Qualys Acquires TotalCloud to Gain No-Code Security Tool
Qualys this week announced it has agreed to acquire TotalCloud, a provider of a no-code platform that will enable cybersecurity teams to orchestrate workflows more easily across the company’s portfolio of cybersecurity offerings. Terms of the deal were not disclosed.
That acquisition comes on the heels of an alliance with Red Hat that enables Qualys tools to now be employed to scan Red Hat Enterprise Linux CoreOS, the operating system that underpins most deployments of the Red Hat OpenShift application development and deployment platform based on Kubernetes.
Shailesh Athalye, senior vice president of product management at Qualys, said the tools from TotalCloud can be employed to invoke a security orchestration, automation and response (SOAR) platform using a set of visual tools that are simple for security teams to employ.
Qualys has been making a case for both an agent that can be deployed on platforms to converge security and IT management as well as sensors that collect data so that it can be shared easily with security applications. The deal with Red Hat extends the reach of those efforts to include an operating system that is widely employed in OpenShift environments since Red Hat acquired CoreOS in 2018. Support for Red Hat Enterprise Linux CoreOS extends Qualys’ ability to provide a consolidated inventory of security issues pertaining to, for example, installed packages and open ports.
Cybersecurity teams can also employ Qualys Global AssetView, available at no charge, to view all their OpenShift clusters including masters, workers and infrastructure nodes. A commercial CyberSecurity Asset Management (CSAM) tool is also available to provide more detailed views of hardware configurations, installed packages and cloud provider metadata when running in the public cloud.
Rather than requiring organizations to acquire separate tools and platforms to secure OpenShift and other platforms based on Kubernetes, Athalye said the goal is to extend the reach of an existing portfolio of Qualys tools into cloud-native computing environments. That approach ultimately reduces costs by enabling organizations to secure existing legacy application environments alongside emerging microservices-based applications constructed using containers.
The no-code tools acquired by Qualys extend those efforts by providing security teams with a programming tool that doesn’t require the ability to write code, added Athalye.
As cybersecurity continues to evolve, it’s clearly developing into a team sport. Developers are slowly embracing DevSecOps best practices to make sure applications are secure before they are deployed in a production environment. However, developers are, after all, only human so mistakes will be made. Most developers are never going to have a tremendous amount of security acumen. Cybersecurity teams are going to need programming tools of their own to secure IT environments made up of a wide range of types of applications at scale.
The biggest imperative, however, is not so much the tools as it is bringing together two very diverse cultures within an organization to better secure software as it is being built as well as when it is deployed. There are, after all, no shortage of tools. It’s just a matter of finding those that developers and cybersecurity teams can agree they will actually use.
