1 In 5 Security Professionals Struggle Applying Security Updates
New research commissioned by Qualys and conducted by Dark Reading shines new light on the various ways information security professionals are coping — or struggling — with the difficulties and nuances of safeguarding cloud and SaaS assets, including measuring, communicating, and eliminating cyber risk in the cloud.
Key findings from the research include: Cloud adoption is ubiquitous and complex: Most organisations polled (57%) use two to three cloud service providers, and 58% have at least five corporatewide SaaS applications deployed. To secure this complex environment, the majority (60%) must manage and reconcile outputs from two or more separate cloud and SaaS security tools — a task they find challenging and suboptimal.
Most organisations polled (57%) use two to three cloud service providers, and 58% have at least five corporatewide SaaS applications deployed. To secure this complex environment, the majority (60%) must manage and reconcile outputs from two or more separate cloud and SaaS security tools — a task they find challenging and suboptimal. Sleepless nights: Professional defenders singled out cost (54%), system reliability and performance (36%), and limited cloud-specific security staff skills (27%) as the cloud and SaaS issues that concerned them the most.
Professional defenders singled out cost (54%), system reliability and performance (36%), and limited cloud-specific security staff skills (27%) as the cloud and SaaS issues that concerned them the most. Attacks are relentless: Moving data and applications to the cloud and adopting SaaS come with a whole set of risks. Enterprises are worried about threats such as account hijacking, phishing, ransomware and malware, data exfiltration, advanced persistent threats, and distributed denial-of-service attacks.
Moving data and applications to the cloud and adopting SaaS come with a whole set of risks. Enterprises are worried about threats such as account hijacking, phishing, ransomware and malware, data exfiltration, advanced persistent threats, and distributed denial-of-service attacks. Config chaos: One place just about all parties find common ground when assessing cloud and SaaS risk is in the thorny issue of misconfigurations, one of the top concerns for both cloud (24%) and SaaS (33%). The level of concern, however, appears to fall well short of the scope of the actual misconfiguration problem in the wild.
One place just about all parties find common ground when assessing cloud and SaaS risk is in the thorny issue of misconfigurations, one of the top concerns for both cloud (24%) and SaaS (33%). The level of concern, however, appears to fall well short of the scope of the actual misconfiguration problem in the wild. Situational blindness: Few enterprises engage in ongoing or continuous assessment of their cloud and SaaS environments. The rest do security assessments at intervals that range largely from once a quarter (18% for cloud, 11% for SaaS) to once a year (25% cloud, 26% SaaS), and in some cases not at all.
Few enterprises engage in ongoing or continuous assessment of their cloud and SaaS environments. The rest do security assessments at intervals that range largely from once a quarter (18% for cloud, 11% for SaaS) to once a year (25% cloud, 26% SaaS), and in some cases not at all. Difficulty patching: Enterprises are also concerned about adversaries exploiting unpatched vulnerabilities in web applications (39%) and cloud environments (23%). Almost 1 in 5 say they have difficulty applying security updates and patches, creating a situation where organisations are exposed to attack as a result of exploitable vulnerabilities.
Enterprises are also concerned about adversaries exploiting unpatched vulnerabilities in web applications (39%) and cloud environments (23%). Almost 1 in 5 say they have difficulty applying security updates and patches, creating a situation where organisations are exposed to attack as a result of exploitable vulnerabilities. Sluggish response: Topping the list of IR concerns are a lack of skilled workers (49%), limited visibility into cloud and hosted environments (46%), and the inherent complexity of cloud-centric incidents (46%).
'The data shows in stark relief the real-world challenges defenders face when it comes to shoehorning traditional security practices and methods — things like managing configs and vulnerabilities, controlling access, and corralling siloed security tools — into the defences of dynamic multi-cloud and multi-SaaS environments', commented Shilpa Gite, Senior Manager, Cloud Security Compliance, Qualys. 'The research underscores the importance of a comprehensive, unified, strategic approach to cloud and SaaS security that brings together continuous scanning and vulnerability assessment, automated remediation efforts, AI-powered threat detection and response capabilities, and cross-platform risk prioritisation features'.
