Qualys TotalCloud 2.11.0 Release Updates 

Shrikant Dhanawade

The Qualys TotalCloud 2.11.0 version introduces new enhancements and modifications to its configuration. This release will be deployed by the end of July 2024. 

Cloud Inventory Enhancements 

Cloud Inventory is crucial for users to overcome blind spots in the cloud, especially given its dynamic nature, where resources are constantly being created, modified, and deleted. A comprehensive inventory makes it easier to maintain visibility over all assets, reducing potential security vulnerabilities, misconfigurations, and compliance issues. 

We are excited to announce significant enhancements to TotalCloud inventory, providing comprehensive visibility and management of cloud resources. The updated Cloud Inventory now includes more resources. It ensures that all are assessed against the best global compliance standards supported by Qualys, such as NIST, PCI DSS, HIPAA, GDPR, etc. These updates make TotalCloud a robust and comprehensive tool for effectively managing and securing your cloud deployments. 

Additionally, this change brings exhaustive visibility of identity permissions for AWS-managed policies, enabling informed, prompt decisions. 

TruRisk Insights: The Trend of Critical Resources 

TruRisk Insights presents a unified, prioritized overview of cloud security concerns and identifies the risky combinations to facilitate prioritization.  

The recent update features a revamped trending graph displaying affected resources over the last 24 hours and 7 days and a trend analysis of findings. We have also reorganized the insights to enhance the user experience. 

Auto-tagging cloud assets discovered by events 

TotalCloud discovers cloud instances in the Qualys platform based on cloud events, utilizing cloud-native agentless techniques to initiate scans immediately upon asset discovery.  

In the latest update, this discovery process now includes auto-tagging of assets based on relevant connector configurations. By leveraging Role-Based Access Control (RBAC), the update ensures appropriate visibility for users. This enhancement offers a more reliable and efficient asset tagging process, significantly improving security and compliance by ensuring that assets are promptly and accurately categorized according to organizational policies. 

Connector Enhancements 

Protect Service Account Connector 

Snapshot-based vulnerability scans in AWS and Azure cloud environments rely on service accounts to perform scans effectively. These service accounts, linked through connectors, are crucial for maintaining the security posture by regularly identifying vulnerabilities. However, accidental deletion of these connectors can disrupt the scanning process, posing a risk to cloud security.  

The latest release of TotalCloud includes significant improvements to safeguard service accounts. A key enhancement is the introduction of the “isServiceAccount” search token, which allows users to easily identify and monitor connectors associated with service accounts. This new feature ensures that these critical connectors are protected from accidental deletions, maintaining the integrity and continuity of security operations. 

Expanded AWS Region Support 

As AWS expands its global infrastructure, we are excited to announce support for additional regions in our cloud inventory and Cloud Security Assessments. This enhancement ensures comprehensive coverage and improved security for your assets across more AWS regions, enabling consistent security and compliance practices worldwide. 

Users benefit from enhanced global coverage, localized compliance, optimized performance, and effective security posture. This update allows organizations to leverage AWS’s expanding infrastructure while ensuring all assets are monitored and protected effectively, regardless of their geographic location. 

CDR: AWS Guard Duty Events Integration

CDR enhances threat detection by visualizing real-time findings using traffic, flow logs and activity logs within cloud accounts. With the integration of GuardDuty, CDR expands its capabilities to include AWS activity logs for monitoring S3 Storage, IAM users, and IAM roles. This integration significantly bolsters threat detection across critical cloud resources, promptly identifying and mitigating malicious activities and unauthorized access attempts. 

By integrating GuardDuty’s advanced threat intelligence, CDR provides comprehensive security monitoring beyond traditional workloads, encompassing a broader range of cloud assets. This ensures enhanced threat visibility and enables swift responses to potential security incidents, thereby fortifying the security posture of your entire cloud environment. 

Resources 

Share your Comments

Comments

Your email address will not be published. Required fields are marked *