Qualys Blog

www.qualys.com
1228 posts

Gartner: The Pursuit of Perfection Weakens InfoSec Effectiveness

While malicious hackers are the obvious enemies of InfoSec pros, there’s something else that puts IT environments in danger: Perfectionism.

When applied to security, perfectionism becomes detrimental, creating a false certainty that all bases are covered and yielding a fundamentally flawed approach to protecting enterprises from attacks, according to Neil MacDonald, a Gartner Distinguished Analyst and Vice President.

“Perfect security is impossible,” MacDonald said during a keynote speech at the Qualys Security Conference 2017 on Thursday.

Continue reading …

QSC17: Qualys Battles the Silos, Helps Protect Digital Transformation Efforts

Digital transformation initiatives, if properly implemented, must go way beyond deploying the latest shiny IT systems. Instead, they must aim to fundamentally disrupt and reinvent business processes throughout the entire organization.

That was the message Qualys Chief Product Officer Sumedh Thakar delivered on Wednesday during his morning keynote “Our Journey into the Cloud: The Qualys Cloud Platform & Architecture.”

Continue reading …

The Shift from Securing our Networks to Enabling the Digital Transformation of our Enterprises

It’s not yet Thursday, but attendees at Qualys Security Conference 2017 were treated to a major “throwback” as CEO and Chairman Philippe Courtot journeyed back centuries during QSC17’s opening keynote to illustrate the seismic changes of today’s digital revolution.

Courtot cited some of history’s biggest shifts, such as the development of the printing press, which dramatically accelerated the distribution of knowledge, triggering massive political and economic changes, as well as Copernicus’ heliocentric model, which upended astronomy.

The difference is that changes of that magnitude are happening much more frequently in our time, as the Internet powers developments driven by digital technologies at dizzying speeds.

Continue reading …

Qualys Cloud Suite 8.11 New Features

This new release of the Qualys Cloud Suite, version 8.11, adds several new major features including:

  • Customizable Login Banners
  • New VM features including QID Changelog View, PCAP Scanning in Express Lite subscriptions, Scanning Options, and Timestamps on IG QID’s.
  • PC improvements to File Monitoring UDC as well as Policy Compliance Reporting Options.
  • Expanded Policy Compliance platform support including Palo Alto Firewall, MongoDB, and Apache Tomcat on Windows.

Continue reading …

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

This release includes the following new policies and updates:

  • New CIS Benchmarks for Amazon Linux, Apple OS X, Microsoft SQL Server, Microsoft Windows, and Ubuntu Linux
  • New DISA STIG policy for Windows Server 2016
  • New Best Practice Policies for Amazon Linux, PostGRE SQL, and HITRUST CSF
  • Several updates to existing CIS Certified benchmarks

Continue reading …

Bugcrowd Integration Now Available in Qualys Web Application Scanning

The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd’s approved security researchers.

Continue reading …

QSC17 Focuses on Digital Transformation’s Challenges and Opportunities

Qualys Security Conference 2017 finds Qualys rapidly advancing in its ongoing quest to seamlessly and transparently thread security into the fabric of IT environments, and to make it essential for digital transformation.

At QSC17, happening this week in Las Vegas, Qualys executives will share how the company’s growing catalog of security and compliance apps, powered by the highly scalable Qualys Cloud Platform, can yield substantial benefits and unique advantages to our customers and partners.

Continue reading …

The Critical Security Controls: Basic Cybersecurity Hygiene for your Organization

It’s a well-known fact that most successful cyber attacks are easily preventable. That’s because the majority are neither highly sophisticated nor carefully customized.

Instead, they are of the “spray and pray” sort. They try to exploit known vulnerabilities for which patches are available, or to take advantage of weak configuration settings that IT departments could have handily and quickly hardened.

One recent and infamous example was the WannaCry ransomware, which infected 300,000-plus systems and disrupted critical operations globally in May. It spread using the EternalBlue exploit for a Windows vulnerability Microsoft had patched in March.

So why do many businesses, non-profit organizations and government agencies — including those with substantial cybersecurity resources and knowledge — continue falling prey to these largely unrefined and easy to deflect strikes?

In most cases, the main reason can be traced back to hygiene — of the cybersecurity type, of course. Just as personal hygiene practices reduce the risk of getting sick, applying cybersecurity hygiene principles goes a long way towards preventing security incidents.

That was the key message Qualys Product Management Director Tim White and SANS Institute Analyst John Pescatore delivered during the recent webcast “Automating CIS Critical Security Controls for Threat Remediation and Enhanced Compliance.”

Continue reading …

October Patch Tuesday: 28 Critical Microsoft Vulnerabilities

Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.

Continue reading …

Achieve Continuous Security and Compliance with the CIS Critical Security Controls

For InfoSec pros, it’s easy to get overwhelmed by the constant noise from cybersecurity industry players — vendors, research firms, consultants, industry groups, government regulators and media outlets. A good antidote for this hyperactive chatter is to refocus on foundational InfoSec practices. That’s what SANS Institute Senior Analyst John Pescatore and I will do this week: An immersion into the Center for Internet Security’s Critical Security Controls (CSCs).

During an hour-long webcast on Sept. 28, we’ll be discussing the benefits of implementing these 20 recommended controls. Initially published in 2008, these information security best practices have been endorsed by many leading organizations and successfully adopted by thousands of InfoSec teams over the years. Now on version 6.1, the CIS CSCs map effectively to most security control frameworks, as well as regulatory and industry mandates, and are more relevant and useful than ever.

Continue reading …