Back to qualys.com
460 posts

Countdown to Black Hat: Top 10 Sessions to Attend — #1

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event.

The training sessions provide both offensive and defensive skills that security pros can use to tackle critical threats affecting applications, IoT systems, cloud services, and more. Meanwhile, the briefing sessions feature cutting-edge research on the latest infosec risks and trends. All sessions are led by expert trainers and researchers.

To help attendees decide which sessions to choose, we’ve selected ten that we think will be particularly relevant and valuable for Qualys customers, and we’ll highlight one each week here on our blog. Here’s our first recommendation: Advanced Cloud Security And Applied Devsecops.

This highly technical course delves deep into practical cloud security and applied DevSecOps for enterprise-scale cloud deployments, and focuses on IaaS and PaaS.

“Real-world cloud security is most definitely not business as usual. The fundamental abstraction and automation used to build cloud platforms upends much of how we implement security. The same principles may apply, but how they apply is dramatically different, especially at enterprise scale,” reads the course abstract.

Continue reading …

Integrating Threat and Vulnerability Management with Patch Management: The (Feasible) Quantum Leap

The rise of sophisticated attacks combined with the security-skills shortage have driven many organizations to go back to basics and review their processes for vulnerability and patch management. The approach is definitely a winning one, given that shrinking and managing the vulnerability surface makes it harder to target and compromise.

Assessing the attack surface requires strengthening key capabilities, such as increasing visibility across the IT landscape and improving the detection, prioritization and remediation of vulnerabilities at scale. Qualys has been boosting these capabilities for its customers over the last two decades.

Read on to learn how Qualys is addressing enterprises’ patch management challenges with integrated breach prevention that includes its new Patch Management cloud application.

Continue reading …

Boosting Patch Management Is Key for Breach Prevention

Vulnerabilities that vendors have disclosed and issued patches for remain a major source of breaches. Why? Too many organizations take too long to deploy those patches — or never do.

That was the case with WannaCry. The ransomware exploited Windows vulnerability MS17-010, which Microsoft disclosed in mid-March 2017, rating it “Critical” and issuing a patch for it. The attacks began two months later. It was only then that most affected organizations began to install the patch. When the dust cleared, WannaCry had infected 300,000-plus systems, disrupting critical operations globally.

So why does this baffling problem persist?

As is true for most IT and security challenges, the patch management problem and its solution depend on a combination of the technology being used and of the processes in place.

Read on to learn about patch management best practices, and about Qualys’ new patch management cloud app.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.19.1 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.19.1, includes newly added technology support for HP Safeguard and CISCO ACS 5, collected via Qualys Out-of-Band Configuration Assessment.

Continue reading …

LinkedIn Faux Pas Shines Light on Certificate Management

Visibility and control of digital certificates remains a challenge for even the largest enterprises, as evidenced by a high profile incident this week affecting Microsoft’s LinkedIn. Users accessing LinkedIn on Tuesday got a warning from their browsers alerting them about an insecure connection. The culprit: An expired TLS certificate.

In a statement to the press, LinkedIn said it experienced a “brief delay” in updating a digital certificate, and stated that member data wasn’t affected. Yet, the incident spotlights a nagging issue that frequently trips even the most technically savvy companies in the world: Digital certificate management.

Qualys SSL Labs’ SSL Pulse, which monitors the quality of SSL/TLS support across 150,000 of the most popular websites in the world, rated about 33% of the sites monitored as having inadequate security in its May report. A few thousand of these sites had expired certificates.

Continue reading …

Boost Security with These Gartner-Recommended Projects

Is your security team struggling to decide which projects will slash risk the most without breaking the bank? If so, we believe your security leaders can end analysis paralysis by perusing Gartner’s “Top 10 Security Projects for 2019” report. As its title states, the report recommends ten security projects for 2019, and the projects selected are supported by technologies available today, address the changing needs of cybersecurity and support what Gartner calls a CARTA (Continuous Adaptive Risk and Trust Assessment) strategic approach through risk prioritization.

Below we highlight five of the projects, provide Gartner’s take, offer our opinion, and explain how Qualys can help you implement them.

Continue reading …

Verizon’s DBIR Highlights Key Drivers of Security Risk

It’s that time of the year when Verizon updates us on the latest trends in the global threat landscape with its Data Breach Investigations Report (DBIR). The findings in this year’s report are based on data provided by more than 70 sources (including Qualys) about more than 41,000 security incidents, including more than 2,000 confirmed data breaches, across a variety of geographies (over 80 countries) and industries. A privileged observation point indeed.

While the very informative 78-page report touches on a wide range of areas,  I’ll focus on three that are particularly relevant for Qualys customers:

  • Who are hackers’ preferred targets, and why
  • The importance of reducing both the time it takes to discover security problems, such as vulnerabilities or breaches, and the time it takes to fix them
  • How lack of visibility, human error and careless misconfigurations heighten organizations’ security risks

Read on to learn more about the evolution (or is it “EVILution”) of the threat landscape in the past year, and find out about recommended actions.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.19 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.19, contains several new features and improvements in Qualys Vulnerability Management and Policy Compliance, which include an improved display of deadlines for remediation policies in VM; additional support for MS Exchange Server authentication, and default selection of layout options in policy report templates in PC; 2 new options for Sybase authentication, support for Microsoft Azure Key Vault in Qualys Cloud Platform, as well as a change in an existing option name (“Scan agent hosts in my target”) in the Launch Vulnerability Scan page.

Continue reading …

Qualys Policy Compliance Notification: Policy Library Update (March)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The March release includes the following new policy and updates:

  • New Industry and Best Practice policies for Microsoft Windows 10 Release 1809
  • New CIS Benchmark policies for Amazon Linux 2 v1.0.0, VMware ESXi 6.5 v1.0.0, Debian Linux 9 v1.0.0, and Microsoft Windows 10 Enterprise Release 1803 v1.5.0

Continue reading …

Qualys Cloud Platform (VM, PC) 8.18.2 New Features

This new release of the Qualys Cloud Platform, version 8.18.2.0, includes the new look for the App Picker, new technology support for Unix UDCs, and error code/text for errors that occur during control evaluation.

Continue reading …