You can't protect what you can't see: reinventing asset management


By Sumedh Thakar, CEO and President, Qualys

You can't secure what you do not know or can't see. Further, you can't protect what you do not understand. From conversations with customers to the recent string of catastrophic cyberattacks, organizations desperately need to establish a comprehensive view of their IT asset infrastructure. But that comprehensive view needs to be specific to the security team, which has a different role than IT teams concerned with inventory, software support and license oversight.

Security teams that rely on asset inventory from their IT counterparts are challenged by a lack of visibility into the security context of their assets. This visibility is critical in prioritizing the overwhelming number of issues security teams are tasked with addressing. Understanding the risk context of every asset helps them decide what requires immediate action, and what can be done incrementally or mitigated with other changes or ignored as too low risk.

But this is much easier said than done. With the pandemic acting as a forcing function for our new hybrid reality, issues with visibility and security risks have been further accentuated. From dispersed workforces to this year's mix of a virtual and in-person Black Hat, having a more robust and up-to-date asset inventory is no longer an option in securing your workforce.

Security teams need monitoring of changes to the security context of their assets. It is critical for them to know when new assets with certain characteristics or risk profiles have been introduced and when existing assets have changed risk. They need automation when they want it, so that action is taken automatically based on the security risk policies they have put in place.

For example, with most of your key information housed in databases, they are a primary target for attackers. Knowing where your databases are and understanding both their health and the health of the servers or virtual machines where they run, is critical to mitigating any gaps and securing your data.

With limited resources on security teams, a new hybrid reality and at times unpredictable IT landscape -- automated tools are required to achieve the scale and scope of managing small, medium and enterprise-scale environments.

This is why Qualys has made a large investment in asset inventory in the last few years, and why our AssetView and Global IT Asset Inventory solutions have gained traction among our customers as a solid asset inventory foundation, all from a unified platform.

At Black Hat, we will highlight our new inventory solution, Qualys CyberSecurity Asset Management (CSAM), which moves the needle further by adding security context to inventory capabilities and allowing organizations to detect the security gaps in their infrastructure and respond to the risk. CyberSecurity Asset Management is asset management reimagined for security teams, focused to identify all systems comprehensively, detect at-risk assets, and respond with appropriate actions to mitigate risk.

Please stop by the Qualys booth #1437 at Black Hat or visit our virtual booth to experience CyberSecurity Asset Management and to learn how you get more security with Qualys.

Sustaining Partners