What better way to learn about cloud security products than to compare them head to head? The Cloud Security Punch-Out series does just that with a standardized lab containing common cloud infrastructure. In this punch-out we’ll be taking a closer look at the Qualys Cloud Platform.
Although Qualys have built some rudimentary posture manager features into the platform, the majority of it is still experienced through the use of agents and network scanners. That means:
Modern cloud-native services are one of the major advantages of public cloud adoption. However, Qualys struggled to support some of the resources, such as EC2, containers and network security services....
To reach total adoption, including DevOps as we shift security left, a cloud security solution must be comprehensive and easy to deploy. However, agents come with tedious deployment issues:
Orca’s platform is deployed in minutes with no agents to install. From that point on, all assets are covered.
The platform is deployed using resource-heavy agents on each resource you wish to monitor.
Orca evaluates alerts using context, which reduces the many down to the few of importance.
Qualys prioritizes alerts exclusively by considering the vulnerability score (CVSS) and without any contextual understanding.
Orca identifies risks deep inside workloads and storage buckets but also widely across the cloud services you consume.
Qualys has support for a limited number of cloud checks but missed several of our key misconfigurations including a wide open S3 bucket.
Orca covers your entire cloud estate including containers on hosts, as part of proprietary orchestration systems, or as part of Kubernetes-based cloud orchestration.
Qualys missed identifying most characteristics of our container and incorrectly attributed some of the observations it did find to the operating system running the container.
“Orca is a great solution for us because we want to give developers the power to be innovative, but need to scan close to real-time without impacting their operations.”
AWS, GCP, Azure
“Anything that impacts development is going to be met with resistance. But with Orca SideScanning there is zero impact on systems. It’s also easy to use.”