CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Qualys Container Security App Released
June 19, 2018
Qualys released Qualys Container Security (CS), a new Cloud App that enables customers to build continuous security into their global container deployments and DevOps processes at any scale, and integrate the results into one unified view of their global hybrid IT security and compliance posture, breaking down silos and lowering ownership cost.
Built on the Qualys Cloud Platform, the new Qualys CS App delivers customers a container-ready security and compliance solution that extends visibility to container environments, and incorporates continuous visibility across the DevOps and CI/CD toolchain with that of existing traditional virtualization environments. Qualys CS performs inventory and real-time tracking of changes to containers deployed across on-premises and elastic cloud environments, and extends vulnerability detection and policy compliance checks to the image registries, containers and hosts.
"As businesses prioritize more responsive and adaptable IT, organizations need tools that optimize a variety of management demands to keep up with the pace of IT innovation," said Scott Crawford, Research Director, 451 Research. "Qualys' cloud platform strategy helps its customers meet many of these challenges, leveraging its early leadership in security offered as-a-service to consolidate and simplify the user experience across applications that address the security of new IT, including infrastructure deployed as containers and the automation that characterizes DevOps."
By integrating Qualys CS into their DevOps toolchain, organizations can identify and remediate risks early in development cycles and reduce those risks created by open development methods and their inherent sprawl. Security teams can participate in the DevOps process to gate vulnerable images entering the system, while developers get actionable data to remediate vulnerabilities. Qualys' high-accuracy vulnerability scanning also reduces the pain of clearing false-positives and allows security teams to focus on identifying and remediating actual risks.
"Containers are becoming an accelerator of the digital transformation and container security is now front and center," said Philippe Courtot, Chairman and CEO of Qualys, Inc. "Our new Container Security App is designed to help customers transparently extend their continuous security and compliance capabilities into new cloud workloads through the use of DevOps and containers, allowing them to build security into their digital transformation initiatives."
Qualys Container Security offers customers:
- Visibility into container projects: Qualys CS provides auto-discovery that gives customers complete visibility of container hosts wherever they are within their global IT environment, whether on-premises or in clouds. It gathers comprehensive topographic information about container projects — images, image registries, and containers spun from those images. With dynamic, customizable dashboards, users can see complete inventory and security posture from containers to hosts.
- Security for the entire DevOps pipeline: Security teams can enforce policies to block the use of images that have specific vulnerabilities, or that have vulnerabilities above a certain severity threshold. Developers can perform continuous vulnerability detection and remediation in the DevOps pipeline by deploying plugins for CI/CD tools like Jenkins or Bamboo, or via REST APIs.
- Threat identification, impact assessment and remediation prioritization: Teams can search for images with high-severity vulnerabilities, unapproved packages, and older or test release tags. They can then assess the impact by identifying all containers using unapproved, vulnerable images. Qualys CS helps determine if these images are cached on different hosts, and identify all the containers on exposed vulnerable network ports running with privileges, which could lead to attacks.
- Container runtime protection: CS helps teams scan, protect and secure their running containers. Customers can also detect runtime security and configuration drift that breaks the parent image's immutable behavior by using a different vulnerability posture and software configuration. Qualys CS also features policy-based orchestration to stop containers with vulnerable images from being spun up in Kubernetes clusters. Additionally, customers can understand how the host impacts the containers by easily drilling down to the host level to identify its vulnerabilities and patch compliance.
As a container-ready global IT security platform, the Qualys Cloud Platform consolidates visibility of container environments and other global infrastructure — on premises, at endpoints or in the cloud — into a single-pane-of-glass UI. Its revolutionary architecture provides customers a scalable, end-to-end solution for customers to consolidate their security stack across containerized and non-containerized environments, and also drastically reduce IT security spend by avoiding the cost and complexities that come with managing multiple security vendors.
Qualys Container Security is available now.
Industry News
April 17, 2024
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
April 17, 2024
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
April 16, 2024
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
April 16, 2024
Pegasystems announced the general availability of Pega Infinity ’24.1™.
April 16, 2024
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
April 15, 2024
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
April 15, 2024
Postman announced its acquisition of Orbit, the community growth platform for developer companies.
April 11, 2024
Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.
April 11, 2024
Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.
April 11, 2024
Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.
April 10, 2024
Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.
April 10, 2024
Buildkite signed a multi-year strategic collaboration agreement (SCA) with Amazon Web Services (AWS), the world's most comprehensive and broadly adopted cloud, to accelerate delivery of cloud-native applications across multiple industries, including digital native, financial services, retail or any enterprise undergoing digital transformation.
April 10, 2024
AppViewX announced new functionality in the AppViewX CERT+ certificate lifecycle management automation product that helps organizations prepare for Google’s proposed 90-day TLS certificate validity policy.
April 09, 2024
Rocket Software is addressing the growing demand for integrated security, compliance, and automation in software development with its latest release of Rocket® DevOps, formerly known as Aldon®.