To enhance security posture, organisations should consider: Implementing continuous monitoring and assessment: Enterprises should move away from periodic assessments and adopt continuous security monitoring to identify and mitigate threats in real time. Continuous assessment helps in promptly detecting vulnerabilities that emerge due to constant updates and configuration changes in cloud and SaaS environments.
Enterprises should move away from periodic assessments and adopt continuous security monitoring to identify and mitigate threats in real time. Continuous assessment helps in promptly detecting vulnerabilities that emerge due to constant updates and configuration changes in cloud and SaaS environments. Adopting a unified security platform: Using a single, integrated security platform to manage all aspects of security across on-premises, cloud, and SaaS environments is crucial. A unified platform provides comprehensive visibility, streamlined security operations, and consistent policy enforcement, hence reducing the risk of security gaps and inefficiencies wherever they occur.
Using a single, integrated security platform to manage all aspects of security across on-premises, cloud, and SaaS environments is crucial. A unified platform provides comprehensive visibility, streamlined security operations, and consistent policy enforcement, hence reducing the risk of security gaps and inefficiencies wherever they occur. Enhancing identity and access management (IAM): Proper IAM practices are essential for securing access to sensitive data and systems, especially in cloud and hosted systems. Enterprises need robust IAM solutions that include multi-factor authentication, least privilege access, and regular access reviews to prevent unauthorised access and minimise insider threats.
Proper IAM practices are essential for securing access to sensitive data and systems, especially in cloud and hosted systems. Enterprises need robust IAM solutions that include multi-factor authentication, least privilege access, and regular access reviews to prevent unauthorised access and minimise insider threats. Leveraging automation for security processes: Automating security processes such as vulnerability scanning, patch management, configuration and change management, and incident response, significantly improves operational efficiency and reduces risk of human error. Automation especially empowers under-resourced security teams — that means most of them — to quickly address threats and maintain a mature, proactive security posture.
Automating security processes such as vulnerability scanning, patch management, configuration and change management, and incident response, significantly improves operational efficiency and reduces risk of human error. Automation especially empowers under-resourced security teams — that means most of them — to quickly address threats and maintain a mature, proactive security posture. Investing in advanced threat detection and response capabilities: To combat sophisticated threats such as advanced persistent threats (APTs), ransomware, and nextgen malware, enterprises should invest in AI-powered threat detection and response solutions. These advanced capabilities enable organisations to detect and respond to threats swiftly, minimising potential damage. 0 0
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tahawul Tech
28-05-2025
- Tahawul Tech
The Museum of the Future Archives
Commvault, a global enterprise leader in data management across on-premises, cloud, and SaaS environments, today announces its Connections on the Road event in Dubai will take place at the Museum of the Future on 11 May 2023.
TECHx
28-05-2025
- TECHx
Qualys TotalAI Enhances LLM Security Features
Home » Tech Value Chain » Global Brands » Qualys TotalAI Enhances LLM Security Features Qualys, Inc. (NASDAQ: QLYS) has announced major updates to its Qualys TotalAI solution. The enhancements aim to secure the complete MLOps pipeline, from development to deployment. The company revealed that organizations can now test large language models (LLMs) more rapidly, even during development cycles. These updates bring stronger protection against new threats and introduce on-premises scanning with an internal LLM scanner. As AI adoption accelerates, security remains a critical concern. A recent study reported that 72% of CISOs are worried generative AI could cause breaches. Enterprises need tools that balance innovation with secure implementation. Tyler Shields, principal analyst at Enterprise Strategy Group, emphasized the importance of security. He noted that Qualys TotalAI allows only trusted, vetted models in production, helping organizations manage risk while remaining agile. Qualys TotalAI addresses AI-specific risks. It tests models for jailbreak vulnerabilities, bias, sensitive data leaks, and threats aligned with the OWASP Top 10 for LLMs. The solution goes beyond infrastructure checks and supports operational resilience and brand trust. Key updates include: Automatic risk prioritization: Using MITRE ATLAS and the Qualys TruRisk™ engine, risks are scored and ranked for faster resolution. Secure development integration: On-premises LLM scanning enables in-house testing during CI/CD workflows, improving agility and protection. The platform also detects 40 types of attack scenarios. These include jailbreaks, prompt injections, bias amplification, and multilingual exploits. These scenarios simulate real-world tactics to improve model resilience. Another update is protection from cross-modal exploits. TotalAI can now detect manipulations hidden in images, audio, and video files meant to alter LLM outputs. Sumedh Thakar, president and CEO of Qualys, said the solution offers visibility, intelligence, and automation across AI lifecycles. He added that TotalAI helps companies innovate confidently while staying ahead of emerging threats. Qualys TotalAI is now positioned as one of the most comprehensive AI security solutions available today.
