Managing Director, APAC
Q: Qualys has described its recently released File Integrity Monitoring Service and Indicators of Compromise service as “disruptive services.” What makes them disruptive from an enterprise standpoint?
Douglas Browne: Qualys already has a comprehensive offering in the security and compliance space but the added capability is exciting and disruptive for a few reasons. First, Qualys uses our class leading Cloud Agent platform to deliver these new services. The ease of Cloud Agent deployment is unmatched, and the ability to use a single agent for both breach prevention and detection gives CISOs something they have been asking for - the ability to actually remove single-point product agents from their security stack. Secondly, the scale that Qualys brings is unparalleled in the industry, and this allows enterprises to get visibility and control no matter where their assets are: on-premises, in elastic cloud deployments or on endpoints. In this era of digital transformation, a huge differentiator is the ability to consolidate multiple security solutions into one integrated platform thereby reducing complexity and cost.
Q: Qualys earlier this year added a new Secure Operations Center in the APAC region as part of a broader global expansion of its cloud platform. What is driving demand for your services in the APAC region?
Browne: We have had consistent growth over the last few years in the APAC region, where we have benefitted from an ever-increasing maturity in the adoption of enterprise security solutions by both private sector companies and government agencies. The ease of deployment and management, as well as the lower cost of ownership, of our cloud platform’s integrated applications suite has fueled demand for our products in this region. As our business grows in the APAC region, we’ll continue to boost support for our customers, as we did with the new Secure Operations Center (SOC) in Pune, India. Like the other SOCs we opened recently, the one in Pune adds capacity to scan millions of IP addresses at once, allowing us to better serve our customers across Asia, Australia and the Middle East.
Q: Why is it important for Qualys to be at Black Hat Asia 2017?
Browne: Qualys has always delivered scalable, cloud-based security that supports how companies do business today and we feel that being at Black Hat Asia goes quite a long way towards helping companies in APAC achieve their goals of thriving securely as they embark on digital transformation. This event provides the obvious advantage of being able to get time with our clients and prospects to share mutual security experiences and the ability to share some of our insights and new releases that help customers tackle challenges such as the increasing complexity of security in the era of cloud, agile development and devops. One of my favorite things is hearing about different approaches to tackling some of the challenges we as an industry face.
Technical Director, APAC
Tenable Network Security
Regional Director, South Asia
Tenable Network Security
Q: Dick, under the Technology Integration Partner (TIP) program, Tenable is working with multiple technology partners to deliver pre-built integrations for exchanging vulnerability, threat and other data. Why is this important for enterprises? How are your customers benefiting from this?
Dick Bussiere: Tenable understands that our Threat and Vulnerability Management (TVM) solutions are in fact part of a larger customer ecosystem built with components from multiple third-party vendors. Integration with these third parties allows Tenable to interoperate with these ecosystems and by doing so enhances the total value of the solution to the end customer. For example, Tenable’s solutions can consume vulnerability and threat data from third-party sources, then analyse and contextualize this data to give customers the vulnerability and threat data that they need. At the same time, Tenable can export data to other parts of the total ecosystem, for example workflow management, patch management or trouble ticketing systems. Through these integrations, we facilitate the inclusion of a robust TVM solution into existing or planned environments, thus enhancing the customer’s ability to understand and manage their overall threat and vulnerability position.
Q: Malcolm, Nessus Cloud is now a part of the Tenable.io vulnerability management platform. What do you want customers to know about the integration?
Malcolm Rowe: Tenable.io is an expansion of our industry leading Nessus Cloud solution. It’s been rewritten from the ground up using a modern micro-services framework to ensure scalability both horizontally and vertically. Presently, Tenable.io supports vulnerability management and compliance auditing, along with additional modules such as Web Application Scanning and Container security. Customers will be able to pick and choose what they need.
Tenable.io introduces two new licensing concepts. Historically, vulnerability management products have been licensed based on IP address, which in reality does not translate into an “asset”. For example, it is possible to conceptualise an asset, which does not actually have an IP. With Tenable.io, we’ve introduced a novel licensing model that is focussed on assets, not IPs. So, devices that have multiple IPs or dynamic IPs are counted as a single asset, resulting in a fairer and more consistent licensing model.
Second, Tenable.io has an elastic licensing model. This means that a customer can go over their licensed asset count to accommodate resource surges or asset discovery exercises.
Q: Dick, Tenable’s Technology Adoption Profile study from last year showed that managing cyber risk is a top priority for companies in the APAC region but vulnerability management strategies are lagging behind. Why is that the case?
Dick Bussiere: Traditionally companies have focused on what I would call active defences. Examples are fourth-generation firewalls, APT solutions, and so on. Also, included as high priority are application security initiatives, data security initiatives and mechanisms to protect customers’ private data. There is still little emphasis on what I call proactive security.
Vulnerability management solutions have traditionally been focused on compliance and are slowly transitioning to be more concerned with vulnerability assessment and management. The report also indicated that only 22% of the surveyed organisations perform vulnerability assessment on a continuous basis. This is in direct contradiction to the statement that risk management is a top priority.
Organizations need to embrace the concept of proactive security mechanisms. Simply put, if a vulnerability is eliminated then attacks that leverage that vulnerability are rendered impotent. This methodology is equally as effective to blocking an attack as active mechanisms, and in fact in this age of mobility may even be more effective. Implementing this methodology means continuously monitoring your environment to ensure that vulnerable systems are patched quickly, that weak configurations or misconfigurations are removed, and that the network security devices are properly configured.
Q: Malcolm, what is Tenable’s main message for attendees at Black Hat Asia 2017? What do you want them to take away from your presence at the event?
Malcolm Rowe: We want attendees to understand that Tenable’s solutions implement what amounts to a foundational element of an organisations security infrastructure. We want attendees to understand that vulnerability assessment must be performed on a constant basis in order to optimise an organisations security posture and proactively guard against breaches.
That message is resonating and we are seeing more and more organisations understand that VM is a foundation stone of their defence strategy and Tenable is seeing huge traction across APAC. To meet this demand, we continue to make heavy investments into our technical on premise and Cloud platforms, including the recent launch a solution that deals with modern dev-ops environments with Tenable.io for Containers. This allows containers to be analysed for vulnerabilities and malware before deployment, ensuring that containers are secure before they go live.
Finally, we are enhancing our third-party integrations to allow our solutions to be part of our customer’s broader IT and security infrastructures. We have many existing integrations but we’ve also published a well-documented API and SDK to make it easier for our partners and customers to do third-party integrations on their own.