The increasing adoption of cloud-based security services is an ongoing trend at RSA this year, and cloud security service provider Qualys chose the conference to announce a host of new modules for their QualysGuard cloud security platform and to take the wraps of their new QualysGuard Web Application Firewall (WAF) service.
I sat with Qualys CTO Wolfgang Kandek earlier this morning at RSA to discuss the new offering, and asked him to explain the relationship between the new QualysGuard WAF and the IronBee open-source WAF that Qualys released last year.
"We took a lot of our learnings from the IronBee project and applied them to the new QualysGuard WAF," Kandek said. "Our goal was to create a WAF that our customers can deploy in front of their web servers for improved reliability and performance." Kandek added that Qualys only requires a DNS change to activate the service, which can then begin screening web traffic for harmful elements.
The new QualysGuard WAF is similar in many respects to existing cloud security and availability services like CloudFlare and Incapsula. Like those two services, the QualysGuard WAF sits in front of protected web servers and screens web traffic to protected sites for attack attempts and other malicious data. It can also improve site performance by using content optimization, caching, and data compression.
In related Qualys news, the firm announced a number of updates to their QualysGuard cloud platform, including a malware detection service, dynamic asset tagging, IT-GRC workflows for auditing and policy compliance, a zero-day alert service, and a new virtual scanner appliance. All of these aforementioned updates and modules are available immediately, while the QualysGuard WAF will be available in limited beta form in Q2 of 2012.
Already using cloud services from Qualys, CloudFlare, or Incapsula? Share your thoughts by adding a comment to this blog post or contribute to a discussion on Twitter.