Scans can be performed from the Internet if the services running on the Amazon EC2 or VPC instances are externally accessible, but that's not always the case. For example, a database server running in an Amazon cloud instance might only be accessible through Amazon's internal network, Kandek said.
In order to allow the scanning of such machines, Qualys also released the QualysGuard Virtual Scanner Appliance AMI (Amazon Machine Image) on Monday. This is a virtual QualysGuard appliance that can run on one of the customer's instances and can scan other machines through Amazon's internal network.
The scanner appliance is available from the AWS marketplace, but using it also requires a license from Qualys costing US$995 per year. Customers might need to run multiple QualysGuard virtual scanner appliances, one for each of Amazon's availability zones in which they have instances.
The integration with Amazon AWS is only the first step, Kandek said. The architecture of the data connector was built to support other services as well, both internal and external, he said.
For example, it will be able to support other cloud providers, but also private virtual infrastructure like the one controlled with VMware vCenter that raises similar problems of tracking how many virtual machines are running at any given time. The data connector will be able to run on a QualysGuard hardware appliance inside the network and gather inventory data from VMware vCenter and other similar systems in the future, Kandek said.
"The cloud services are growing and our customers are starting to adopt them and have challenges of how to scan such machines," Kandek said. "We have customers that tell us that during some times of the year -- for example, the Christmas season -- they need twice as many machines than they need during the rest of the year. It's simply not efficient to have that many machines in your own data center, because most of the time they would just sit there idling."
"The are also start-up companies that opt for doing everything into the cloud, because it allows them to get their product out faster and only need to pay a monthly fee that is much lower than the cost of building a private data center," Kandek said. These companies will now find it easier to scan their assets for vulnerabilities, he said.