SaaS Detection and Response provides, from a single interface, continuous visibility, assessment and compliance for SaaS applications
Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of highly innovative cloud-based IT security and compliance solutions, unveiled Qualys SaaS Detection and Response (SaaSDR), a console where security and IT teams can have uninterrupted visibility into critical SaaS apps and ensure its safety and compliance.
Supported by the Qualys Cloud Platform and certified by the Federal Risk and Authorization Management Program (FedRAMP, a US government program that provides a standardized approach to security), Qualys SaaSDR simplifies and automates the process of managing the security, risk and compliance of SaaS applications. The solution automatically catalogs and audits SaaS apps, documents and applications in real time, helping to prevent theft and accidental exposure of sensitive data and provide a deep understanding of the compliance posture of SaaS apps. The initial release offers native support for Google Workspace, Microsoft Office 365, Zoom and Salesforce.
“Qualys SaaSDR helps ImagineX manage the security and compliance of our Microsoft Office 365 and Google Workspace deployments. It provides the security team with visibility and control of critical SaaS apps, all from a single screen, strengthening the security posture of the applications. We also see SaaSDR as a must-have tool to guide our customers on the path to improving SaaS app compliance and to highlight the risks to potential data exposure, ”he said. Tim Salvador, Cybersecurity Practice Director di ImagineX Consulting, LP.
"As applications migrate from on-premises to IaaS and later to SaaS, gray areas develop for security analysts, as traditional security tools don't have the necessary visibility into SaaS application stacks," he said. Frank Dickson, Program VP Security Products di IDC. “The reality of the SaaS shared responsibility model is that the enforcement of security and maintenance in a SaaS context is fundamentally different in that the SOC does not have control over the operating system and application layer. Security, care and management must be applied using an API-centric approach, leveraging data and identity norms. Qualys seeks to provide visibility of SaaS applications to the SOC through frictionless data collection for deeper assessment, supporting CIS policies for Office 365 and Zoom, and leveraging the power of Qualys posture management technology to augment identity and data context. Qualys SaaSDR provides a convenient plug-in solution to assist CISOs in monitoring and managing the data exposure and security compliance of their SaaS applications.”
With Qualys SaaSDR, enterprises have a single solution to manage their SaaS apps, providing:
Visibility of users and devices - Automatic compilation of the inventory of users and user groups (internal and external) who access SaaS apps with indication of the files and folders that users own and can access. It also collects detailed endpoint information - such as data on assets, location, active services, installed software, and more - all from one simple centralized screen.
Effective access control - Complete control over user access permissions and data access rights to quickly review and thoroughly assign the appropriate access levels using a single interface.
Insights into data exposure - Analysis of SaaS applications and third-party apps to immediately identify security vulnerabilities such as incorrect permissions, files at risk, file changes, misconfigurations, critical vulnerabilities and exploits using advanced threat intelligence capabilities.
Safety and compliance posture - Automated and systematic assessments of the security status and configuration of SaaS applications associated with compliance enforcement aligned with industry benchmarks such as O365 via CIS, PCI-DSS and NIST.
Risk assessment - The Qualys Cloud Platform correlates SaaS application information, such as user access rights and data exposure, with additional security telemetry data, such as user location, access time, file changes, vulnerabilities and host configurations, advanced threats and more.
"The substantial investments in our Cloud Platform provide exceptional results in terms of specific context, real-time analytics, visibility and modularity to effectively support threat detection and response solutions such as SaaSDR," said Philippe Courtot, President and CEO of Qualys. “By integrating security into SaaS apps, Qualys SaaSDR's native connectors ensure an unmatched level of transparency, detail and data accuracy, all from a single interface, which customers can rely on to make their apps Safe and compliant SaaS. "
Features expected soon
In the second half of 2021, Qualys plans to add proactive response capabilities to the app, such as data exposure notification and automatic remediation actions, so customers can resolve compliance and exposure issues as well as automatically manage misconfigurations, vulnerabilities and threats with a single click. Qualys will also add support for other solutions such as Slack, GitHub, and Microsoft Teams, along with custom controls to enable targeted safety posture assessments.
Availability and webinar
SaaSDR is available immediately. For an evaluation of the solution, see www.qualys.com/trySaaSDR. For more information, join the webinar Navigating the SaaS Technology Stack for Continuous Visibility and Compliance, expected on March 3.
