Intelligent CIO North America Issue 8 - Page 42

With such a siloed and fragmented toolset , visibility into the IT environment narrows , tasks can ’ t be automated , false positives abound , and security teams struggle to detect and respond quickly to threats .
Courtot says the traditional best of breed point solutions do not cut it anymore . The main reason for this , he says , is because they are siloed solutions .

THERE ’ S A SIGNIFICANT PRESSURE ON US TO ESSENTIALLY MIGRATE TO THE CLOUD , WHETHER WE LIKE IT OR NOT . and ideally you want to have them , maybe not all of them , but actually as much as you can , natively build in that same cloud-based platform .

“ We always believed since the very beginning , since when we created Qualys , that if you could bring all the telemetry into one place , then you could essentially correlate , analyze that information .”
Adopting an open cloud platform
With the resistance to cloud migration melting away , companies need to use these new technologies to become more competitive . “ So there ’ s a significant pressure on us to essentially migrate to the cloud , whether we like it or not ,” said Courtot .
“ Now in that migration , we need to be very careful of not falling into the same trap that we ’ ve been falling into before . Yes , best of breed is still very important for the elimination of the false positives , but if we select
“ They don ’ t speak with each other and it ’ s very difficult ,” he said . “ None of them is giving us , of course , the visibility that we need .
“ We also know that for the same reasons , our response is far too slow in a new world where everything is connected with everything at Internet speeds . And it ’ s also very difficult and hard to automate .”
With the difficulties of having visibility across hybrid environments , Courtot says : “ We simply , as we all know , cannot secure what we do not know or see .”
He stresses the difficulty of always having an up-to-date global IT asset inventory to provide greater visibility .
“ So we need not only to assess the security and posture of any device that connects to the network and we need to know that before they connect or at the time they connect ,” he said .
“ That cannot be done manually . So all of that needs , again , to be automated .
“ Building such a global IT asset inventory that is always up to date , that we can call the cartography of your enterprise and ensuring that we capture anything that connects with the network is really the cornerstone of a new security model . We need to build or rethink our security with that in mind .
“ We need to think about out of the box integration , building them at Internet scale with real time in mind ,
42 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com