Channel Post MEA
28-05-2025
- Channel Post MEA
Qualys Updates TotalAI Solution
Qualys has announced major updates to its TotalAI solution to secure organizations' complete MLOps pipeline from development to deployment. Organizations will now be able to rapidly test their large language models (LLMs), even during their development testing cycles, with stronger protection against more attacks and on-premises scanning powered by an internal LLM scanner. With the current rush of AI adoption, organizations are moving at an unprecedented pace – often without implementing foundational security controls necessary to manage risk. A recent study revealed 72% of CISOs are concerned generative AI solutions could result in security breaches for their organizations. Enterprises need a better solution to bridge the gap between innovation and secure implementation. As AI becomes a core component of business innovation, security can no longer be an afterthought,' said Tyler Shields, principal analyst at Enterprise Strategy Group. 'Qualys TotalAI ensures that only trusted, vetted models are deployed into production, enabling both agility and assurance across organizations' AI usage. This security helps organizations achieve their innovation goals while managing their risk.' Qualys TotalAI is purpose-built for the unique realities of AI risk, going beyond basic infrastructure assessments to directly test models for jailbreak vulnerabilities, bias, sensitive information exposure, and critical risks mapped to the OWASP Top 10 for LLMs. Taking a risk-led approach, TotalAI not only finds AI-specific exposures — it helps teams resolve them faster, protect operational resilience, and maintain brand trust. TotalAI delivers: Automatic Prioritization of AI Security Risks : Findings are mapped to real-world adversarial tactics with MITRE ATLAS and automatically prioritized through the Qualys TruRisk scoring engine, helping security, IT, and MLOps teams zero in on the most business-critical risks. : Findings are mapped to real-world adversarial tactics with MITRE ATLAS and automatically prioritized through the Qualys TruRisk scoring engine, helping security, IT, and MLOps teams zero in on the most business-critical risks. Faster, Safer AI Application Development: With the new internal on-premises LLM scanner, organization can now incorporate comprehensive security testing of their LLM models during development, staging, and deployment – all without ever exposing models externally. This shift-left approach, incorporating security and testing of AI-powered applications into existing CI/CD workflows, strengthens both agility and security posture, while ensuring sensitive models remain protected behind corporate firewalls. With the new internal on-premises LLM scanner, organization can now incorporate comprehensive security testing of their LLM models during development, staging, and deployment – all without ever exposing models externally. This shift-left approach, incorporating security and testing of AI-powered applications into existing CI/CD workflows, strengthens both agility and security posture, while ensuring sensitive models remain protected behind corporate firewalls. Enhanced Defense Against Emerging AI Threats: TotalAI now expands to detect 40 different attack scenarios, including advanced jailbreak techniques, prompt injections and manipulations, multilingual exploits, and bias amplification. The expanded scenarios simulate real-world adversarial tactics and strengthen model resilience against exploitation, preventing attackers from manipulating outputs or bypassing safeguards. TotalAI now expands to detect 40 different attack scenarios, including advanced jailbreak techniques, prompt injections and manipulations, multilingual exploits, and bias amplification. The expanded scenarios simulate real-world adversarial tactics and strengthen model resilience against exploitation, preventing attackers from manipulating outputs or bypassing safeguards. Protection from Cross-modal Exploits with Multimodal Threat Coverage: TotalAI's enhanced multimodal detection identifies prompts or perturbations hidden inside images, audio, and video files that are designed to manipulate LLM outputs, helping organizations safeguard against cross-modal exploits. 'AI is reshaping how businesses operate, but with that innovation comes new and complex risks,' said Sumedh Thakar, president and CEO of Qualys. 'TotalAI delivers the visibility, intelligence, and automation required to stay agile and secure, protecting AI workloads at every stage — from development through deployment. We are proud to lead the way with the industry's most comprehensive solution, helping businesses innovate with confidence, while staying ahead of emerging AI threats.' 0 0
