Vulnerability management is a critical part of an organization’s security and compliance strategy. Security flaws are constantly being discovered and fixed by vendors, making it hard for organizations to keep up with security patches. Meanwhile, missing security updates are easy targets for attackers and can compromise the security of the entire network.
Traditional network based scanners are available in the Azure Marketplace and successfully used by customers for vulnerability assessment. Nevertheless, many Azure customers are looking for continuous agent based solutions for the following reasons:
- Cloud environments tend to be more dynamic. Virtual Machines (VMs) are being spun up and down frequently, making it more difficult for a scheduled scan to cover all assets.
- Network based scanners require a user account on target virtual machines in order to provide full insight. In many cases, however, customers lack the ability to centrally manage such accounts in the cloud.
- When resources are spread across different virtual networks, multiple network based scanners are required to get access to all virtual machines.
As announced at the end of September, Azure Security Center now offers integrated vulnerability assessment with Qualys cloud agents (preview) as part of the Virtual Machine recommendations. If a Virtual Machine does not have an integrated vulnerability assessment solution already deployed, Security Center recommends that it be installed. The solution can be deployed to multiple VMs at one time, and the ability to automatically deploy on new VMs as they are created, will be added soon. Once deployed, the Qualys agent will start reporting vulnerability data to the Qualys management platform, which in turn provides vulnerability and health monitoring data back to Security Center. Users can quickly identify vulnerable VMs from the Security Center dashboard. Additional reports and information are available in the Qualys management console, which is linked directly from Security Center.
To get started, simply follow the “Add a vulnerability assessment solution” recommendation in Azure Security Center as shown in this article. You can also watch this short video on channel 9. If you don’t have yet a Qualys subscription, you can enable a free trial, in just a few clicks. Once the trial is over, the Qualys agent would stop reporting vulnerabilities and can be easily removed from the Security Center dashboard without any impact to the VM.
Interested in learning more on Azure Security Center and its partner ecosystem integration?
- Top 4 reasons for using Azure Security Center for partner security solutions
- Managing security recommendations in Azure Security Center
- Monitoring partner solutions with Azure Security Center
- Integrating Security Center alerts with Azure log integration (Preview)
- Security Resource Provider REST API Reference