Qualys has introduced a new solution that extends its single-pane visibility and continuous security to the new and growing virtualisation environment of Docker containers, and enables customers to proactively build security into their container deployments and their DevOps processes at any scale.
Further extending visibility beyond assets in traditional virtualisation environments, Qualys Container Security performs inventory and real-time tracking of changes to containers deployed across on-premises and elastic cloud environments. It also extends vulnerability detection and policy compliance checks to the image registries, containers and hosts. By integrating this solution into their DevOps toolchain, users can identify and remediate risks early in the development cycles to reduce the risk created by open development methods and their inherent sprawl. Qualys’ high-accuracy vulnerability scanning also reduces the pain of clearing false-positives and allows security teams to focus on identifying and remediating actual risks.
“Containers are core to the IT fabric powering digital transformation,” said Philippe Courtot, chairman and CEO, Qualys. “Our new solution for containers enables customers on that journey to incorporate 2-second visibility and continuous security as a critical part of their agile development.”
The initial release of Qualys Container Security features:
- Container Security identifies detailed inventory and provides advanced metadata search so users can identify assets based on multiple attributes. Additionally, they can use topology views to visualize container environment assets and their relationships, in order to understand and isolate members impacted by an exposure even when deployed at scale.
- Qualys provides high accuracy vulnerability scanning of images, registries and containers in addition to the underlying host operating system. This allows security analysts to rapidly analyse the cause and focus on remediation, rather than spending time clearing false positives, which can be common with ordinary off-the-shelf container vulnerability scanners.
- Users can integrate vulnerability scanning into their Continuous Integration (CI) and Continuous Development (CD) tool chain using the Qualys API, which offers the complete Qualys Container Security feature set. Qualys’ REST APIs can be integrated into various toolchains, enabling DevOps/DevSecOps teams to analyse container images for known vulnerabilities before they are widely distributed.
- Qualys’ has developed native container support, distributed as a Docker image. Users can download and deploy these sensors directly on their container hosts, add them to the private registries for distribution, or integrate them with orchestration tools for automatic deployment across elastic cloud environments.
Qualys Container Security will be available in beta in Q3 2017.