Privileged Access Management and Vulnerability Systems: Qualys and WALLIX
Complexity is the enemy of cybersecurity. Yet, it can’t be avoided. Even a relatively small organization will have multiple people operating and administering multiple IT assets while fending off multiple threats. Any problem is basically a problem cubed. How do you keep things secure in that environment?
No single security solution can do it all. What cybersecurity professionals have come to realize is that combinations of security tools offer the best defense in depth against today’s frightening array of threats. For instance, PAM is often combined with SIEM systems such as Splunk or authentication managers like RSA.
This article looks at another extremely helpful integration: Privileged Access Management (PAM) and vulnerability systems in general and specifically how WALLIX integrates with Qualys.
What Is a Vulnerability System?
Every asset under the IT department’s control is vulnerable in some way. Sometimes, those vulnerabilities are built-in security flaws that are revealed only when someone clever figures out how to exploit them, e.g. a previously hidden way to gain root access to a Windows Server. Other times, a user will carelessly or deliberately expose a vulnerability by leaving a port open on a firewall, for example. System updates can also accidentally expose new vulnerabilities.
Given that any vulnerability can lead to a security incident, cybersecurity teams now employ vulnerability systems to detect weaknesses in the overall IT ecosystem so they can be remediated quickly. Qualys, for example, offers security managers the ability to discover rogue devices and web applications. It can verify that systems have implemented required controls such as password enforcement and data access policies. Or, Qualys can be set up to test system configurations against golden images or baseline standards such as United States Government Configuration Baseline (USGCB). From these types of processes, Qualys can automatically identify, tag and organize assets, dynamically selecting them for scanning or reporting.
Qualys then enables security teams to track vulnerabilities. The system helps administrators prioritize their remediation. It also centralizes the collection of assessment evidence files. It is then able to feed actionable security data to SIEM, governance solutions, firewalls, and so forth.
Finally, Qualys can identify needed patches. It then continuously scans for further vulnerability. To interactively view security posture throughout the network, Qualys automates procedural questionnaires for employees, vendors and partners.
PAM and Vulnerability Systems
Impressive as great vulnerability tools like Qualys may be, they are even more effective when complemented by a privileged access management solution. PAM involves using tools and practices to keep an organization safe from accidental or deliberate misuse of privileged access. PAM solutions offer secure, streamlined ways to authorize and monitor all privileged users for all relevant systems. PAM grants and revokes access privileges, even across heterogeneous systems. PAM creates an unalterable audit trail for any privileged operation.
PAM completes the vulnerability system’s flagging of vulnerabilities — it provides answers to the all-important questions that arise when a vulnerability is discovered:
- Who is responsible for the problem?
- Who will fix it?
- If there is an incident, what happened, by whom, when, and how?
Working together, a PAM solution and vulnerability system equal more than the sum of their respective parts. If a vulnerability system discovers a vulnerability on a perimeter server, for example, PAM is able to report on the activities of privileged users who may have caused the vulnerability. The PAM solution may also be able to show, in a detailed session report, exactly what was done to cause the vulnerability.
Consider this scenario: A privileged user might accidentally expose a vulnerability in a perimeter device. Alternatively, a malicious actor could impersonate a privileged user and deliberately expose a vulnerability. The vulnerability system detects the vulnerability. The PAM solution identifies who did it and what happened. Once a privileged user remediates the vulnerability, the PAM solution can provide the vulnerability solution with an auditable confirmation of the remediation session.
If all of this happens quickly enough—not only is a breach avoided— but it’s quite possible that the team is able to identify the careless actor that caused the vulnerability and/or the bad actor that tried to exploit it.
Qualys and WALLIX Integration
WALLIX and Qualys offer an easy no nonsense integration to create a highly complementary combined PAM and vulnerability detection solution.
- WALLIX combines outstanding PAM capabilities with unique ease of installation and use.
- WALLIX is lightweight, and provides a pervasive, sustainable PAM that works well with Qualys.
- Qualys and WALLIX both span cloud and on-premises system deployments.
With the combined capabilities of WALLIX and Qualys, cybersecurity teams can confidently monitor and repair vulnerabilities across the entire IT environment.
If you’d like to see a demo or understand more about how Qualys and WALLIX integrate and complement one another, visit the alliance page.