Qualys Blog

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

This release includes new policies and updates covering:

• New CIS versions for Apache HTTP Server, Solaris, Microsoft Windows 2016, centOS, Microsoft IIS, Oracle Linux, and Red Hat Enterprise Linux
• New DISA STIG policies for Red Hat Enterprise Linux and Windows 2016
• New Security & Configuration Policies for IIS, MS SQL Server 2016
• New Mandate mappings for CIS Critical Security Controls & First Five CIS Controls
• Several updates to minor versions for Vendor Recommended and CIS policies

Continue reading …

From the first page, the EU’s General Data Protection Regulation stresses the importance it places on the security and privacy of EU residents’ private information. The 88-page document opens by referring to the protection of this personal data as a “fundamental right” essential for “freedom, security and justice” and for creating the “trust” needed for the “digital economy” to flourish.

The stakes are sky-high for EU regulators tasked with enforcing GDPR, and for organisations that must comply with it. The requirements outlined in the document amount to what some have called “zero-tolerance” on mishandling EU residents’ personally identifiable information (PII) and apply to any organisation doing business in the EU, regardless of where they are based.

Both data “controllers” — those who collect the data — and data “processors” — those with whom it’s shared — must implement “appropriate technical and organisational measures” and their IT networks and systems must “resist, at a given level of confidence, accidental events or unlawful or malicious actions.”

Bottom line: Organisations are expected to have technology and processes in place to prevent accidental or malicious incidents that compromise the “availability, authenticity, integrity and confidentiality of stored or transmitted personal data.”

As we’ve discussed in this GDPR preparedness blog series, while the regulation’s document is light on specific prescriptive information security controls and technologies, organisations must have solid InfoSec foundations in place to comply with this regulation, which goes into effect in May 2018.

In prior installments, we’ve discussed the importance for GDPR compliance of IT asset inventory, vulnerability management, prioritization of remediation based on current threats, and vendor risk assessment. Today, we’ll focus on another core component for preparing for GDPR: policy compliance.

Continue reading …

This new patch release of the Qualys Cloud Suite, version 8.10.2, includes updates to shared platform features, a new role for user management, and expanded Policy Compliance platform support. Continue reading …

This new patch release of the Qualys Cloud Suite, version 8.10.1, includes updates to password management, user roles & permissions, and User Defined Control improvements in Qualys Policy Compliance (PC).

Continue reading …

To manage privileged credentials, especially across multiple systems in complex environments, many organizations use privileged account security solutions. Qualys has integrated with such solutions for a long time, and has recently upgraded its CyberArk integration to include CyberArk Application Identity Manager. This provides organizations a simplified way to manage access to privileged credentials (passwords and SSH keys) while performing vulnerability and compliance trusted scanning, without the need to store credentials in the Qualys platform.

Continue reading …

This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements:

• Authentication Vault integration with BeyondTrust
• Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and audit frameworks.
• Expanded support & features for scanning Cloud Environments such as Amazon EC2, Azure, and Google GCE.
• VM Scanning, Reporting, and SSL Labs Improvements
• Ability to export/import UDC definitions with Policy XML and Qualys Library Content
• Policy Compliance support for PostGRE SQL and UDC Support for Amazon Linux 2016

See Also:

• Qualys Cloud Platform 8.10 (VM/PC) API Notification 1
• Qualys Cloud Platform 8.10 (VM/PC) API Notification 2

Continue reading …

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

This release includes new policies and updates covering:

• Initial coverage for DISA STIG on Windows
• SCM for Windows Server 2016
• New CIS versions for CentOS, Windows Server 2008 R2/2012 R2
• Several updates to minor versions for Vendor Recommended and CIS policies.

Continue reading …

Reserve Bank of India (RBI), India’s central banking and monetary authority, points out that the number, frequency, and impact of cyber incidents on Indian banks has increased substantially. Like their peers globally, Indian banks are committed to maintaining customer trust, protecting financial assets, and preserving their own brand and reputation as the industry will remain a top target of cybercriminals using increasingly sophisticated methods. Thus, it is urgent that banks continue to improve their cyber defenses.

In a race to adopt technology innovations, the exposure to cyber incidents/attacks has also increased, thereby underlining the urgent need to put in place a robust cyber security and resilience framework. The Reserve Bank of India has provided guidelines on Cyber Security Framework vide circular DBS.

Continue reading …

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

This release includes new policies and updates covering: Docker, Oracle Enterprise Linux, Red Hat Enterprise Linux, and Windows Server 2012 R2.

Continue reading …

This new patch release of the Qualys Cloud Suite, version 8.9.3, includes updates for cloud-based scanner deployments and tagging improvements.

Continue reading …