.png)
In this blog, we are going to talk about an article on “How InfoSec uses the Elastic Stack for vulnerability management”. First, we want to congratulate Elastic, as this is one of those rare times that a company came forward and publicly shared its vulnerability management process. This article has some great points for any organization looking to automate their vulnerability management process, however, we wanted to point out how they could have improved their vulnerability management posture if they used SecOps Solution instead of Qualys. We highly recommend you go through the above article as it has a wealth of information but if you have a time crunch here’s a short summary.
The article very well explains the vulnerability management process. They have divided the complicated architecture of vulnerability management used by them into three main components :
In the injection step, they talk about how they use Qualys along with the Elastic stack to monitor the injection and how that makes it more efficient. They have elaborated on how the ElasticSearch and metrics system has helped them in real-time reporting and notification. Overall, the article was focused on how Elastic stack can be delivering the flexibility we require without the hassle of maintaining our own solution or dealing with feature requests with a third-party vulnerability management solution.
Vulnerability Management Architecture of Elastic when they used Qualys:
Let us understand how vulnerability management posture would have been improved if they had used SecOps Solution:
So, now you have a clear understanding of how SecOps would have improved the Elastic VM process. Let’s discuss how SecOps would have helped to provide a more sufficient way of Data injection:
Unlike Qualys which relies on CVSS score. SecOps uses a combination of EPSS and CVSS to collect the data which is the most efficient way of prioritizing vulnerabilities as it focuses on the severity as well as the probability of exploitation of the vulnerability.
Qualys has an XML-based API which requires lots of time to classify the data. Here’s a fantastic blog explaining the issues with XML-based API.
SecOps instead use JSON-based REST API to generate this data which has a defined schema that makes it easy to integrate into the Elastic stack without writing any complicated Go script query.
Qualys although a security software has had its fair share of reported security vulnerabilities present in its own cloud agent scan like CVE-2022-29550 which may unexpectedly write credentials (from environment variables) to disk in cleartext and have a medium severity and still now there is no mitigation or patch available to suppress this vulnerability. Another example is CVE-2022-29549 which executes programs at various full pathnames without first making ownership and permission checks and without integrity checks. Also, the vendor recommendation is to install this agent software with root privileges which puts any organization data at very high risk, and still, Qualys take no action to mitigate these vulnerabilities as of the time this article was published. If you like to know more about the severity of these CVEs you can check them on our EPSS calculator.
Overall, Qualys is a good security tool but it does not upgrade itself along with the changing environment and the API used is still highly outdated and requires to be changed to fit in the organization which uses the latest technology and requires Zero setup time and automation in the scanning process which is provided by SecOps.
SecOps Solution is an award-winning agent-less Full-stack Vulnerability and Patch Management Platform that helps organizations identify, prioritize and remediate security vulnerabilities and misconfigurations in seconds.
To schedule a demo, just pick a slot that is most convenient for you.
