Qualys Revamps Managed Security Platform with Java Back-End

Qualys overhauled its managed-security service with open-source components and virtualization technologies to launch QualysGuard IT, its second-generation cloud-based managed-security service.

Qualys will be demonstrating the new security and compliance platform during the RSA Conference in San Francisco from Feb. 14 to 18.

The company spent two years completely re-architecting the security-as-a-service platform to run with a Java back-end and open-source technologies, according to Phillipe Courtot, chairman and CEO for Qualys. The new platform uses Apache Solr for clustered data indexing and tagging, and technology from Terracotta and Ehcache for Web-scale application clustering.

The company also implemented a customizable reporting engine using BIRT (Business Intelligence and Reporting Tools), which can output reports in a variety of formats, including CSV, DOC, XLS, PDF, XML and PPT. The Eclipse Foundation maintains the BIRT project.

Despite the extensive modifications under the hood, the changes are entirely transparent to QualysGard customers under the SAAS model, said Courtot.

The new QualysGuard IT is aimed at making it easy for IT managers to spot anomalies and to figure out whether there is a security issue. The simplified user interface targets smaller businesses that are less likely to have an in-house security team but face the same kind of threats as a large enterprise, Qualys said.

The new framework ties together all Qualys IT security and compliance applications, platform services and engines for reporting, collaboration, remediation, risk calculating and alerts along with the security and compliance data collected from the customer, according to Courtot. With the new platform, customers get prioritized job management, modular services to ensure uptime and performance, and dynamic analysis and reporting capabilities, the company said.

Customers can also search across several Qualys data sets, including scan results, asset data, scan profiles, users and vulnerabilities. The revamped user interface has dynamic and interactive interfaces, wizards and new reporting templates to help present scan data in a useful manner, Qualys said.

With more customers moving to the cloud and adopting virtualization, Qualys announced virtualized scanners with the same capabilities as its existing line of hardware-based scanners. These scanners work with the QualysGuard IT platform to collect network data. The virtual scanners will run under VMware, Xen and Hyper-V, and can be managed via a Web interface along with all the data they collect, the company said.

The virtual appliances will be rolled out in multiple phases to support different environments, beginning with a version for Amazon EC2 (Elastic Compute Cloud) in March. Versions for Amazon Virtual Private Cloud and a “consultant version” to run on a laptop via the VMware console will be available in June. An enterprise version for data centers running centralized-management systems such as VMware vSphere will follow in September, Qualys said.

The Amazon EC2 Virtual Scanner will be bundled with the QualysGuard subscription while the other virtual scanner appliances will be priced at $995.

Qualys also announced IronBee, an open-source cloud-based WAF (Web Application Firewall) it is developing as a joint collaboration with Akamai. IronBee examines HTTP traffic to evaluate data and code as they pass through the network to trap attacks such as cross-side scripting and embedded JavaScript, according to the project’s page. IronBee can either block the traffic outright, or modify it to neutralize the threat. Released under the Apache version 2 license, the source code is available from its Github repository.

The team behind IronBee also worked on an earlier open-source WAF project, ModSecurity, Qualys said.