New solution enables customers to address security for containers in their DevOps pipeline and deployments across cloud and on-premises environments
NATIONAL HARBOR, Md., – Gartner Security and Risk Management Summit, Booth #609 – June 12, 2017 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced a new solution that extends its single-pane visibility and continuous security to the new and growing virtualization environment of Docker containers, and enables customers to proactively build security into their container deployments and their DevOps processes at any scale.
“OS containers are not inherently unsecure, but are being deployed unsecurely, driven by developers and a need for agility in service development and deployment,” according to Neil MacDonald, VP and Distinguished Analyst, Gartner. “Security and risk management leaders must address container security issues around vulnerabilities, visibility, compromise and compliance.” 
Further extending visibility beyond assets in traditional virtualization environments, Qualys Container Security performs inventory and real-time tracking of changes to containers deployed across on-premises and elastic cloud environments. It also extends vulnerability detection and policy compliance checks to the image registries, containers and hosts. By integrating this solution into their DevOps toolchain, users can identify and remediate risks early in the development cycles to reduce the risk created by open development methods and their inherent sprawl. Qualys’ high-accuracy vulnerability scanning also reduces the pain of clearing false-positives and allows security teams to focus on identifying and remediating actual risks.
Qualys will showcase this new solution during the 2017 Gartner Security and Risk Summit at booth #609.
“Containers are core to the IT fabric powering digital transformation,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Our new solution for containers enables customers on that journey to incorporate 2-second visibility and continuous security as a critical part of their agile development.”
The initial release of Qualys Container Security features:
Discovery, Inventory, and Near-Real Time Tracking of Container Events: Container Security identifies detailed inventory and provides advanced metadata search so users can identify assets based on multiple attributes. Additionally, they can use topology views to visualize container environment assets and their relationships, in order to understand and isolate members impacted by an exposure even when deployed at scale.
Vulnerability Analysis for Image Registries and Containers: Qualys provides high accuracy vulnerability scanning of images, registries and containers in addition to the underlying host operating system. This allows security analysts to rapidly analyze the cause and focus on remediation, rather than spending time clearing false positives, which can be common with ordinary off-the-shelf container vulnerability scanners.
Integration with CI/CD Toolchain using APIs (DevOps flow): Users can integrate vulnerability scanning into their Continuous Integration (CI) and Continuous Development (CD) tool chain using the Qualys API, which offers the complete Qualys Container Security feature set. Qualys’ REST APIs can be integrated into various toolchains, enabling DevOps/DevSecOps teams to analyze container images for known vulnerabilities before they are widely distributed.
New Qualys ‘Container Sensor’: Qualys’ has developed native container support, distributed as a Docker image. Users can download and deploy these sensors directly on their container hosts, add them to the private registries for distribution, or integrate them with orchestration tools for automatic deployment across elastic cloud environments.
Qualys Container Security will be available in beta in Q3 2017.
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
 Gartner, Security Considerations and Best Practices for Securing Containers, Neil MacDonald, November 2016