Qualys QSC Wrap-Up: Risk and Simplicity
For many organizations, the complexity of security and compliance is still beyond their reach. Also, striking a balance between security and people, process and technology versus the risk/reward was something that both security leaders and business leaders need to confront and deal with every day.
Earlier this month in Las Vegas, Qualys held its annual QSC user conference. The well-attended gathering featured many sessions from Qualys executives as well as Qualys customers. There were two overriding themes to this year’s QSC; the first was managing risk and the second was simplifying security. These two themes were front-and-center in most of the sessions—and for good reason. Qualys is celebrating 10 years as a public company and over 20 years in the security space. During that time, the company built a loyal following of customers around the globe. They keep in close contact with their customers and solicit feedback consistently. Based on that feedback and what they hear from their customers, they’ve chosen to emphasize simplifying security and managing risk.
In my interview with Payal Mehrota, senior director of VMDR at TruRisk, we dove deeper into why organizations should take a risk-based approach to threats. You can see that interview here.
Qualys CEO Sumedh Thakar’s keynote jumped right into these themes. Making security simpler for organizations is a top priority. Helping business leaders and security leaders better manage their real-world risk trumps security for security’s sake and is the other priority. In a world with increasing attack surfaces and vectors, with so many vendors offering “magic bullets” and macroeconomic conditions constraining budgets, risk management is paramount. I had a chance to sit down with Sumed at QSC and you can watch the interview here.
The real key to Qualys’ success lies in the platform they have built. I spoke with Dilip Bachwani, CTO and VP of cloud platform at Qualys. Dilip led the team that built the Qualys platform of today. It is a modern architecture using DevOps, microservices and cloud-native elements that allows Qualys to achieve hyperscale. They need this hyperscale as they manage something in the neighborhood of 80 million agents and billions of database writes a day. This hyperscale platform also allows them to use ML/AI analysis which also feeds their threat intelligence capabilities. Speaking of threat intel, Qualys also announced at QSC that they are upping the visibility of their research team. Their research team has always been a quality effort focused primarily on finding vulnerabilities. I spoke with Travis Smith, VP of malware threat research, about the launch of the company’s Threat Research Unit (TRU) and their redefined mission going forward. They are going to be a high-visibility team covering all aspects of security research, and we will be hearing more about that soon.
The other big launch at QSC was Total Cloud with FlexScan. I spoke with Parag Bajaria, VP of cloud and container security, about Qualys’ solution for protecting cloud assets no matter the infrastructure or format. They have enhanced and beefed up their cloud-native/container capabilities significantly. The real power here though may be that Total Cloud is integrated into the Qualys single-pane-of-glass dashboards to give customers a holistic view of their security.
Additionally, I spoke with several Qualys customers and IDG analyst, Frank Dickson. All of them spoke to the breath and quality of Qualys vision and delivery of a total security solution. Qualys is not just a vulnerability scanner any longer. They are a full service security firm bringing risk management and simplicity to your security efforts.
Check out all of the interviews from Qualys QSC on Techstrong.tv here.
Image: Black Hat vegas–young-soo-park–pixabay