Qualys CEO on how to keep up with hackers

Computer security used to be limited to academia, but this all changed with the arrival of the internet as more connectivity also meant the proliferation of software viruses.

Today, cybersecurity has become essential for all enterprises, especially with the exponential increase of data breaches, ransomware, and all manner of cybercrime. How can companies keep pace with novel methods used by threat actors? And what will the future cybersecurity landscape be like?

To answer these questions, we spoke with Sumedh Thakar, President and Chief Executive Officer of Qualys. We also asked him about his organisation’s technology challenges and goals, as well as his role in changing Qualys’ strategy, among others.

You were instrumental in expanding Qualys’ focus from cloud-based vulnerability management into broader areas of cybersecurity and compliance. Could you tell us how this shift came about and why?

Since its founding, Qualys has always focused on innovating and being product-driven. The aim of our product strategy has been to evolve and continuously meet the threat landscape where it is – ultimately to help customers in protecting their company crown jewels and maintaining business continuity.

For example, one of our recent innovations is pairing vulnerability management with patch management. When a vulnerability is found, the logical next step is to patch. Pairing these two capabilities for customers allows a much faster mean time to remediation than using two different siloed point solutions.

You’ve been with Qualys since 2003. What have been the highlights of your time there, and what are the most significant changes you’ve seen since then, specifically when it comes to cloud-based cybersecurity?

To me, life is all about solving challenges every day, no matter what position you are in – so working at a company where I could problem-solve and see the societal impact has been important to my personal journey. Starting as an engineer within the company, I was able to work alongside customers, hear and understand their needs, and build something that solved their pain points.

Sumedh Thakar, President and Chief Executive Officer, Qualys. Image courtesy of Qualys.

Being able to see in numbers the impact that Qualys has for customers is what energises and motivates me to continue innovating and serving.

Today’s hackers are getting increasingly smarter and sophisticated. How can organisations keep up, especially in this age of digital transformation and acceleration? How is this trend affecting the cybersecurity space as a whole?

Bad actors are utilising all the latest technology, such as automation, to maximise the impact of their attacks at scale. For example, during the March 2021 Microsoft Exchange breach, it was estimated that 250,000 servers fell victim to the attack.

If attackers are using automation to disrupt the business operations and continuity of every type of organisation, defence mechanisms must also do the same. Companies – both private and public, government agencies, and critical infrastructure organisations alike – are starting to feel compelled. Automation across security infrastructure is no longer a choice, but a necessity for every cyber arsenal. The risk of automation breaking something within the company’s IT infrastructure will now be fully outweighed by the risk of not automating at scale.

How do you envision cloud-based security will evolve within the next three to five years?

It is extremely difficult, if not impossible, to predict what the future of cybersecurity will look like. No one has a crystal ball to understand how attacks will evolve and what types of new technology we will pioneer to counteract them.

What we can expect is a continuation of increasing catastrophic breaches, internet-shaking vulnerabilities, state-sponsored attacks, and a rise in ransomware — as exemplified by Verizon’s 2022 Data Breach Investigations Report finding a 13% year-on-year increase – a rise as big as the last five years combined). The tools we need to address growing threats will evolve to take a risk-based and tailored approach that is unique to each organisation.

The end of 2022 is fast approaching. What are Qualys’ technology goals for 2023? What are currently Qualys’ top technology challenges?

In the past 20+ years, we have been busy creating a consolidated approach to cybersecurity so that organisations can stop drinking disparate data from siloed solutions out of a fire hose. We have prioritised our customers and built up our cloud platform natively. The future of the company will continue to build off this work with the overall mission to make cybersecurity cheaper.

From a technology perspective, our 2023 goals are continuing to innovate our platform with a hyperfocus on security mechanisms in cloud and container environments.