Cloud Platform
Solutions
Cloud Platform Apps
Customers
Partners
Community
Support
Company
Login
Contact us
Try it

Cloud Security Assessment (CSPM).

Continuously monitor and assess your cloud assets and resources for misconfigurations and non-standard deployments.

Watch video

Next-generation cloud app for unparalleled visibility and continuous security of public cloud infrastructure

CloudView

A free inventory and monitoring service for ALL your Clouds

  • Discover and inventory cloud assets
  • Monitor users, instances, networks, storage, databases and their relationships
Sign up

Highlights

Continuous security monitoring

Qualys Cloud Security Assessment boosts the security of your public clouds by identifying threats caused by misconfigurations, unwarranted access, and non-standard deployments. It automates security monitoring against industry standards, regulatory mandates, and best practices to prevent issues like leaky storage buckets, unrestricted security groups, and long-lived or expired keys.

Insight and threat prioritization

The elastic nature of the cloud makes it difficult to track and prioritize threats. With its unified security solution, Qualys provides a 360-degree view of cloud assets’ security posture, which includes cloud host vulnerabilities, compliance requirements and threat intelligence insights, so users can contextually prioritize remediation.

Easy detection and one-click remediation

With Qualys Cloud Security Assessment, you can quickly find out the root cause of misconfigurations. By crafting simple yet powerful queries, you can search through your complete cloud assessment posture. The results show the security posture of cloud resources and their misconfigurations. With this information, you can also identify similar assets and mitigate issues in a unified way.

Shift-Left your security using Infrastructure as Code assessment

Qualys CloudView IaC assessment analyzes Terraform, AWS CloudFormation, and Azure Resource Manager templates and identifies security misconfigurations of resources and services for public clouds. IaC assessment can be performed throughout the pipeline – on the source code when it is checked into the source code repository, during the integration phase, and before deployment. DevOps teams can assess their security posture earlier in the development cycle, dramatically reducing security risk post-deployment.

Get a complete view of your cloud security posture

Qualys Cloud Security Assessment gives you an “at-a-glance” comprehensive picture of your cloud inventory, the location of assets across global regions, and full visibility into the public cloud security posture of all assets and resources.

  • Single plane of glass view across public cloud providers such as AWS, Azure, and GCP

  • Provides a quick overview of cloud inventory and security posture via dashboards

  • Supports personalized or custom widgets based on queries or on other criteria, such as “Top 10 accounts based on failures” or “Top 10 controls that are failing”

Do continuous security checks

Qualys Cloud Security Assessment runs continuous security checks on your cloud assets and resources. It provides 800+ out-of-the-box security controls across the cloud to identify resource misconfigurations. The data is quickly synchronized for new and updated assets. The analysis provides clear evidence of security and compliance issues and offers remediation methods to mitigate any issues.

  • Provides complete coverage of CIS foundation benchmarks as well as Qualys best practices and architecture checks

  • Offers at-a-glance security overview of your cloud against evaluations, with a breakdown of every control’s security posture and threat inventory

  • Provides complete evidence and clear steps to drive remediation

Continuous Compliance Monitoring

Qualys Cloud Security Assessment supports more than 25 compliance mandates such as PCI DSS, HIPAA, NIST CSF, and GDPR. The report includes a multi-account, multi-region view of compliance requirements. Continuously monitors compliance reports using Dashboard and on-screen reports. Reports can be extracted using APIs and processed in external tools.

Coverage for CIS Benchmarks across cloud providers comprise:

  • CIS Amazon Web Services Foundations Benchmark v1.4.0 - Level 1

  • CIS Amazon Web Services Foundations Benchmark v1.4.0 - Level 2

  • CIS Microsoft Azure Foundations Benchmark v1.3.0, Level 1

  • CIS Microsoft Azure Foundations Benchmark v1.3.0, Level 2

  • CIS Google Cloud Platform Foundation Benchmark v1.2.0, Level 1

  • CIS Google Cloud Platform Foundation Benchmark v1.2.0, Level 2

Prevent Cloud misconfigurations

Qualys Cloud Security Assessment enables you to scan your Infrastructure as Code templates and offers early visibility to misconfigurations in your cloud deployments. We offer REST APIs and CLI for seamless integration with the CI/CD toolchain, providing DevOps teams with real-time assessments of potential cloud misconfigurations so that they can prioritize remediations before deploying into production.

  • Supports Terraform, AWS CloudFormation, and Azure ARM as well as all three major public cloud providers AWS, Azure, and GCP

  • Integration with Git Repositories such as GitHub, Bitbucket, GitLab, and Azure Repo

  • Provides complete evidence and clear steps to drive remediation

One-click Remediation

Qualys Cloud Security Assessment not only detects and evaluates the resources for misconfigurations but also supports over 50 high visibility controls for one-click remediation. One-click remediation allows you to remediate a control misconfiguration on a resource as well as a bulk of resources in a single-click to improve your compliance score.

Powered by the Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

Learn more about the Qualys Cloud Platform

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.

Try it free