Vulnerability assessment and management (VAM)

Discover security and compliance issues and confirm they are resolved.

Businesses need real-time visibility into instances to reduce their attack surface and comply with security policies.

A continuous VAM solution allows businesses to identify and manage security in a dynamic environment. VAMs assess Amazon Machine Images (AMIs) to ensure they are hardened, and then monitor instances’ security and compliance posture from launch to termination.  

Vulnerability Assessment

Solutions

Qualys

The Qualys Vulnerability Management offers continuous security and compliance visibility for the AWS environments. With sensors built to seamlessly deploy and dynamically scale, Qualys works with the agile and elastic nature of cloud workloads.

After performing an initial comprehensive assessment of the IT, security, and compliance posture of your AMIs, agents deployed on all launched instances report changes as soon as they are detected. This allows businesses to quickly detect issues, terminate the instances, and redeploy from a hardened AMI to maintain good hygiene of the operational instances. With flexible deployment models that can leverage virtual scanners, Cloud agents or both, Qualys can work with a business' architecture to deliver security and compliance assurance.

Qualys’ interactive portal and dashboards allow teams to quickly prioritize efforts and drive down vulnerability and compliance configuration issues. Customers can also consume findings and insights from Qualys’ Vulnerability Management and Policy Compliance in AWS Security Hub.

Here are the steps involved:

  1. Deploy a Qualys Amazon Elastic Compute Cloud (Amazon EC2) Connector to discover assets and continuously track changes in assets to guide scope of assessments.
  2. Identify vulnerabilities and compliance configuration issues on instances using a virtual Qualys scanner in a development environment.
  3. Use Qualys guidance to patch vulnerabilities and resolve configuration issues, and then re-assess with the virtual scanner.
  4. Create a hardened AMI and include Qualys Cloud Agent.
  5. Qualys Cloud Agent continuously provides monitoring of new vulnerabilities or configuration issues introduced in live environments.
Gemalto

*Hover on the image for a maximized view.

Gemalto
Ancestry

Ancestry uses Qualys to assess instances in AWS and drive significant risk reduction

Ancestry, a global leader in family history and consumer genomics, migrated their workloads to AWS to take advantage of development agility, elasticity to support their growth, business cyclicality, reliability, and availability. Ancestry deploys environments using AMI’s and Cloud Formation templates and uses Qualys’ Vulnerability Management and Policy Compliance applications to identify AMI vulnerabilities and configuration issues so the AMI’s can be hardened before new instances are launched.

Ancestry also deploys Qualys in production to assess instances, and when issues are identified, terminates vulnerable instances and redeploys them from hardened AMI’s. After deploying Qualys, Ancestry has reduced the vulnerabilities in their environments by over 80% and have effectively eliminated externally accessible high and critical vulnerabilities from their AWS environments.

Leader at Ancestry - quote

Qualys delivers our vulnerability management infrastructure as a service, so we do not have to invest in operating that ourselves. We are able to devote our time to remediating vulnerabilities and managing our risk, leaving the identification of vulnerabilities and configuration issues to Qualys. The platform's ability to expand and contract with our environments gave us confidence that we had full visibility at all times, and their interactive dashboards allowed us to track our results across teams to achieve significant improvements in our instances’ security and compliance posture.

- Leader at Ancestry
AWS Marketplace

AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.

Have questions? Have tips?

We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.

Have questions? Have tips?

We're here to help you get started with AWS Marketplace. Ask for or give advice on the AWS Marketplace discussion forum.