top of page

Cybersafe can help optimize and strengthen Cloud Security with the Qualys TotalCloud solution.

In the age of digital transformation, cloud security is more critical than ever. Qualys' TotalCloud solution is designed to offer unrivaled visibility, accurate vulnerability assessment and continuous compliance, all from a unified platform.

Key Features:

Complete Visibility: Get a comprehensive view of all your cloud resources, including assets in multi-cloud and hybrid environments, to effectively manage and protect your digital assets.

Vulnerability Assessment: Use the most advanced scanning technology to detect and prioritize vulnerabilities, reducing the risk of exposure to cyber threats.

Simplified Compliance: Ensure compliance with international standards and regulations through automated assessments and detailed reports that facilitate auditing.

Security Configuration Management: Implement security and compliance best practices, with configuration checks that ensure protection against incorrect or insecure configurations.

Technical Benefits:

Security Automation: Reduce the time and effort required to manage cloud security with automated processes that scale as your infrastructure grows.

Improved Detection and Response: Accelerate threat detection and incident response with actionable insights and integration with SIEM and SOAR tools.

Operational Efficiency: Optimize vulnerability management and compliance with a unified dashboard that provides a clear view of your cloud's security posture.

Integration with Existing Ecosystems:

Qualys' TotalCloud solution integrates seamlessly with existing ecosystems, including cloud service providers such as AWS, Azure and Google Cloud, and supports robust APIs for customization and automation.

To find out more about Qualys' TotalCloud solution, talk to us. We are here to help improve your organization's cybersecurity.

We were present at the Digital Health Summit 2023, an important international event on cybersecurity in the healthcare sector, which took place on the island of Madeira, on the 29th and 30th of November.

It was a privilege to participate in the round table and debate ideas on the topic: SAFEGUARDING HEALTH: CYBERSECURITY, Data Security and Privacy in the Digital Health Revolution - Risks and Challenges in the Healthcare Sector in Terms of Cybersecurity (HOSPITALS).

We thank our roundtable partners for the enriching experience of sharing ideas and knowledge, and all the other participants in this great event.

Critical Services and Security Operations: "Cybersecurity cannot be seen as the company's firefighter"

Cybersecurity at the level of critical services and security operations was highlighted in the last round table of the IT Security Conference 2023, with the participation of Banco de Portugal, REN, EE-ISAC and Cybersafe.

The last round table of the IT Security Conference 2023 was entitled "Critical Services and Security Operations" and featured the views and experiences of Pedro Rodrigues, Head of Cybersecurity and IT Compliance at Banco de Portugal, Rafael Aranha, Head of Cybersecurity at REN, Aurélio Blanquet, Secretary General EE-ISAC and Dinis Fernandes, Executive Manager at Cybersafe.

In terms of regulation, Rafael Aranha began by explaining that REN operates in Portugal under a set of regulations - NIS1, Anacom's Security Regulation, ENTSO-E - which guarantee the "security of supply and the security of the electricity market". The appearance of the NIS 2 directive has helped to complement the responsibility for risk management and training. "Fortunately, some regulation has appeared, but the regulations have to match up with each other," warns the Head of Cybersecurity, considering, however, that there is a challenge here in the way the regulations relate to each other.

In Dinis Fernandes' experience, regulation has proved to be a "catalyst and a simplifier" so that companies' Boards of Directors and Senior Management have the same objectives in terms of cybersecurity. "When we have the same objective, the budget to carry out projects appears, the will for the various areas to interact appears," he says. As far as NIS 2 is concerned, the Executive Manager sees the directive as a 'push' for more and more sectors to comply with the requirements and thus increase their cybersecurity.

With regard to NIS 2, and in the context of its application to services and critical infrastructures, Aurélio Blanquet also highlights and reinforces the importance of extending the directive to other sectors, as well as within the scope of application in each sector. "Cybersecurity has become part of the boardroom table, but it's a recent movement, it's no longer an IT issue, but it's not something that's widely felt by business, and it's going to have to become one because NIS 2 requires it," says the Secretary General of EE-ISAC, the non-profit association set up in Brussels to share information and analyze security information, with the aim of creating a community for exchanging information. In this way, NIS 2 also leverages the need to increase sharing and cooperation at European level, within each sector and within sectors, assures Aurélio Blanquet, anticipating that the new directive will also lead companies to take on the necessary training and awareness-raising of their resources.

Critical services protection and cybersecurity beyond incident response

In terms of cybersecurity and the protection of critical infrastructures, Pedro Rodrigues argues that it is "essential to have at the root the identification of what the critical systems are, how we are going to protect them and this always implies some level of isolation", clarifying that exposure in critical systems should not be the same as that observed in public systems. The Head of Cybersecurity and IT Compliance at Banco de Portugal recalls that organizations' cybersecurity teams must not lose sight of what the critical assets/systems are.

"Cybersecurity cannot be seen as the company's firefighter," stresses Rafael Aranha, who adds that cybersecurity needs to be "transversal to business processes" and cannot "be seen as a vertical area of a company" or as an incident management area.

The role of AI in defending organizations

With all the attention it has been receiving, artificial intelligence can, in Pedro Rodrigues' view, "help achieve a goal of optimization and much more efficient operation from a defense point of view". It is necessary to create test environments, understand the added value, and choose the use case to solve.

However, the Head of Cybersecurity believes that critical infrastructures may not be the "right environment" for this type of testing with AI, and that it is necessary to choose the right use case and gain confidence in the tools. "It will enhance our defensive capabilities and bring us a little closer to the offensive capabilities we have to deal with every day," he reiterates.

Trends in security operations

Working in security operations centers (SOC) since 2007, Dinis Fernandes has seen an evolution in this tool. "In the last two years, security operations have changed more than in the last 15. There's this difficulty that everyone knows about with the lack of security analysts, the lack of qualified people," says the Executive Manager who, on the other hand, highlights the growing number of alerts that SOCs receive. The problems listed have led to the emergence of a number of products, including the introduction of XDR and MDR tools, which add incident response capacity to the SOC, broadening its environment and scope of action.

Cooperation as a tool in incident response

Closing the round table, Aurélio Blanquet highlighted information sharing as essential in improving individual response to security incidents. "In addition to defense, in the sense of detecting, responding to and recovering from incidents, the next step is to at least not be one step behind the community that is trying to attack us, and to start thinking about preventive cybersecurity," he said, concluding that everyone should "work for the group so that each of us can then work better for ourselves in return."

Source: Marta Quaresma Ferreira on

bottom of page