Qualys Security Conference 2022: Corralling horses in an expanding edge rodeo
Edge is an asset. More specifically, an edge computing estate is composed of a variety of digital assets that work in a strategically located and variously distributed set of locations to provide data streams from which we typically extract intelligence and insight.
This above statement is completely valid, but it is an arguably somewhat utopian scenario, not always reflected by the occasionally haphazard nature of real world edge deployments. When new devices, machines, network joins and external connections enter an edge estate, pinning down operational control of system assets can look like a badly organized rodeo or stampede.
Preventing endpoint pandemonium
If there is potential endpoint pandemonium out there, then how do we control edge assets from an operational health and safety perspective? Even in environments where remote controls do exist, it’s typically pretty tough to install software agents to perform tracking and reporting services on edge devices as some kind of afterthought.
SEE: Don’t curb your enthusiasm: Trends and challenges in edge computing (TechRepublic)
Cloud-based IT, security and compliance solutions company Qualys used the final leg of its multi-city Qualys Security Conference series to welcome software engineers, partners and customers to Las Vegas this November 2022 to discuss this issue and others. How exactly should we corral the horses in this new Wild West?
Directly into product specifics, Qualys highlights its Network Passive Sensor service, a technology layer designed to examine network traffic and detect what’s on the network that needs to be secured in order to eliminate blind spots. This could be anything from a Raspberry Pi to bigger assets that you have to keep protected like industrial control systems or air conditioning systems.
“Network Passive Sensor monitors network activity without any active probing of devices in order to detect active assets in a network,” Qualys said. “Qualys PS continuously monitors all network traffic and flags any asset activity. It identifies and profiles devices the moment they connect to the network, including those difficult to scan, corporate-owned, brought by employees and rogue devices.”
The asset metadata is sent immediately to the Qualys Cloud Platform for centralized analysis. This is where we can use the expression “continuous inventory enhancement,” because Qualys PS enriches existing asset inventory with additional details, such as recent open ports, a traffic summary, and information relating to network services and applications in use.
The company’s Network Scanner and Cloud Agent products complement Qualys PS by identifying assets that for different reasons can’t be actively scanned or monitored with agents. This is often the case with assets like industrial equipment, IoT and medical devices.
The Network Passive Sensor is placed inside a network and takes snapshots of the data flowing over the network. It extracts metadata from these snapshots and sends them to the Qualys Cloud Platform for analysis. This allows the customer to catalog the assets by operating system as well as by hardware. All assets discovered by the Network Passive Sensor are reported to Qualys Asset Inventory, where the edge security team can view information about them.
A federal and international imperative
The U.S. Cybersecurity and Infrastructure Security Agency has a list of operational technology system assets and vulnerabilities that companies should update. According to Qualys specialist engineers speaking in Nevada this winter, this area of the market is about a decade behind where the wider IT sector is — and it has to catch up quickly.
Getting security to the edge is not just about visibility but also about putting updates and mitigations in place to get a faster set of processes going. This is not plug-and-play technology — at the risk of diverting away from our already chosen horse-stampede analogies — this is precision engineering and open-heart surgery all wrapped up into one.
Getting the whole edge environment up to the same speed as an organization’s base IT stack and cloud deployment instances is essential, especially as more assets at the edge get connected and used in business.
Uninventoried external attack surface
Looking at how edge and other devices widen the field in which organizations must now fight their way through to secure, the company used its Las Vegas convention to highlight Qualys CyberSecurity Asset Management. Now at its version 2.0 iteration release, CSAM discovers risks across edge estates and throughout on-premises device deployments.
“The attack surface is expanding at an exponential rate, providing attackers with new targets,” notes the Qualys QSC attendee welcome literature at this year’s event. “More than 30% of all on-premises and cloud assets and services are not inventoried. CSAM is a cloud service that allows organizations to continuously discover, classify, remediate and measurably improve their cybersecurity posture for internal and external assets before attackers can.”
Using the term continuous continuously, the company has aimed to underline the always-on nature of cloud and the edge devices and networks that traverse its connections. Slightly too long a phrase to fit on the show T-shirts and bags (they just said continuous security), the promise from Qualys is a chance to “get an outside-in view of all a company’s Internet-facing assets to spot security endpoint blind spots” today.
In his role as Qualys president and CEO, Sumedh Thakar used his appearance at last year’s play of this show to talk about new stacks of technology that will now rise as a result of infrastructure as code — the ability to define infrastructure resources via software at the precise point they are required to tighter specifications. Because of this, the company made IaC security as a core capability in the Qualys CloudView application.
A total cloud, from data center to edge
This year’s QSC event had its own product star. The newly announced TotalCloud service is Qualys’ latest playbook and toolkit to secure a total cloud estate from data center to edge.
Qualys TotalCloud with FlexScan delivers cloud-native vulnerability management detection and response with six sigma via agent and agentless scanning for what the firm insists is “comprehensive coverage” of cloud-native posture management and workload security across multi-cloud and hybrid environments.
Qualys TotalCloud incorporates security into development workflows, enabling them to release secure and reliable code while giving security teams the control and visibility they need to manage risk by reducing their attack exposure and rapidly responding to threats.
“Cloud security is getting very fragmented with too many point solutions, which brings more complexity,” said Thakar. “Our customers want seamless, comprehensive insight into cyber risk across their multi-cloud and non-cloud assets. With our TotalCloud offering, we bring flexible, high-quality cloud-native risk assessment to our customer base as they look to expand into the cloud with Qualys.”
Security teams will have multiple hybrid assessment capabilities to secure the entire cloud attack surface including zero-touch, agent-less, cloud service provider API-based scanning for fast analysis. There is also virtual appliance-based scanning to assess unknown workloads over the network for open ports and remotely exploitable vulnerability detection.
Who let the horses out?
What can we really say has happened here? Our initial stampede analogy was merely meant to suggest that the edge is pushing digital activity further and further away from the on-premises data center, but also to suggest that there’s a danger of some of the horses escaping. This is why Qualys is making device vulnerability detection so diverse and multi-layered.
The introduction of Qualys TotalCloud with FlexScan offers a set of different techniques for scanning cloud-native edge-centric operating system package inventory information, workload-specific metadata and other channels.
Qualys openly states that no single approach or capability is necessarily the best. It depends on the cloud instance type; it depends on the topography of the edge environment; it depends on the size and shape of the on-premises devices estate that a company deploys — and it depends on the size of the horse. Let’s saddle up, and be sure to pack the baked beans.
Are you one of “The Searchers?” If you’re looking for more content on edge computing, have a look at our recent articles about its history, the benefits and the top four best practices.