Interviews | March 8, 2019

Enterprises are Moving from 'Cloud-First' to 'Cloud-Only': PolySwarm, Qualys, Tripwire

Steve Bassi
Founder and CEO


Q1. Your company is based on the premise that the antivirus/anti-malware industry is broken and needs to be fixed. How exactly is it broken and what are the implications for the users and enterprises that depend on products from these vendors?

With new malware being created on a daily basis, it's nearly impossible for antivirus solutions to keep up. Because solutions are incompatible for use together, what you get are gaps in coverage; one vendor might detect but another may not. WannaCry was a perfect example of that. PolySwarm brings together security experts and vendors from around the world contributing to one central platform, but made up of decentralized threat intelligence and scanning engines. PolySwarm uses economic incentives to increase quality and effectiveness of threat identification: Scanning engines in PolySwarm are rewarded for accurate determinations in their fields of expertise.

Q2. How exactly do security vendors and researchers benefit from joining PolySwarm? What's in it for them?

Currently, security vendors use their own telemetry and other factors to continually add detection to their software - but they often miss a portion of threats, existing and emerging. They currently use VirusTotal as the go-to ‘database' to determine whether a suspicious file or artifact is malicious, but it produces a high volume of false positives and lags in response time. With the economic incentivization on PolySwarm, security experts and vendors can be confident on the assertion of malicious files.

Q3. What do you want those attending Black hat Asia 2019 to know about PolySwarm and its mission?

For enterprises and MSSPs, we created a VirusTotal replacement that they can subscribe to and have access for these scanning engines from around the world through a single dashboard. For these security analysts / operators at these large companies that need to detect threats and keep them out of their networks, they benefit from the combined wisdom of detection tools from around the world - rather than the limited protection provided by a single security vendor. For security experts and antivirus companies, they can make money for correctly detecting threats while improving their own products.

Deepak Balakrishna
CTO SaaS Security


Q1. How will Qualys' recent acquisition of Adya benefit enterprise customers? When do you expect the integration of Adya's technology with Qualys' cloud platform to be completed?

As enterprises rapidly move to SaaS applications - GSuite, O365, Slack, etc. - to power their businesses, their IT teams are confronted with several problems related to managing and securing these cloud applications. First, each new app increases the workload on stressed IT teams to learn yet another tool, that they then have to manage. For example, a new employee joining the company will have to be given access to—or not—a whole host of services and, more importantly, cleanly de-provisioned from these services when they leave the organization. While employed at the org, they will have to be given access on an as needed basis. Rather than learning the native interfaces of all applications to perform these administrative tasks, IT would like to do this centrally - from one tool - and push out the policies once. This will help reduce errors and save time.

Second, as the number of tools grows and the company purchases these potentially expensive SaaS subscriptions—typically paid on a per-month basis—IT loses track of what licenses have been commissioned and which ones are actually being used - and see if there are ways to reclaim unused licenses and save costs.

Lastly, and most importantly, there are many ways by which data can get shared - maliciously or inadvertently - from these SaaS applications and IT has no idea on how critical data is being exposed. In one case, an ex-employee had shared all of the documents he owned with his personal Gmail address before leaving the company. At that same company, a consultant who had worked with the company more than two years previously still had access to over 100,000 documents. The IT team had no idea this was happening.

These are the problems for which Adya was built, and the problems Qualys hopes to help customers fix by incorporating Adya into its cloud platform. Adya provides a single console for IT admins to centrally manage their critical SaaS apps, manage SaaS licenses and secure their data no matter where it is. We expect to roll out the Adya technology as part of the Qualys Cloud Platform in Q3 2019.

Q2. How do you see enterprise demand for cloud services evolving over the next several years? What do you expect will be the biggest changes?

Enterprises are increasingly not just "cloud - first" but "cloud - only". Gartner estimates that, as of 2017, SaaS already accounted for more than 50% of the enterprise software spend and this trend will only increase. By some estimates, even mid-sized companies have more than 16 SaaS applications each. While the number of cloud services is increasing, the size of IT teams is either flat or reducing - so they are being asked to do more with less. Both of these trends - the increase of cloud applications and the decrease in the size of IT teams - will continue into the future. The distributed nature of cloud applications adds a higher burden on IT to secure data and monitor activity even when the applications are no longer on premises.

In this environment, IT requires all the help they can get to efficiently administer, manage costs and secure their burgeoning cloud applications environment.

Q3. What are Qualys' plans at Black Hat Asia 2019?

This year at Black Hat Asia, Qualys will be focused on showcasing to attendees the benefits of a single-pane view of security and compliance across all of infrastructure —including on-premises assets, clouds, containers, remote workforces, applications, APIs, and soon mobile devices— which organizations are adopting as they embark on Digital Transformation. We encourage attendees to come to our booth and see demos of solutions which provide visibility and control for monitoring, compliance and protection across the entire application lifecycle regardless of how they are built and bundled, as well as for the different infrastructure stacks on which they are deployed.

Qualys presence at Black Hat Asia ensures that enterprises have the opportunity to understand that don't have to compromise visibility and protection while adopting these new paradigms by providing solutions that are native to them, and which deliver visibility, accuracy, scale, immediacy and transparent orchestration of security.

Rodrick Musser
Senior Product Manager


Q1. What are some of the biggest vulnerability management challenges that organizations face currently?

Organizations are overwhelmed with vulnerability scanning results, and it's difficult to know where to start remediation efforts. Meaningful and actionable prioritization or results is a big challenge for all VM programs. Related to prioritization is the challenge of the accuracy of results. Chasing false positives is a waste of everyone's time, and it can be difficult to determine how a vulnerability scanner actually detected a condition. Of course, new technologies like cloud and containers present additional challenges.

Q2. How have enterprise incident response capabilities evolved in recent years? What have been the biggest drivers of the change?

Enterprise incident response has evolved and continues to do so. The biggest driver for change in incident response is the change in the threat landscape. As attackers' tools and techniques evolve, so must enterprises' ability to respond and investigate. At the core of incident response is visibility, and fundamental security controls like change detection, vulnerability assessment, and log management continue to be the cornerstone of that visibility. If you can't tell what's changed in your environment, you simply can't determine what an attacker has done.

Q3. What are Tripwire's plans at Black Hat Asia 2019? What is your organization's main focus at the event?

Tripwire is looking to help guide large enterprises to secure their IT asset base in today's ever-changing threat landscape. With solutions across file integrity monitoring, vulnerability management and incident response Tripwire can provide a holistic approach to securing complex both on premise and hybrid cloud environments. Our main focus at this event is to provide advice and recommendations to enterprises as we help them navigate the threat landscape both cost effectively and from a regulatory standpoint.

Sustaining Partners