Qualys Community

1094 posts

Agility and Flexibility Needed To Manage Risk Throughout Vendor Relationship Lifecycle

We conclude our series on assessing third-party risk, where we’ve described scenarios in which an automated, cloud-based system can help you identify security and compliance gaps among vendors, partners and employees.

As we have outlined in this blog series, CISOs and their infosec teams need clarity and visibility not only into their IT environments, but also across their roster of trusted vendors. Organizations that don’t properly assess and manage the risk of doing business with their vendors, partners, suppliers, contractors and other third parties make their IT network and data vulnerable to hackers.

Continue reading …

Oracle October 2016 Critical Patch Update

Oracle released another massive patch update today which fixed 253 security flaws across hundreds of Oracle products.  This year we have seen the updates getting bigger as compared to an average of 161 vulnerabilities 2015 and 128 vulnerabilities in 2014. Many components fixed in today’s release are remotely exploitable. Since most organizations have different teams to patch databases, networking components, operating systems, applications server and ERP systems, I have broken down the massive update in these categories. Other than the exception of Java there are no consumer products and administrators should focus on their individual patching domains.

Continue reading …

My Life as a Chief Security Officer

Gerhard Eschelbeck, Google’s VP of security and privacy engineering, worked at Qualys in the early- to mid-2000s and remembers it as a then-fledgling company brimming with passion and energy about its mission to change vulnerability management.

“It’s amazing to see the growth of the company, and the success and the trust you all have given to a technology that started about 15 years ago,” Eschelbeck said Wednesday at his keynote titled “My Life as a Chief Security Officer” during the Qualys Security Conference in Las Vegas.

Continue reading …

Security Is Tough, but Infosec Pros Can Find Joy in the Work

Anger. Frustration. Despondency. Hopelessness. Capitulation.

These are typical feelings experienced by infosec pros, as they deal with careless end users, impatient executives, emerging technology, budget constraints and understaffing.

“It’s tough out there,” said Mike Rothman, president of Securosis, an information security and analysis firm.

Continue reading …

Infosec Teams Need More Collaboration and Automation to Defend Their Organizations and Help Them Succeed

Infosec teams are under a figurative DDoS (distributed denial of service) attack caused by a variety of business and operational factors that overwhelm them and keep them from crafting strategies to address long-term challenges.

Instead, infosec pros spend most of their time at work doing “day-to-day” tasks due to issues like understaffing and an overload of security alerts, according to Joseph Blankenship, a Senior Analyst at Forrester Research.

Continue reading …

The Big Year: 2016 Product Advances Highlighted at QSC

Several product management leaders took the stage at Qualys Security Conference 2016 in Las Vegas on Wednesday to outline major recent improvements to Qualys products, including Cloud Agent, AssetView, ThreatPROTECT, Vulnerability Management, Policy Compliance and Web Application Scanning.

Continue reading …

As Traditional Network Perimeters Dissolve, Qualys Cloud Platform Provides Global Security and Compliance Visibility

Every day, a large bank scans 1.4 million devices, a home improvement chain scans 2,200 stores and a major cloud infrastructure provider scans 2 million devices.

What do these three big companies have in common? They all rely on the Qualys Cloud Platform for these critical security scans, Qualys Chief Product Officer Sumedh Thakar said at the company’s annual conference.

Continue reading …

Qualys CEO Philippe Courtot Kicks Off QSC16 with Call for Organizations to Secure Their Digital Transformations

As organizations pursue digital transformation efforts, traditional security solutions are falling short, reducing CISOs’ visibility into the increasingly complex IT environments of cloud computing and interconnected business, and creating infosec challenges hackers are eager to exploit.

CEOs are under business pressure to adopt new, emerging technologies that can improve their businesses by gathering and analyzing more data about their products and customers, but security can’t be overlooked.

“Bad guys have taken advantage of the fact that digital transformation forces us to open our networks and interconnect many things,” Philippe Courtot, Qualys’ chairman and CEO, said during the opening keynote of this year’s Qualys Security Conference.

Continue reading …

Lasso In Employee Training, Vendor Regulatory Compliance with Automated Risk Assessments

We continue our series on assessing third-party risk, where we’re describing scenarios in which an automated, cloud-based system can help you identify security and compliance gaps among vendors, partners and employees.

In addition to protecting their organization’s IT environment, CISOs must also closely monitor the security and compliance policies and procedures of trusted third parties.

Continue reading …

October Patch Tuesday 2016 Video Highlights

Today Microsoft started rolling out a new way to patch systems, and this video highlight covers the new patching mechanism, five 0-day vulnerabilities patched by today’s update as well as Adobe vulnerabilities that were fixed.