Qualys Cloud Platform
A security and compliance solution for dynamic cloud environments.
| Category | Vulnerability Management |
|---|---|
| This page updated | a month ago |
| Pricing Details | Contact for pricing details. |
| Target Audience | Organizations seeking comprehensive cloud security and compliance solutions. |
The Qualys Cloud Platform addresses the complex challenge of maintaining comprehensive security and compliance in dynamic cloud environments by providing a robust, integrated suite of security services.
At its core, the Qualys Cloud Platform leverages a multi-tenant architecture with n-tiered application servers, ensuring high availability and scalability. It employs strong cryptographic connections (HTTPS with TLSv1.2 and 256-bit ciphers) for secure user interactions. The platform integrates various components, including Cloud Agents, virtual scanner appliances, and API interfaces, to offer real-time vulnerability management, compliance assessment, and threat detection across multiple cloud providers such as AWS, Azure, and GCP.
Key operational considerations include the use of Role-Based Access Control (RBAC) to manage user permissions and the ability to segment accounts along organizational or geographic lines. The platform supports daily and weekly incremental backups, along with monthly full backups, stored off-site in secure facilities to ensure data integrity and disaster recovery capabilities.
Technically, Qualys utilizes continuous scanning methods, including agentless, API-based, and snapshot-based scanning, to identify and classify cloud assets, detect vulnerabilities, and monitor compliance. The platform integrates with cloud providers' security hubs, such as AWS Security Hub and Azure Security Center, to provide unified visibility and enable rapid remediation actions. It also supports container security across the entire lifecycle, from build to deployment, without disrupting CI/CD pipelines.
However, operational limitations include the potential for data replication and recovery time objectives (RTO) variations between different regional platforms, although Qualys has designed its US sites for data replication to reduce RTO and improve recovery point objectives (RPO). Additionally, the platform's performance can be influenced by the scale and complexity of the cloud environment being monitored.