This new release of the Qualys Cloud Platform (VM, PC), version 8.18 contains several new features and improvements in Qualys Vulnerability Management and Policy Compliance, which include CertView Vulnerability Scan for EC2 Assets, support for new authentication types to filter vulnerabilities, support for InformixDB authentication and IBM Web Application Server, and 2 new technologies in Policy Compliance.
The Qualys Training team is eager to share all of the recent additions to our free training program, as well as provide insight into what is coming in 2019. You can expect to see regular updates as we continue to improve our training offerings!
It is our mission to help Qualys customers and partners become more familiar with the entire portfolio of Qualys Cloud Apps, learn key workflows and adopt best practices. To help guide you, we are creating Learning Paths which take you from fundamentals through advanced topics, and ensure you have a complete foundation in Qualys technology.
This month’s Patch Tuesday addresses 65 vulnerabilities, with 18 of them labeled as Critical. Thirteen of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office. Three remote code execution (RCE) vulnerabilities are patched in the Windows DHCP Client, as well as an RCE vuln in Windows Deployment Services TFTP Server and Privilege Escalation in Microsoft Dynamics 365. Adobe’s release is light, with only two CVEs patched in Photoshop CC and Digital Editions.
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.
The January release includes the following new policy and updates:
- New CIS Benchmark for Ubuntu and PostgreSQL
- Updates to almost 60 existing library policies
Qualys’ Certification Page at CIS has been updated.
Qualys has just launched a global IT asset inventory solution that offers full visibility across even the most hybrid, complex and distributed IT environments, addressing a challenge many security and IT teams face today.
When IT directors and CISOs look at their digitally transformed networks, they encounter many shadows that their legacy enterprise software tools can’t illuminate. These blind spots often include cloud workloads, containers, IoT systems, mobile devices, remote endpoints, and Operational Technology wares.
Because full visibility is essential for security, this foggy, fragmented view of a network makes the organization vulnerable to cyber attacks. Qualys Global IT Asset Inventory (AI) provides complete, continuous, structured and enriched asset inventory in hybrid environments.
“This is a really big deal because it’s the basis of security: If you don’t know what you have, you can’t secure it,” says Qualys Chief Product Officer Sumedh Thakar.
Justin Bendl, Senior Manager for Security & Compliance at Federal Home Loan Bank of Pittsburgh, says that Qualys AI has begun to assist the bank in expanding automation that provides real-time visibility into the completeness and accuracy of software assets.
“This automation is enhancing the bank’s overall control environment and further mitigating risks in a proactive manner,” Bendl says.
Philippe Courtot, Qualys Chairman and CEO, highlights the benefits of Qualys AI’s full integration with the Qualys Cloud Platform. “You will know instantly what assets connect to your network, and be able to assess their security and compliance posture in real-time, giving you unprecedented and essential visibility,” says.
Read on to learn more details about Qualys Global IT Asset Inventory and the use cases it’s designed for.
This month’s Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, along with a patch for one of the two reported vulns. Adobe also released updates for Acrobat/Reader, Flash, Coldfusion, and Creative Cloud.
Despite the huge advantages that containers offer in application portability, acceleration of CI/CD pipelines and agility of deployment environments, the biggest concern has always been about isolation. Since all the containers running on a host share the same underlying kernel, any malicious code breaking out of a container can compromise the entire host, and hence all the applications running on the host and potentially in the cluster.
That fear of container isolation failing to hold up turned out to be true yesterday when a vulnerability in runC was announced. runC is the key and most popular software component that most container engines rely on for spinning up containers on a host. The announced vulnerability allows an attacker to break out of the container isolation through a well-crafted attack (technical details of the vulnerability and the exploit are at https://seclists.org/oss-sec/2019/q1/119) and compromise the entire host. The vulnerability is particularly nasty because it is not covered by the default AppArmor or SELinux kernel-enforced sandboxing policies.