SAN FRANCISCO, Calif.: Qualys, Inc. has introduced Continuous Monitoring, the most recent addition to its QualysGuard Cloud Platform. This new offering gives organisations the ability to proactively identify threats and unexpected changes in Internet-facing devices within their DMZ, cloud-based environments, and web applications before they are breached by attackers. It brings a new paradigm to vulnerability management, empowering customers to continuously monitor mission-critical assets throughout their perimeter and immediately get alerted to anomalies that could expose them to cyber attacks.
"At Ancestry.com, we have millions of visitors per month and many perimeter devices that we operate to secure against possible attacks,” said Deal Daly, VP of information technology for Ancestry.com. “The Qualys Continuous Monitoring service delivers real-time alerts of security and network configuration issues that we can proactively remediate.”
Built on the QualysGuard Cloud Platform used by the majority of the Fortune 1000 and thousands of companies around the world, this new service allows companies to continuously monitor:
When Continuous Monitoring detects changes in the perimeter that could lead to exploitation, it alerts the responsible IT staff assigned to these assets to take the appropriate mitigation measures. The immediate notification provided by Continuous Monitoring frees security teams from the delays and burdens of waiting for scheduled scanning windows and sifting through reports.
“The Cloud is expanding the boundaries of the corporate perimeter to include every browser, device or application that touches the Internet, leaving us more exposed to cyber-attacks than ever,” said Philippe Courtot, chairman and CEO for Qualys. “With our groundbreaking Continuous Monitoring service, companies can see their perimeter the way today’s hackers do, so that threats can be identified and addressed before they turn into breaches.”
In the MarketScope for Vulnerability Assessments, Gartner Analyst Kelly Kavanagh noted “Gartner's vulnerability management life cycle activities include the secure configuration of IT assets, regular assessment of vulnerabilities and compliance with security configuration policies, remediation of vulnerabilities or security configuration issues, and ongoing monitoring to detect malicious events or activities. The use of VA products or services as a best practice has been incorporated into a number of prescriptive compliance regimes, including the PCI DSS, the U.S. Federal Information Security Management Act (FISMA) and desktop configuration requirements. In particular, the National Institute of Standards and Technology (NIST) 800-53 requirements for "continuous monitoring" serve as an accelerator for the frequency of VA use.”[1]