Illumio Partners with Qualys on Security
Illumio, a cloud security specialist, today announced that it can now feed potential vulnerability data discovered by Qualys directly into its application dependency mapping application.
As a provider of a vulnerability scanning service provided via the cloud, Qualys can rapidly identify potential application threats. Illumio can now incorporate that data into its Adaptive Security Platform to provide IT teams with a visual map showing where an organization is most exposed to potential attacks that can then be continually updated in real time, says Illumio CTO PJ Kirner.
“This the first time anyone has brought these two things together,” says Kirner.
Based on the vulnerabilities discovered, Illumio can also automatically generate policy recommendations that can be employed across a microsegmented network, says Kirner.
IT organizations can also make use of Illumio Adaptive Security Platform to prioritize patching. It also provides an East-West Exposure Score that calculates how many workloads might be impacted by a new discovered vulnerability. Illumio also shows in real time which applications are connecting into vulnerable ports as well as highlighting ports that might be turned off because no traffic is being generated.
The biggest challenge IT organizations will face is figuring out where exactly to apply that microsegmentation given all the dependencies that exist between applications, says Kirner.
Most IT organizations are adept when it comes to remediating a vulnerability once its discovered. But it may take months for them to discover vulnerabilities hiding in a portfolio consisting of thousands of applications.
Kirner notes that more organizations may soon find themselves with various compliance mandates requiring the implementation of microsegmentation. The banking industry is already moving in that direction thanks to new compliance mandates created by SWIFT, says Kirner.
Most breaches don’t occur because cybercriminals discover a new exploit. The path of least resistance for cybercriminals is to continue to exploit known vulnerabilities. Because patch management remains a largely manual endeavor, it’s relatively simple for cybercriminals to scan for known vulnerabilities. The tools cybercriminals need to exploit those vulnerabilities are available on the Dark Web for as little at $10.
Microsegmentation, of course, doesn’t prevent cybersecurity breaches. But it does go a long way to minimizing their impact. In fact, as cybersecurity continues to evolve IT organization are not only being measured on how many breaches were prevented, but just as critically how quickly they were able to contain them