Cloud Platform
Support
Contact us

CloudView - Cloud Security Assessment (CSA).

Use CloudView, our Cloud Security Posture Management (CSPM) solution, to continuously monitor and assess your cloud assets and resources for misconfigurations and non-standard deployments.

Next-generation cloud app for unparalleled visibility and continuous security of public cloud infrastructure

CloudView

A free inventory and monitoring service for ALL your Clouds

  • Discover and inventory cloud assets
  • Monitor users, instances, networks, storage, databases and their relationships

Highlights

Continuous security monitoring

Qualys Cloud Security Assessment boosts the security of your public clouds by identifying threats caused by misconfigurations, unwarranted access, and non-standard deployments. It automates security monitoring against industry standards, regulatory mandates, and best practices to prevent issues like leaky storage buckets, unrestricted security groups, and long-lived or expired keys.

Insight and threat prioritization

The elastic nature of the cloud makes it difficult to track and prioritize threats. With its unified security solution, Qualys provides a 360-degree view of cloud assets’ security posture, which includes cloud host vulnerabilities, compliance requirements and threat intelligence insights, so users can contextually prioritize remediation.

100s of out-of-box security controls, plus custom controls and remediation

Qualys Cloud Security Assessment covers a wide range of security controls. Using Qualys Flow, you can create custom controls and remediations using its no-code workflow interface in a matter of minutes, simply by dragging and dropping nodes that define a range of common actions in Qualys as well as public clouds such as AWS and Azure.

Shift-Left your security using Infrastructure as Code assessment

Qualys CloudView IaC assessment analyzes Terraform, AWS CloudFormation, and Azure Resource Manager templates and identifies security misconfigurations of resources and services for public clouds. IaC assessment can be performed throughout the pipeline – on the source code when it is checked into the source code repository, during the integration phase, and before deployment. DevOps teams can assess their security posture earlier in the development cycle, dramatically reducing security risk post-deployment.

Get a complete view of your cloud security posture

Qualys Cloud Security Assessment gives you an “at-a-glance” comprehensive picture of your cloud inventory, the location of assets across global regions, and full visibility into the public cloud security posture of all assets and resources.

  • Single plane of glass view across public cloud providers such as AWS, Azure, and GCP

  • Provides a quick overview of cloud inventory and security posture via dashboards

  • Supports personalized or custom widgets based on queries or on other criteria, such as “Top 10 accounts based on failures” or “Top 10 controls that are failing”

Do continuous security checks

Qualys Cloud Security Assessment runs continuous security checks on your cloud assets and resources. It provides 800+ out-of-the-box security controls across the cloud to identify resource misconfigurations. The data is quickly synchronized for new and updated assets. The analysis provides clear evidence of security and compliance issues and offers remediation methods to mitigate any issues.

  • Provides complete coverage of CIS foundation benchmarks as well as Qualys best practices and architecture checks

  • Offers at-a-glance security overview of your cloud against evaluations, with a breakdown of every control’s security posture and threat inventory

  • Provides complete evidence and clear steps to drive remediation

Continuous Compliance Monitoring

Qualys Cloud Security Assessment supports more than 30 compliance mandates such as PCI DSS, HIPAA, NIST CSF, and GDPR. The report includes a multi-account, multi-region view of compliance requirements. Continuously monitors compliance reports using Dashboard and on-screen reports. Reports can be extracted using APIs and processed in external tools.

Coverage for CIS Benchmarks across cloud providers comprise:

  • CIS Amazon Web Services Foundations Benchmark v1.4.0 - Level 1

  • CIS Amazon Web Services Foundations Benchmark v1.4.0 - Level 2

  • CIS Microsoft Azure Foundations Benchmark v1.3.0, Level 1

  • CIS Microsoft Azure Foundations Benchmark v1.3.0, Level 2

  • CIS Google Cloud Platform Foundation Benchmark v1.2.0, Level 1

  • CIS Google Cloud Platform Foundation Benchmark v1.2.0, Level 2

No code automation

Qualys Cloud Security Assessment integrates with Qualys Flow. Qualys Flow is a no-code automated workflow creation capability that allows you to build workflows, known as QFlows. It provides end-to-end orchestration of detection and remediation processes within the Qualys Cloud Platform as well as from your cloud infrastructure such as AWS. Qualys Flow visualizes the logical flow of events, data, and actions in the form of nodes, each of which delivers a specific function in the detection, analysis, or remediation chain. QFlows can be created directly in the UI by dragging and dropping nodes and configuring them as needed.

With Qualys Flow, you can build workflows for various use-cases such as custom cloud inventory, security controls, and remediations.

Prevent Cloud misconfigurations

Qualys Cloud Security Assessment enables you to scan your Infrastructure as Code templates and offers early visibility to misconfigurations in your cloud deployments. We offer REST APIs and CLI for seamless integration with the CI/CD toolchain, providing DevOps teams with real-time assessments of potential cloud misconfigurations so that they can prioritize remediations before deploying into production.

  • Supports Terraform, AWS CloudFormation, and Azure ARM as well as all three major public cloud providers AWS, Azure, and GCP

  • Integration with Git Repositories such as GitHub, Bitbucket, GitLab, and Azure Repo

  • Integration with CICD such as Azure DevOps, Jenkins

  • Integration with IDE such as Visual Studio Code

  • Provides complete evidence and clear steps to drive remediation

One-click Remediation

Qualys Cloud Security Assessment not only detects and evaluates the resources for misconfigurations but also supports over 50 high visibility controls for one-click remediation. One-click remediation allows you to remediate a control misconfiguration on a resource as well as a bulk of resources in a single-click to improve your compliance score.

Powered by Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.