Qualys Blog

www.qualys.com
58 posts

Qualys Cloud Suite 8.11 New Features

This new release of the Qualys Cloud Suite, version 8.11, adds several new major features including:

  • Customizable Login Banners
  • New VM features including QID Changelog View, PCAP Scanning in Express Lite subscriptions, Scanning Options, and Timestamps on IG QID’s.
  • PC improvements to File Monitoring UDC as well as Policy Compliance Reporting Options.
  • Expanded Policy Compliance platform support including Palo Alto Firewall, MongoDB, and Apache Tomcat on Windows.

Continue reading …

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

This release includes the following new policies and updates:

  • New CIS Benchmarks for Amazon Linux, Apple OS X, Microsoft SQL Server, Microsoft Windows, and Ubuntu Linux
  • New DISA STIG policy for Windows Server 2016
  • New Best Practice Policies for Amazon Linux, PostGRE SQL, and HITRUST CSF
  • Several updates to existing CIS Certified benchmarks

Continue reading …

Achieve Continuous Security and Compliance with the CIS Critical Security Controls

For InfoSec pros, it’s easy to get overwhelmed by the constant noise from cybersecurity industry players — vendors, research firms, consultants, industry groups, government regulators and media outlets. A good antidote for this hyperactive chatter is to refocus on foundational InfoSec practices. That’s what SANS Institute Senior Analyst John Pescatore and I will do this week: An immersion into the Center for Internet Security’s Critical Security Controls (CSCs).

During an hour-long webcast on Sept. 28, we’ll be discussing the benefits of implementing these 20 recommended controls. Initially published in 2008, these information security best practices have been endorsed by many leading organizations and successfully adopted by thousands of InfoSec teams over the years. Now on version 6.1, the CIS CSCs map effectively to most security control frameworks, as well as regulatory and industry mandates, and are more relevant and useful than ever.

Continue reading …

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

This release includes new policies and updates covering:

  • New CIS versions for Apache HTTP Server, Solaris, Microsoft Windows 2016, centOS, Microsoft IIS, Oracle Linux, and Red Hat Enterprise Linux
  • New DISA STIG policies for Red Hat Enterprise Linux and Windows 2016
  • New Security & Configuration Policies for IIS, MS SQL Server 2016
  • New Mandate mappings for CIS Critical Security Controls & First Five CIS Controls
  • Several updates to minor versions for Vendor Recommended and CIS policies

Continue reading …

Countdown to GDPR: IT Policy Compliance

From the first page, the EU’s General Data Protection Regulation stresses the importance it places on the security and privacy of EU residents’ private information. The 88-page document opens by referring to the protection of this personal data as a “fundamental right” essential for “freedom, security and justice” and for creating the “trust” needed for the “digital economy” to flourish.

The stakes are sky-high for EU regulators tasked with enforcing GDPR, and for organisations that must comply with it. The requirements outlined in the document amount to what some have called “zero-tolerance” on mishandling EU residents’ personal data and apply to any organisation doing business in the EU, regardless of where they are based.

Both data “controllers” — those who collect the data — and data “processors” — those with whom it’s shared — must implement “appropriate technical and organisational measures” and their IT networks and systems must “resist, at a given level of confidence, accidental events or unlawful or malicious actions.”

Bottom line: Organisations are expected to have technology and processes in place to prevent accidental or malicious incidents that compromise the “availability, authenticity, integrity and confidentiality of stored or transmitted personal data.”

As we’ve discussed in this GDPR preparedness blog series, while the regulation’s document is light on specific prescriptive information security controls and technologies, organisations must have solid InfoSec foundations in place to comply with this regulation, which goes into effect in May 2018.

In prior installments, we’ve discussed the importance for GDPR compliance of IT asset inventory, vulnerability management, prioritization of remediation based on current threats, and vendor risk assessment. Today, we’ll focus on another core component for preparing for GDPR: policy compliance.

Continue reading …

Qualys Cloud Suite 8.10.2 New Features

This new patch release of the Qualys Cloud Suite, version 8.10.2, includes updates to shared platform features, a new role for user management, and expanded Policy Compliance platform support. Continue reading …

Qualys Cloud Suite 8.10.1 New Features

This new patch release of the Qualys Cloud Suite, version 8.10.1, includes updates to password management, user roles & permissions, and User Defined Control improvements in Qualys Policy Compliance (PC).

Continue reading …

Better Trusted Scanning with Qualys-CyberArk Integration

To manage privileged credentials, especially across multiple systems in complex environments, many organizations use privileged account security solutions. Qualys has integrated with such solutions for a long time, and has recently upgraded its CyberArk integration to include CyberArk Application Identity Manager. This provides organizations a simplified way to manage access to privileged credentials (passwords and SSH keys) while performing vulnerability and compliance trusted scanning, without the need to store credentials in the Qualys platform.

Continue reading …

Qualys Cloud Suite 8.10 New Features

This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements:

  • Authentication Vault integration with BeyondTrust
  • Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and audit frameworks.
  • Expanded support & features for scanning Cloud Environments such as Amazon EC2, Azure, and Google GCE.
  • VM Scanning, Reporting, and SSL Labs Improvements
  • Ability to export/import UDC definitions with Policy XML and Qualys Library Content
  • Policy Compliance support for PostGRE SQL and UDC Support for Amazon Linux 2016

See Also:

Continue reading …

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

This release includes new policies and updates covering:

  • Initial coverage for DISA STIG on Windows
  • SCM for Windows Server 2016
  • New CIS versions for CentOS, Windows Server 2008 R2/2012 R2
  • Several updates to minor versions for Vendor Recommended and CIS policies.

Continue reading …