Data Protection and Law Compliance in a Cyber Infused World
Qualys was created by CEO Phillippe Courtot in 1999 and was the first organisation to be a SaaS provider. Currently used by more than 9,300 customers in over 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100, the Qualys Cloud Platform performs more than 3 billion IP scans/audits a year, resulting in over 1 trillion security events. In this interview Chief Technical Security Officer Darron Gibbs overviews the different modules that make up the Qualys platform, and explains the logic behind them. Share
Before we begin, can you give me a brief overview of your personal background?
Sure. I have worked in the IT Sec, InfoSec and Cyber world for the last 25 years in various roles and have specialised in the last 8 years in Governance, Regulatory, Risk and Compliance but have experience in Security Operations, security technology deployments within organisations and generally all things security related. I have worked in Media, Telecomms, Maritime Cargo and Financial Services. The first part of my career was spent working for vendors in the mid 1990’s (Aventail, Tivoli and Axent Technologies).
How does the Qualys platform prevent threats from penetrating to an organisation’s database? And how does it handle false positives?
The Qualys Cloud Platform has performed more than 3 billion scans in the past year. Its vulnerability scans, the most difficult type of scan, consistently exceed Six Sigma 99.99966% accuracy, the industry standard for high quality. This level of accuracy creates a foundation for strong security and reliable compliance that enables you to efficiently zero in on potential risks before you get attacked. Qualys automatically tests all vulnerability definitions before they’re deployed, as well as while they’re active, to verify that definitions are up-to-date. In addition, Qualys enables users to flag vulnerability definitions they think need adjusting. Such requests are immediately investigated by Qualys’ worldwide team of engineers and are typically resolved in less than 72 hours — often even within the same day.
Your website states that the Qualys Cloud Platform can lower the cost of compliance with privacy and security regulations. What makes these regulations so problematic and how does Qualys solve these problems?
Qualys Policy Compliance (PC) has a 3-step approach to solve an organisations compliance problems. By automating the policy or standards evaluation of assets and providing this information in real time, organisations can react quicker and ensure that they remain in compliance at all times.
How do you define policies and specify controls?
With PC, you can leverage out of the box library content to fast-track your compliance assessments using industry-recommended best practices such as CIS Benchmarks, or you can customize your control requirements by setting hardening configuration requirements to suite your unique business and compliance needs.
By automating the evaluation of requirements against multiple standards for operating systems, network devices and applications, PC lets you identify issues quickly and prevent configuration drift. With PC, you can prioritise and track remediation and exceptions, demonstrating a repeatable auditable process for compliance management focused on the most critical issues first.
PC lets you customize and deliver comprehensive reports to document progress for IT staffers, business executives, risk managers and auditors. With Mandate-based reporting you can easily see how you compare against requirements in a variety of overlapping regulatory or industry required control objectives.
What are some of your most commonly detected threats? Have you identified any behavioural patterns to beware of?
Qualys IOC continuously monitors endpoint activity to detect suspicious activity that may indicate the presence of known malware, unknown variants, and threat actor activity on devices both on and off the network. Qualys IOC integrates endpoint detection, behavioural malware analysis, and threat hunting techniques that incorporate a continuous view of an asset’s vulnerability posture along with suspicious activity monitoring. Indicators of Compromise offers:
• Continuous event collection using the Cloud Agent’s non-intrusive data collection and delta processing techniques to transparently capture endpoint activity information from assets on and off the network, in a way that is more performant than other solutions’ query-based approaches or distributed data collectors.
• Analysis, hunting, and threat indicator processing is performed in the cloud on billions of active and past endpoint events. Those results are then coupled with threat intelligence data from Qualys Malware Labs and third-party threat intelligence sources to identify malware infections (indicators of compromise) and threat actor actions (indicators of activity).
• Actionable intelligence scored alerts are displayed in the Qualys platform’s web-based user interface with contextual asset tags to help security teams prioritise responses for critical business systems.
How do you summarise the last 5 years in the Cyber/IT security industry, And what new trends can we expect to see in the future?
In the last 5 years organisations have been fighting trends the Cybercrime boom, such as spear phishing, whaling and ransomware. As a result of these successful attacks against organisations, the public sharing of breaches has grown. Breach notifications have been very public (Yahoo, TalkTalk, LinkedIn, JP Morgan, eBay, Sony etc) and the volume of records that have been stolen or lost is massive, in the hundreds of millions. This has resulted in the price of stolen identities to decrease to approx. $15 a record. The profile has been raised as a result of Cyber and more organisations have Cyber listed as one of their Top 5 risks in their annual reports.
In the immediate future, the EU GDPR will be a focus for all organisations that process personally identifiable information (PII). Finding all PII data within your organisation and supply chain is important, as the fines will be the same for data controllers and processors. Finding your data within the organisation will be a lengthy process and needs to be started sooner rather than later. GDPR will influence breach notification rules as regional EU information commissioner offices can demand differing notification rules. Organisations will need to test their incident management processes to ensure they take into account different EU member requirements.
Pressure from Investors rather than Boards will raise the Cyber profile even further; investors will be demanding more from their Boards and organisations will need to provide regular updates on Cyber activities and what is being done to prevent and protect the organisation. As the threat of potential regulatory fines increases, Investors and Boards will apply additional pressure on organisations, to ensure appropriate investment in Cyber Protection, including insurance as a mitigating control.