Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Qualys streamlines vulnerability scanning of Amazon cloud instances

Lucian Constantin | Feb. 26, 2013
Qualys launches Amazon AWS API data connectors for QualysGuard

In order to allow the scanning of such machines, Qualys also released the QualysGuard Virtual Scanner Appliance AMI (Amazon Machine Image) on Monday. This is a virtual QualysGuard appliance that can run on one of the customer's instances and can scan other machines through Amazon's internal network.

The scanner appliance is available from the AWS marketplace, but using it also requires a license from Qualys costing US$995 per year. Customers might need to run multiple QualysGuard virtual scanner appliances, one for each of Amazon's availability zones in which they have instances.

The integration with Amazon AWS is only the first step, Kandek said. The architecture of the data connector was built to support other services as well, both internal and external, he said.

For example, it will be able to support other cloud providers, but also private virtual infrastructure like the one controlled with VMware vCenter that raises similar problems of tracking how many virtual machines are running at any given time. The data connector will be able to run on a QualysGuard hardware appliance inside the network and gather inventory data from VMware vCenter and other similar systems in the future, Kandek said.

"The cloud services are growing and our customers are starting to adopt them and have challenges of how to scan such machines," Kandek said. "We have customers that tell us that during some times of the year -- for example, the Christmas season -- they need twice as many machines than they need during the rest of the year. It's simply not efficient to have that many machines in your own data center, because most of the time they would just sit there idling."

"The are also start-up companies that opt for doing everything into the cloud, because it allows them to get their product out faster and only need to pay a monthly fee that is much lower than the cost of building a private data center," Kandek said. These companies will now find it easier to scan their assets for vulnerabilities, he said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.