Qualys QSC Wrap-Up: Risk and Simplicity

For many organizations, the complexity of security and compliance is still beyond their reach. Also, striking a balance between security and people, process and technology versus the risk/reward was something that both security leaders and business leaders need to confront and deal with every day.

Earlier this month in Las Vegas, Qualys held its annual QSC user conference. The well-attended gathering featured many sessions from Qualys executives as well as Qualys customers. There were two overriding themes to this year’s QSC; the first was managing risk and the second was simplifying security. These two themes were front-and-center in most of the sessions—and for good reason. Qualys is celebrating 10 years as a public company and over 20 years in the security space. During that time, the company built a loyal following of customers around the globe. They keep in close contact with their customers and solicit feedback consistently. Based on that feedback and what they hear from their customers, they’ve chosen to emphasize simplifying security and managing risk.

In my interview with Payal Mehrota, senior director of VMDR at TruRisk, we dove deeper into why organizations should take a risk-based approach to threats. You can see that interview here.

Qualys CEO Sumedh Thakar’s keynote jumped right into these themes. Making security simpler for organizations is a top priority. Helping business leaders and security leaders better manage their real-world risk trumps security for security’s sake and is the other priority. In a world with increasing attack surfaces and vectors, with so many vendors offering “magic bullets” and macroeconomic conditions constraining budgets, risk management is paramount. I had a chance to sit down with Sumed at QSC and you can watch the interview here.

The real key to Qualys’ success lies in the platform they have built. I spoke with Dilip Bachwani, CTO and VP of cloud platform at Qualys. Dilip led the team that built the Qualys platform of today. It is a modern architecture using DevOps, microservices and cloud-native elements that allows Qualys to achieve hyperscale. They need this hyperscale as they manage something in the neighborhood of 80 million agents and billions of database writes a day. This hyperscale platform also allows them to use ML/AI analysis which also feeds their threat intelligence capabilities. Speaking of threat intel, Qualys also announced at QSC that they are upping the visibility of their research team. Their research team has always been a quality effort focused primarily on finding vulnerabilities. I spoke with Travis Smith, VP of malware threat research, about the launch of the company’s Threat Research Unit (TRU) and their redefined mission going forward. They are going to be a high-visibility team covering all aspects of security research, and we will be hearing more about that soon.

The other big launch at QSC was Total Cloud with FlexScan. I spoke with Parag Bajaria, VP of cloud and container security, about Qualys’ solution for protecting cloud assets no matter the infrastructure or format. They have enhanced and beefed up their cloud-native/container capabilities significantly. The real power here though may be that Total Cloud is integrated into the Qualys single-pane-of-glass dashboards to give customers a holistic view of their security.

Additionally, I spoke with several Qualys customers and IDG analyst, Frank Dickson. All of them spoke to the breath and quality of Qualys vision and delivery of a total security solution. Qualys is not just a vulnerability scanner any longer. They are a full service security firm bringing risk management and simplicity to your security efforts.

Check out all of the interviews from Qualys QSC on Techstrong.tv here.

Image: Black Hat vegas–young-soo-park–pixabay

Avatar photo

Alan Shimel

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

alan has 81 posts and counting.See all posts by alan