer objections as cloud operations is essentially examining the environment behind a virtual sealed pane of glass.” What that also means, however, is that the agentless approach to security is essentially based on individual snapshots of the systems it’s protecting, not on continuous, moment-to-moment monitoring. According to Dickson, this means that the system cannot protect workloads that spin up momentarily and then shut back down again between those snapshots.“Additionally, agentless solutions cannot extract activity telemetry like process information, L3/L4 connections activity, memory analysis or other real time information,” he noted. “Finally, you are very limited in taking action without an agent so response and remediation actions are limited. A security professional will be limited in the ability to isolate a workload or redeploy a golden image without an agent.”Qualys said TotalCloud will be made generally available by the end of 2022. Related content news CISA inks 68 tech vendors to secure-by-design pledge — but will it matter? CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law. By Jon Gold May 10, 2024 4 mins Regulation Technology Industry Security Practices news Google Chrome gets a patch for actively exploited zero-day vulnerability Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists. By Lucian Constantin May 10, 2024 3 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities news Dell data breach exposes data of 49 million customers The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information. By Shweta Sharma May 10, 2024 3 mins Data Breach Hacking feature Social engineering: Definition, examples, and techniques Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs. By Josh Fruhlinger May 10, 2024 15 mins Phishing Social Engineering PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe