Qualys, Inc. provider of cloud-based security and compliance solutions, has announced a new solution that extends its single-pane visibility and continuous security to the new and growing virtualisation environment of Docker containers, and enables customers to proactively build security into their container deployments and their DevOps processes at any scale.
"OS containers are not inherently unsecure, but are being deployed unsecurely, driven by developers and a need for agility in service development and deployment," according to Neil MacDonald, VP and Distinguished Analyst, Gartner. "Security and risk management leaders must address container security issues around vulnerabilities, visibility, compromise and compliance."
Further extending visibility beyond assets in traditional virtualization environments, Qualys Container Security performs inventory and real-time tracking of changes to containers deployed across on-premises and elastic cloud environments. It also extends vulnerability detection and policy compliance checks to the image registries, containers and hosts. By integrating this solution into their DevOps toolchain, users can identify and remediate risks early in the development cycles to reduce the risk created by open development methods and their inherent sprawl. Qualys' high-accuracy vulnerability scanning also reduces the pain of clearing false-positives and allows security teams to focus on identifying and remediating actual risks.
"Containers are core to the IT fabric powering digital transformation," said Philippe Courtot, chairman and CEO, Qualys, Inc. "Our new solution for containers enables customers on that journey to incorporate 2-second visibility and continuous security as a critical part of their agile development."
The initial release of Qualys Container Security features:
- Discovery, Inventory, and Near-Real Time Tracking of Container Events:
Container Security identifies detailed inventory and provides advanced metadata search so users can identify assets based on multiple attributes. Additionally, they can use topology views to visualize container environment assets and their relationships, in order to understand and isolate members impacted by an exposure even when deployed at scale.
- Vulnerability Analysis for Image Registries and Containers:
Qualys provides high accuracy vulnerability scanning of images, registries and containers in addition to the underlying host operating system. This allows security analysts to rapidly analyse the cause and focus on remediation, rather than spending time clearing false positives, which can be common with ordinary off-the-shelf container vulnerability scanners.
- Integration with CI/CD Toolchain using APIs (DevOps flow):
Users can integrate vulnerability scanning into their Continuous Integration (CI) and Continuous Development (CD) tool chain using the Qualys API, which offers the complete Qualys Container Security feature set. Qualys' REST APIs can be integrated into various toolchains, enabling DevOps/DevSecOps teams to analyze container images for known vulnerabilities before they are widely distributed.
- New Qualys 'Container Sensor':
Qualys' has developed native container support, distributed as a Docker image. Users can download and deploy these sensors directly on their container hosts, add them to the private registries for distribution, or integrate them with orchestration tools for automatic deployment across elastic cloud environments.