Qualys previews TotalCloud FlexScan for multi-cloud security management

Qualys previews TotalCloud FlexScan for multi-cloud security management

Agentless security management system aims to simplify vulnerability management for security teams and developers in cloud and hybrid cloud environments.

Credit: Dreamstime

Vulnerability management vendor Qualys has announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multi-cloud and hybrid environments.

The software is designed to provide a holistic overview of an organisation’s cloud-based workloads and identify known vulnerabilities.

The system also scans workloads to check whether they’ve opened network ports, and monitors a host of other factors to offer a detailed picture of a business’ overall vulnerability status, tracking publicly exposed VMs (virtual machines), databases, user accounts and exploitable vulnerabilities in public-facing assets.

The vendor said that many of TotalCloud’s capabilities are designed to be no-code, allowing users to use a GUI (graphical user interface) to perform complex operational tasks such as quarantining assets and setting alert parameters, which would ordinarily require coding and be much more time-consuming.

TotalCloud, Qualys added, is also designed as a devsecops tool for developers, allowing them to identify and correct security flaws at each step of the development process.

TotalCloud features agentless design

One of TotalCloud’s main selling points is its agentless design, meaning that no software has to run on the monitored assets, with the idea being that the software won’t affect the workloads it is monitoring, according to IDC group vice president for security and trust Frank Dickson.

“Agentless security is a wonderful innovation to address imperfective approaches to application security within organisations,” he said. “Essentially, agentless security mitigates cross organisation conflict resulting from developer objections as cloud operations is essentially examining the environment behind a virtual sealed pane of glass.”

What that also means, however, is that the agentless approach to security is essentially based on individual snapshots of the systems it’s protecting, not on continuous, moment-to-moment monitoring. According to Dickson, this means that the system cannot protect workloads that spin up momentarily and then shut back down again between those snapshots.

“Additionally, agentless solutions cannot extract activity telemetry like process information, L3/L4 connections activity, memory analysis or other real time information,” he noted.

“Finally, you are very limited in taking action without an agent so response and remediation actions are limited. A security professional will be limited in the ability to isolate a workload or redeploy a golden image without an agent.”

Qualys said TotalCloud will be made generally available by the end of 2022.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags qualysCloudsecurity


EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments