Qualys Blog

www.qualys.com
312 posts

Simplifying Web Application Security with Qualys Web Application Firewall 2.0

The completely redesigned Qualys Web Application Firewall (WAF) 2.0 provides greater confidence in application security through increased customization, one-click virtual patching ability, simplified controls and stronger security rules. Available now with these and other improvements, WAF 2.0 helps customers fend off hackers’ increasingly common, aggressive and destructive web app attacks.

Continue reading …

IoT Security: A Hairy Issue That’s Simple to Solve

First the bad news: Internet of Things (IoT) systems have created immense security holes. Now the good news: The problem can be fixed fairly easily.

That was the message from Jason Kent, Qualys’ Vice President of Web Application Security, during his recent webcast, “Aligning Web Application Security with DevOps and IoT Trends.”

“IoT doesn’t have to be scary. We have the knowledge on how to solve all these application security problems,” Kent said. “We just need to put focus on it.”

The effort to create awareness and shine a light on the issue of IoT security must be shared by IoT system manufacturers, application developers, and customers, including both businesses and consumers.

Continue reading …

The World’s Gone Web App Crazy: Tips to Cut Risk from Hacks, Rogue Staff and Faulty Code

It used to be difficult or outright impossible for employees to install and use unapproved software on their work computers. For many IT departments, those happy days are over.

Web apps’ proliferation combined with mobile devices’ ubiquity have drastically lowered the bar —  or removed it altogether — for people to use software of their own choosing at work.

Continue reading …

Slash Vendor Risk and Sharpen Compliance with Policies, Standards and Regulations

As we continue our Qualys Top 10 Tips for a Secure & Compliant 2017 blog series, we zoom in on the all important area of compliance and risk monitoring, a key element of any comprehensive security program.

IT compliance and risk managers don’t have it easy. You face an increasingly complex regulatory landscape, constantly evolving industry standards and a technology environment that’s changing at a dizzying pace. It falls on your shoulders to make sure your organizations follow rules, regulations, laws, standards and practices in areas of IT across all business functions.

In this post, we’ll offer tips 5 – 7 on our list, to help you:

  • Ensure internal and external IT compliance
  • Assess procedural and technical controls among vendors to reduce the risk of doing business with them
  • Comply with the Payment Card Industry Data Security Standard (PCI DSS)

Continue reading …

Overwhelmed by Security Vulnerabilities? Here’s How to Prioritize

In our second installment of the Qualys Top 10 Tips for a Secure & Compliant 2017 blog series, we tackle the bane of many InfoSec teams: Deciding which vulnerabilities to remediate first.

Continue reading …

Five Things to Know About Qualys’ FedRAMP Authorization

The FedRAMP authorization obtained by the Qualys Cloud Platform was one of Qualys’ significant achievements in 2016. Why is that, you may be asking? Here we explain five reasons why the FedRAMP (Federal Risk and Authorization Management Program) approval is important for Qualys customers and partners. (And we explain what FedRAMP is!)

Continue reading …

Information Security and Compliance: New Year’s Resolutions You Can Keep

A new year has started, giving InfoSec professionals the perfect opportunity to evaluate what’s working and what’s not in their organizations, and, filled with that early-January optimism, set out to do better.

In that spirit of improvement and renewal, Qualys is kicking off today a blog series that outlines helpful tips — not just flimsy resolutions — for ensuring data security and compliance throughout the year.

In this initial post, we’ll discuss the first three of the Qualys Top 10 Tips for a Secure & Compliant 2017, addressing the importance of IT asset visibility, proper management of vulnerabilities, and continuous monitoring.

Continue reading …

Office Depot Extends the Value of Cloud-based Security via Qualys APIs

When Office Depot went looking for a new vulnerability management system, it picked Qualys’ for several reasons, including the variety and capabilities of its application programming interfaces (APIs). This was the topic of a recent talk by Office Depot Director of Global Information Security Jon Scheidell.

Since deploying Qualys Vulnerability Management (VM) about three years ago, the office supply chain has made ample and effective use of Qualys APIs in ways that have helped improve its overall security posture and its business operations.

“They’re one of the security vendors that does a better job of not only creating APIs for different features but also documenting them very, very well,” Scheidell said during a recent presentation at the Black Hat USA 2016 conference.

Qualys has always prioritized the extensibility of its platform via APIs, starting in the early 2000s with the release of its first product, and it has intensified its API efforts in the last four or five years.

Today, almost all of the major functions of the Qualys Cloud Platform are accessible to third party developers via APIs. In addition to Vulnerability Management, Qualys offers complete API sets for Web Application Scanning, Web Application Firewall, Policy Compliance, Continuous Monitoring, Malware Detection and the platform’s underlying asset management and tagging functionality.

Continue reading …

Call For Customer Presentations at RSA Conference 2017!

Tell your security story to your peers at RSA Conference 2017 San Francisco!

Qualys is looking for customers excited to talk on security, best practices and case studies leveraging the use of Qualys technologies. Take the stage in the Qualys booth to share your experience with RSA Conference attendees two or three times total during exhibit hall hours on February 14, 15, or 16.

If you would like to be considered as a presenter, please send a title and short abstract for a 20-30 minute presentation to David Conner at dconner@qualys.com. The call for presenters is open until January 10, 2017.

RSA Conference 2017 is held at Moscone Convention Center in San Francisco. Qualys will provide accepted presenters with a full conference pass, and pay your airfare and hotel expenses for the conference.

SSL: Deceptively Simple, Yet Hard to Implement

An Interview with SSL Expert and SSL Labs Founder Ivan Ristić

Even though SSL/TLS is critiivan-risticcal for the privacy, integrity, and security of internet communications, the protocol is implemented in an optimal way in only a small percentage of web servers, meaning that most websites and web apps aren’t as secure as they could be.

It doesn’t have to be that way, which is why Ivan Ristić, a security researcher, engineer, and author known for his expertise on various aspects of InfoSec, has spent years contributing to the field of SSL/TLS.

He launched SSLLabs.com in 2009 to provide SSL/TLS tools, research and documentation, brought it with him when he joined Qualys in 2010, and ran it until mid-2016, when he became an advisor. Under his leadership, SSLLabs.com became a de-facto standard for secure server assessment and the go-to site for organizations looking for help improving their SSL/TLS configurations.

Ristić also wrote an entire book about the topic titled “Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications.” We recently had a chance to catch up with Ivan and pick his brain about SSL/TLS challenges, best practices and trends. Here’s what he told us.

Continue reading …