Qualys has announced it is providing customers with monitoring and assessment for the CIS (Center for Internet Security, Inc.) Microsoft Azure Foundations Benchmark within its Cloud Security Assessment (CSA) Cloud App.
This new automated compliance monitoring and assessment helps security and DevOps teams continuously identify threats caused by misconfigurations, unwarranted access, and non-standard deployments, and provide remediation steps to help manage risks sooner.
The CIS Microsoft Azure Foundations Benchmark provides prescriptive guidance for establishing a secure baseline configuration for assets in Microsoft Azure, and Cloud Security Assessment automates real-time security monitoring against this industry standard, allowing teams to establish and maintain a healthy continuous security posture across their Azure cloud investments.
“By automating assessment of CIS Foundations Benchmark for Microsoft Azure, Cloud Security Assessment gives organizations the ability to scale compliance and manage risk across their Azure deployment,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “The CIS Microsoft Azure Foundations Benchmark provides prescriptive guidance to help establish the foundation level of security for anyone adopting Microsoft Azure Cloud,” said Brig. Gen. USAF (Retired) Steve Spano, CIS President and COO.“Qualys’ support of this CIS Benchmark helps companies automate and scale security across Microsoft Azure.”
The elastic nature of the cloud makes it difficult to track and prioritize threats. With its unified security solution, Qualys provides a 360-degree view of cloud assets’ security posture, which includes cloud host vulnerabilities, compliance requirements and threat intelligence insights, so users can contextually prioritize remediation.
Continuous Security Monitoring: This hardening benchmark for Azure complements an earlier available benchmark for AWS supported by Qualys. Cloud Security Assessment also automates evaluation of regulatory mandates like PCI-DSS, HIPAA, NIST and ISO 27001. Users can check for compliance against the mandates and generate reports to submit to their auditors.
Insight and Threat Prioritization: Complete cloud resource inventory information in CloudView powers simple yet powerful search queries across an asset’s configuration and complex associations to quickly identify the root cause of an incident. To track and understand trends in fast-changing elastic clouds, CloudView provides both a real time and a historical view of the inventory.
Automated Security Throughout the DevOps Pipeline: Qualys Cloud Security Assessment supports REST APIs, providing DevSecOps teams with an up-to-date assessment of potential risks and exposure. The solution can be integrated with Governance, Risk and Compliance, Security Information and Event Management, and ticketing service providers to help InfoSec teams automate processing of threats and remediation.