All Posts

496 posts

Policy Compliance Library Updates, November 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The November release adds support to 3 new technologies, includes 1 new CIS Benchmark policy and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

Continue reading …

The Power and Future of the Qualys Cloud Platform

Qualys Security Conference 2019 kicked off this morning at the Bellagio hotel in Las Vegas. The event actually began on Monday with training sessions over the first two days, but this morning hundreds of attendees filled a conference room to listen to keynote presentations about the state of cybersecurity and the vision for the future of the Qualys Cloud Platform.

Continue reading …

Qualys Cloud Platform 8.21.7 New Features

Update November 27, 2019: The features referenced in this blog post will be released in Qualys Cloud Platform release 8.22.

Update November 19, 2019: The features referenced in this blog post will be released in the next Qualys Cloud Platform release scheduled for December 2019, and will be announced separately. We apologize for any confusion this may have caused.

Original Post: The upcoming release of the Qualys Cloud Platform (VM, PC), version 8.21.7, will include new features in Qualys Cloud Platform, Vulnerability Management, and Policy Compliance.

Continue reading …

Policy Compliance Library Updates, October 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The October release includes the following new policy and updates:

  • 2 new technologies for OCA
  • 7 new technologies for Scanner
  • 10 new CIS Benchmark policies
  • 3 new browser policies for Cloud Agent
  • 11 new Industry and Best Practice policies
  • 1 new DISA STIG policy
  • 1 Microsoft Security Baseline policy
  • More than 100 updated policies

Qualys’ Certification Page at CIS has been updated.

Continue reading …

Qualys Cloud Platform 8.21.6 New Features

Update Nov 19, 2019: This blog post was updated with additional detail about the new features in 8.21.6.

The 8.21.6 release adds several new features in Qualys Cloud Platform, Policy Compliance, and Vulnerability Management. Apart from various other new features, this release adds support for Apple Safari 11.x/12.x in compliance scans for Unix hosts, and extends UDC support for multiple new technologies for Qualys PC; whereas, new features for VM includes added support for HashiCorp vaults in DB Auth Records and Sybase authentication for vulnerability scanning.

Continue reading …

5 Reasons to Attend Qualys Security Conference 2019

Qualys is a leader in cybersecurity and one of the more recognizable and respected names in the industry. It should be. The company has been around for 20 years, and it continues to innovate and push the envelope.

Later this month, Qualys will take over Bellagio Hotel in Las Vegas for the Qualys Security Conference 2019 (QSC). I realize there are a lot of cybersecurity vendors and an overwhelming number of cybersecurity conferences you could choose to attend, but here are 5 reasons you should seriously consider going to Qualys Security Conference.

Continue reading …

Graboid: Revenge of the Worms

This week saw news of self-propagating worms in the container landscape to perform unsanctioned computation tasks such as cryptojacking. This blog post is intended for Qualys customers and partners to understand how such container attacks work, provide security best practice recommendations & walkthrough related Qualys product portfolio functionality.

Continue reading …

Enhanced API Scanning with Postman Support in Qualys WAS

Due to the fast-growing usage of REST APIs, having a way to test them for vulnerabilities in an automated, reliable way is more important than ever.  Automated testing of APIs is a little trickier than for web applications.  You can’t simply enter a starting URL for the scanner and click “Go”.  Additional setup is required to describe the API endpoints for the scanner.  The good news is that Qualys Web Application Scanning (WAS) offers multiple ways to set up a scan for your APIs.

Up to now Qualys WAS has provided two methods to set up scanning of your APIs:

  1. Proxy capture method
  2. Swagger/OpenAPI file method

Now, WAS supports a 3rd method – Postman Collections. As we’ll explain, this method can provide better vulnerability testing compared to the others.

Continue reading …

Empower your Cloud Ops Teams – Publish Qualys CloudView Security Assessment Reports to their Slack Channel

In today’s constantly changing and evolving cloud environments, being able to quickly provide information on misconfigurations and security policy violations in your cloud accounts and assets has become a critical need to the success of your security operations. Many cloud platforms offer tools within their specific cloud environments to provide this type of visibility. However, security operations teams are quickly learning that in a multi-cloud environment, they need tools that provides this information across all three major cloud providers in a seamless and centralized way, with normalized data streams. They need a single source of truth for their account security regardless of the public cloud provider or the asset metadata.

Continue reading …

Qualys Cloud Platform 8.21.2 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.21.2, includes Virtual Scanner Appliance support for Alibaba Cloud Compute, scheduling of EC2 scans with no scannable EC2 assets in Asset Tags in Qualys Vulnerability Management, expanded support for instance discovery and auto record creation in Qualys Policy Compliance, compliance support for Oracle 19c, and more.

Continue reading …