Qualys Blog

www.qualys.com
7 posts

SANS Study: To Take On New InfoSec Challenges, First Get the Basics Right

A major challenge for enterprise InfoSec teams is keeping their finger on the pulse of two constantly changing elements: external cyber threats and internal technology needs.

Staying a step ahead and proactively adjusting their organization’s security posture accordingly is a must in order to keep attack risks as low as possible. So what are the major shifts in threats and business technology use that CISOs and their staff face in 2017? And how should they respond to these changes?

You will find comprehensive answers to those and other critical InfoSec questions in a new SANS Institute whitepaper written by security analyst John Pescatore.

Continue reading …

Making Asset Inventory Actionable With a Cloud-Based System

As we’ve discussed in this blog series on automated IT asset inventory, having — or regaining — unobstructed visibility of your IT environment is key for a strong security and compliance posture.

We met Max, the CISO of a large manufacturer, whose organization progressively lost this visibility, as it adopted cloud computing, mobility, virtualization, IoT and other digital transformation technologies.

AssetView_Overview_v2_crop_searchbarWith the company’s IT environment upended and its network perimeter blurred, Max and the InfoSec team recovered control with a cloud-based, automated IT asset inventory system. This successful solution featured five key elements. In the previous posts, we addressed the first three:

This means that you need a complete and continuously updated list of IT assets, as well as granular security, compliance and system details on each one.

In this final post, we’ll explain the last two requirements for an effective cloud-based IT asset inventorying system:

  • Asset criticality rankings
  • Dashboarding and reporting

Continue reading …

For Complete Visibility, Dive Deep into IT Asset Discovery

In the first installment of this blog series on automated asset inventorying, we met Max, the CISO of a large manufacturer whose InfoSec team lost full visibility of the company’s hardware and software.

Dangerous blind spots appeared progressively over time as Max’s company adopted more and more digital transformation technologies, such as cloud computing, mobility, IoT, and virtualization.

Eventually, Max and his team became alarmed at the inability of their legacy on-premises security products to account for the new cloud instances, virtualized environments, mobile endpoints and other assets outside of the traditional, tightly-controlled network perimeter.

They were concerned that this lack of visibility could lead to an increase in employee use of unapproved personal devices and unauthorized software, as well as to data breaches.

Continue reading …

Automated Asset Inventory: It’s a Visibility Thing

Asset VisibilitySeveral years ago, Max, the CISO of a large manufacturer, realized that his organization’s formerly homogeneous, self-contained IT environment had lost its clearly delineated perimeter. Instead, it had become a hybrid environment with blurred borders, made up of a mix of legacy on-premises systems, new cloud workloads, and a variety of mobile endpoints.

Continue reading …

Checklist: Qualys Top 10 Tips for a Secure & Compliant 2017

With 2017 still in its infancy, plenty of time remains for InfoSec practitioners to make concrete strides toward better security and compliance in their organizations. That’s why to help you start off the year on the right foot, we’ve shared best practices, ideas and recommendations in our Qualys Top 10 Tips for a Secure & Compliant 2017 blog series.

Continue reading …

Information Security and Compliance: New Year’s Resolutions You Can Keep

A new year has started, giving InfoSec professionals the perfect opportunity to evaluate what’s working and what’s not in their organizations, and, filled with that early-January optimism, set out to do better.

In that spirit of improvement and renewal, Qualys is kicking off today a blog series that outlines helpful tips — not just flimsy resolutions — for ensuring data security and compliance throughout the year.

In this initial post, we’ll discuss the first three of the Qualys Top 10 Tips for a Secure & Compliant 2017, addressing the importance of IT asset visibility, proper management of vulnerabilities, and continuous monitoring.

Continue reading …

Qualys AssetView New Features

This release of the Qualys Cloud Platform 2.11 includes new features for the Qualys AssetView Service – a service that lets your company search for information across your entire environment, scaling to millions of assets for organizations of all sizes. Qualys AssetView provides search capabilities for multiple data sources in your environment, including data from: Free Inventory with Qualys Cloud Agent, optional VM or PC features of Cloud Agent, and also agentless scan sources.  This feature replaces the Asset Management module in your account once enabled, and can be activated by contacting your Technical Account Manager or Technical Support.

Continue reading …