Upcoming Self-Protection for Qualys Cloud Agent Windows

Himanshu Kathpal

Last updated on: January 23, 2024

Overview

The Qualys Cloud Agent offers organizations a comprehensive overview of their environment, encompassing both on-premises and cloud infrastructure, via a unified interface. It empowers organizations with vulnerability assessment, risk prioritization, and compliance capabilities. A single & customizable cloud agent delivers features like File Integrity Monitoring (FIM), Endpoint Detection and Response (EDR), and Patching

This agent requires no maintenance, as it automatically updates itself, which further minimizes the attack surface and enhances the overall security posture of your organization Furthermore, it continues to expand its application to a growing number of use cases each year.

As a cloud agent handles highly critical security data and then backhauls to the Qualys platform, it is essential to ensure the integrity and resilience of the cloud agent. With Self Protection, companies or admin teams don’t require any uninstallation or disablement of Cloud Agent or working too much with its configuration which eventually will lead to its seamless functioning.

The Benefits of Self-Protection

Introducing Qualys Cloud Agent Self-Protection with Qualys Cloud Agent Windows will provide the following safeguards:

  • Prevent uninstallation of Cloud Agent
  • Prevent Cloud Agent service from being Stopped
  • Prevent tampering with Cloud Agent files or directories with actions like
    • Overwriting
    • Deleting
    • Renaming
    • Modifying
    • Memory Mapping
  • Prevent Cloud Agent driver from getting interfered with
    • Unload driver
    • Detach driver
  • Prevent meddling with Cloud Agent registry keys
    • Overwriting registry key and value
    • Deleting registry key and value
    • Renaming registry key
    • Modifying registry key and value
  • Prevent the debugger from attaching to the Cloud Agent service
  • Prevent user-defined scripts (e.g., script uploaded by Custom Assessment and Remediation and Patch Management) from making changes to the protected areas.

With the feature of Self Protection, successfully achieve the below-listed benefits

  • Cloud Agent operates reliably with a known-good configuration
  • Cloud Agent upgrades successfully
  • Organizational requirements such as ensuring tamper-proofing is in place
  • 3rd party applications that might rely on Cloud Agent-driven patching will continue to work properly

Feature Release date

This feature will be enabled by default in a future release. This feature was first introduced as an opt-in in December 2022 with Qualys Agent Windows 5.0. Users with the CA (Cloud Agent) Manager role have permission to generate the self-protection key to disable the self-protection feature if there is a need to access the agent data and artifacts required for debugging.

Get Started

Enable the self-protection feature today by contacting Qualys Support

Show Comments (1)

Comments

Your email address will not be published. Required fields are marked *