Qualys Blog

www.qualys.com
15 posts

No More Tears: WannaCry Highlights Importance of Prompt Vulnerability Detection, Remediation

It didn’t have to happen.

That’s the simple yet profound lesson from WannaCry’s ransomware rampage that has infected 300,000-plus systems in more than 150 countries, disrupting critical operations across industries, including healthcare, government, transportation and finance.

If vulnerable systems had been patched and maintained as part of a proactive and comprehensive system configuration and vulnerability management program, the attack would have been a dud, barely registering on anyone’s InfoSec radar.

“WannaCry was totally preventable with the proper patching and the proper build configurations,” Mark Butler, Qualys’ Chief Information Security Officer (CISO), said during a webcast this week. “That’s a reminder to all of us that you didn’t have to be a victim.”

There are various workarounds for mitigating the underlying WannaCry vulnerability, but those are stopgap measures. “The primary way to remediate this vulnerability is through disciplined and timely patching,” Qualys Product Management Director Jimmy Graham said during the webcast, titled “How to Rapidly Identify Assets at Risk to WannaCry Ransomware.”

Continue reading …

For GDPR Readiness, You Need Visibility into Your IT Assets

The looming deadline for complying with the EU’s General Data Protection Regulation (GDPR) is shining the spotlight on a foundational InfoSec best practice: A comprehensive IT asset inventory.

The reason: GDPR places strict requirements on the way a business handles the personally identifiable information (PII) of EU residents. For example, companies must know what PII they hold on these individuals, where it’s kept, with whom they’re sharing it, how they’re protecting it, and for what purposes it’s being used.

An organization can’t expect to comply with GDPR if it lacks full visibility into the IT assets — hardware and software — that it’s using to process, transmit, analyze and store this data.

“If you don’t know what IT assets you’ve got, how can you effectively find the data on your network that you need to meet GDPR requirements?” said Darron Gibbard, Qualys’ Chief Technical Security Officer for the EMEA region, during a recent webcast.

Continue reading …

The Shadow Brokers Release Zero Day Exploit Tools

On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows. Exploiting these vulnerabilities in many cases leads to remote code execution and full system access.

Both end-of-support and current Windows versions are impacted, including Windows 2003, XP, Vista, 7, 2008, 8, and 2012. Microsoft has released patches for each vulnerability across all supported platforms, but will not be releasing patches for end-of-support versions of Windows. It is highly recommended that any end-of-support Windows systems be replaced or isolated, as these systems will often be impacted by new vulnerabilities, without the availability of a patch.

For zero-day vulnerabilities in Operating Systems, you can use your existing asset inventory information from Qualys AssetView, and search for any OS to determine how many vulnerable assets are deployed. This can be done without additional scanning if the data is relatively fresh.

Continue reading …

Microsoft IIS 6.0 Buffer Overflow Zero Day

A new zero-day vulnerability (CVE-2017-7269) impacting Microsoft IIS 6.0 has been announced with proof-of-concept code. This vulnerability can only be exploited if WebDAV is enabled. IIS 6.0 is a component of Microsoft Windows Server 2003 (including R2.) Microsoft has ended support for Server 2003 on July 14, 2015, which means that this vulnerability will most likely not be patched. It is recommended that these systems be upgraded to a supported platform. The current workaround is to disable the WebDAV Web Service Extension if it is not needed by any web applications.

The Qualys Cloud Platform can help you detect the vulnerability, track and manage Server 2003 Assets, as well as block exploits against web-based vulnerabilities like this one.

Continue reading …

Making Asset Inventory Actionable With a Cloud-Based System

As we’ve discussed in this blog series on automated IT asset inventory, having — or regaining — unobstructed visibility of your IT environment is key for a strong security and compliance posture.

We met Max, the CISO of a large manufacturer, whose organization progressively lost this visibility, as it adopted cloud computing, mobility, virtualization, IoT and other digital transformation technologies.

AssetView_Overview_v2_crop_searchbarWith the company’s IT environment upended and its network perimeter blurred, Max and the InfoSec team recovered control with a cloud-based, automated IT asset inventory system. This successful solution featured six key elements. In the previous posts, we addressed the first three:

This means that you need a complete and continuously updated list of IT assets, as well as granular security, compliance and system details on each one.

In this post, we’ll explain the next two requirements for an effective cloud-based IT asset inventorying system:

  • Asset criticality rankings
  • Dashboarding and reporting

Continue reading …

Qualys Cloud Platform 2.23 New Features

This release of the Qualys Cloud Platform version 2.23 includes updates and new features for AssetView, Cloud Agent, AWS Region Support, Security Assessment Questionnaire and Web Application Scanning as follows:

Continue reading …

For Complete Visibility, Dive Deep into IT Asset Discovery

In the first installment of this blog series on automated asset inventorying, we met Max, the CISO of a large manufacturer whose InfoSec team lost full visibility of the company’s hardware and software.

Dangerous blind spots appeared progressively over time as Max’s company adopted more and more digital transformation technologies, such as cloud computing, mobility, IoT, and virtualization.

Eventually, Max and his team became alarmed at the inability of their legacy on-premises security products to account for the new cloud instances, virtualized environments, mobile endpoints and other assets outside of the traditional, tightly-controlled network perimeter.

They were concerned that this lack of visibility could lead to an increase in employee use of unapproved personal devices and unauthorized software, as well as to data breaches.

Continue reading …

Automated Asset Inventory: It’s a Visibility Thing

Asset VisibilitySeveral years ago, Max, the CISO of a large manufacturer, realized that his organization’s formerly homogeneous, self-contained IT environment had lost its clearly delineated perimeter. Instead, it had become a hybrid environment with blurred borders, made up of a mix of legacy on-premises systems, new cloud workloads, and a variety of mobile endpoints.

Continue reading …

Qualys Cloud Platform 2.21 New Features

This release of the Qualys Cloud Platform version 2.21 includes new major releases of both Web Application Firewall and Web Application Scanning. The release also includes numerous updates and new features for AssetView, Cloud Agent, and Security Assessment Questionnaire as follows:

  • AssetView (Version 2.21.0) – One click access to vulnerability details for an asset and Improved filtering options for widgets.
  • Cloud Agent Platform (Version 2.2.0) – Additional tuning parameters for the agent and simplified agent OS support information.
  • Security Assessment Questionnaire (Version 2.6.0) – Improvements to Dynamic Reports, ability to customize Email templates, and ability to edit comments in responses.
  • Web Application Firewall (Version 2.0.0) – Improved virtual appliance, improved integration with Web Application Scanning, a revamped user-interface and simplified security configuration.
  • Web Application Scanning (Version 5.0.0) – Includes initial support for REST based testing, Scanner Appliance Pooling and drastic improvements to Progressive Scanning metrics.

The specific day for deployment will differ depending on the platform. Release Dates will be published on the Qualys Status page when available.

Continue reading …

Qualys Cloud Platform 2.18 New Features

Qualys Cloud Platform release 2.18 includes updates and new features for:

  • Qualys Cloud Platform (Version 2.18.0)
  • AssetView and ThreatPROTECT (Version 2.18.0)
  • Security Assessment Questionnaire (Version 2.3.0)
  • Web Application Scanning (Version 4.12.0)

Continue reading …