New security tool serves Amazon Cloud users

The new QualysGuard connector conducts vulnerability scans of virtual servers in the Amazon Cloud.
  • Tony Bradley (PC World (US online))
  • — 27 February, 2013 15:22

For many IT managers, moving your company's backbone to the cloud brings a certain sense of freedom. However, the task of caring for and protecting your assets remains. After all, the operative word in "virtual server" is "server"; virtual or not, it's still a fully functioning server from an operational sense, carrying the same risks and vulnerabilities inherent in physical servers. You'll need vulnerability management tools to ensure those servers are secure.

To that end, Qualys announced this week that QualysGuard--its cloud-based suite of security and compliance tools--now works with Amazon's popular cloud services.

The rate at which new vulnerabilities are discovered is staggering. An estimate from 2010 put the figure at two per second. That may be on the extreme high end, but the point is that securing a server--virtual or physical--is a fluid, constantly changing process. You have to monitor regularly to determine which vulnerabilities your servers are exposed to, what the potential impact is, and what you can do to eliminate or mitigate the risk.

The new QualysGuard connector uses Amazon APIs to connect with virtual servers in the Amazon cloud. Businesses that use Amazon EC2 or VPC cloud services can use QualysGuard to conduct automated scans of virtual server assets, and generate reports to help IT admins address potential risks.

Qualys worked with Amazon to ensure the QualysGuard scans are pre-authorized, and to prevent any inadvertent scanning of third-party virtual servers in the Amazon cloud. Customers don't have to get explicit permission from Amazon before conducting a QualysGuard vulnerability scan because the activity is pre-approved by Amazon.

The native Amazon API connectors can be connected to one or more Amazon accounts, and automatically sync asset inventories from the Amazon EC2 and VPC services. Amazon attributes and context data are automatically collected during the import process, and IT admins can assign Dynamic Asset Tag data, which is used by QualysGuard for applying policies and generating reports.

Qualys customers who already subscribe to the QualysGuard Service and use Amazon cloud services will welcome the new capabilities. For companies starting at square one in search of a vulnerability scanning solution for Amazon cloud virtual servers, though, Qualys isn't the only choice. QualysGuard is the only thing that comes up in the Amazon AWS Marketplace if you search for "vulnerability scanning", but Eeye Retina Cloud Security also provides vulnerability management for Amazon EC2.

The new features are currently available to Qualys customers as part of their QualysGuard subscriptions. Annual QualysGuard subscriptions start at $2495 per year for 32 IP addresses. At least one QualysGuard Virtual Scanner Appliance license at $995 per year is required for internal network scanning functionality on Amazon. For more information, visit the Amazon AWS Marketplace.

Tags: virtualization, security, internet, cloud computing, business security, qualys

The risks of sticking with Windows XP

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.