Qualys TotalCloud 2.10.0 Release Updates
Table of Contents
- New CIS Benchmark Policies
- Automatically Activate GCP Workloads for Vulnerability Scans with GCP Connectors
- Secure AWS Bottlerocket via Snapshot-Based Scan
- OCI Connector Now Generally Available
- Enhanced Inventory and Security Measures
- TruRisk Insights Enhancements
- Mandate Version Upgrade
- Module Pickers Change
- AWS Cloud Detection and Response appliance based on Qualys network passive sensor
- AWS Legacy Tab in Threat Scanner Configuration
- Resources
- Contributors
The Qualys TotalCloud 2.10.0 version introduces new enhancements and modifications to its configuration. This release will be deployed by the last week of May 2024.
New CIS Benchmark Policies
The CIS Benchmarks are a trusted source of best practice controls that are developed through consensus. Qualys, a leading provider of cloud security solutions, is dedicated to offering extensive coverage of the CIS Benchmarks and regularly releases CIS-certified policies in TotalCloud. Qualys also contributes to the development of new benchmarks through the CIS Community, ensuring that the benchmarks stay relevant and up-to-date.
TotalCloud will have new CIS versions in this release.
- CIS Amazon Web Services Foundations Benchmark 3.0.0
- CIS Microsoft Azure Foundations Benchmark 2.1.0
- CIS Oracle Cloud Infrastructure Foundations Benchmark 2.0.0
Automatically Activate GCP Workloads for Vulnerability Scans with GCP Connectors
Qualys has offered support for GCP Cloud Connectors for a while now, allowing users to connect to both GCP projects and GCP organizations. This feature helps with cloud inventory discovery and configuration assessments through CSPM. With the latest update, users can now automatically activate GCP VM Instances for vulnerability scans. This enhancement strengthens CSPM capabilities and improves the security of GCP infrastructure.
The feature will be enabled with Cloud Platform versions 10.26.1 and 3.18.0.
Secure AWS Bottlerocket via Snapshot-Based Scan
Qualys has introduced a new offering that makes it the only vendor solution capable of scanning AWS Bottlerocket instances directly with the Qualys Cloud Agent and snapshot-based agentless scan. This unique and innovative feature allows organizations to manage and mitigate risks at both the host OS and container levels more effectively.
Refer to the blog for more details – Elevating Security: Qualys Unveils First Solution for Scanning AWS Bottlerocket in Amazon EKS and Amazon ECS
OCI Connector Now Generally Available
Qualys has been providing support for OCI Cloud Connectors, which help discover cloud inventory and perform configuration assessments via CSPM. Initially, this feature was only available to customers who requested it. It is now generally available to all customers. Users can now see an option in the Connectors UI and deploy connectors to OCI Cloud to get inventory and perform configuration assessments (CSPM).
Enhanced Inventory and Security Measures
We have broadened AWS inventory to include IAM resources such as IAM Roles, IAM Policies, and VPC Endpoint resources. This expanded inventory allows you to identify elevated risks in your accounts and quickly spot misconfigurations. Users can also search using QQL tokens to pinpoint specific resources such as Admin users, Unused Passwords, Users with no MFA, or a combination of these. In addition, previous IAM users are now accessible under a new region category called “Global”.
TruRisk Insights Enhancements
In this release, we’ve made significant enhancements to TruRisk Insights, including:
- The introduction of Insights for Azure Cloud, offering a unified, prioritized overview of security findings in Azure Cloud.
- The expansion of AWS TruRisk Insights to cover resources such as Serverless functions, RDS, IAM Users, etc.
- The addition of CID numbers to each insight for easier tracking.
Mandate Version Upgrade
TotalCloud now supports NIST CSF v2.0 (NIST Cyber Security Framework)
| Sr. No. | Old Mandate Name/Version | New Mandate Name/Version |
| 1 | NIST Cyber Security Framework (CSF) Version: 1.1 | The NIST Cybersecurity Framework (CSF) Version: 2.0 |
To learn more about the introduction of the updated framework to the Qualys platform at a higher level, please refer to Achieving NIST CSF 2.0 Top Tier Adaptable Status.
Module Pickers Change
All TotalCloud capabilities are now grouped under “Cloud and SaaS Security” in the module picker. This grouping features TotalCloud, Container Security, SaaS Security Posture Management (SSPM, previously known as SaaS Detection and Response), and Qualys Flow. This organization enables easier navigation and management of cloud and SaaS security tools, providing users with a comprehensive overview and control over their security posture directly from a single point of access.
The update will be accessible in the Cloud Platform 10.27 release.
AWS Cloud Detection and Response appliance based on Qualys network passive sensor
AWS CDR threat sensor now integrates with Qualys network passive sensor. With this integration, the CDR appliance now has:
- Management and Control channels that are secure with the Qualys platform’s security standards
- Qualys-approved OS Oracle Linux version 8.0
- Improved di-sectors for network findings
- A FedRAMP-ready appliance
We have provided a new CDR deployment creation page from the Configuration->Threat Scanner page. On this page, users can create a new CDR deployment, download Terraform scripts to deploy a new CDR in their AWS environment, and delete these deployments. The provided registration key must be used while configuring the traffic mirror for these new deployments.
This new Cloud Detection and Response is available with Network Passive Sensor release 3.0.0.
AWS Legacy Tab in Threat Scanner Configuration
We have added a new AWS Legacy tab in the configuration section of Threat Scanner. This tab is read-only and displays all CDR deployments that were created with TotalCloud 2.9 or earlier versions. Starting from TotalCloud 2.10, customers can only deploy CDR from the AWS tab with the release of Network Passive Sensor 3.0.0. Therefore, we recommend that customers switch their old CDR appliances to the new Network Passive Sensor 3.0.0 release CDR appliances.
The AWS legacy tab allows users to view their CDR deployments created with TotalCloud 2.9 or earlier versions and remove them as needed.
Resources
- Learn more about TotalCloud
- Online Help for TotalCloud, Connectors, TotalCloud API User Guide
- How-to Training Videos
- If you have questions, please contact your TAM or Qualys Technical Support.
Contributors
- Naveen Kulshreshtha, Principal SME, Cloud Detection & Response