This week saw news of self-propagating worms in the container landscape to perform unsanctioned computation tasks such as cryptojacking. This blog post is intended for Qualys customers and partners to understand how such container attacks work, provide security best practice recommendations & walkthrough related Qualys product portfolio functionality.
After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we’ve published the new guide, Assess Vulnerabilities and Misconfiguration in CI/CD Pipelines.
The first day of Qualys Security Conference 2018 was a big one. Both CEO Philippe Courtot and Qualys chief product officer Sumedh Thakar detailed the challenges faced by many of today’s enterprises when it comes to the growth of cloud and the complexity of their hybrid environments. And they shared their visions of the road ahead on how enterprises can find ways to effectively manage their cloud environments and digital transformation efforts ahead.
A big theme of the day was how cloud security brings complexity and lack of visibility into modern environments.
Additionally, Qualys VP of engineering Dilip Bachwani provided a look at how the Qualys Cloud Platform is built to scale and perform; Jimmy Graham spoke on obtaining real-time vulnerability management, and attendees learned how to better secure their cloud deployments, containers, and web applications.
Enterprises are moving full steam ahead when it comes to their digital transformation efforts. They’ve aggressively adopted cloud infrastructure and other cloud services, IoT, application containers, serverless functionality, and other technologies that are helping their organization to drive forward.
Those organizations that are way down the road in their digital transformation efforts say that they’ve witnessed improved business decision-making – both when it comes to making better decisions and when it comes to making those decisions more rapidly. They also say that they’ve improved their customer relationships by delivering an improved customer digital experience.
So it’s time to celebrate and declare digital victory, right?
Hold off before we book the band and order the champagne for the big party. In fact, those who want to move forward securely and confidently in their risk and regulatory compliance postures have some challenges ahead.
This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements:
- Authentication Vault integration with BeyondTrust
- Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and audit frameworks.
- Expanded support & features for scanning Cloud Environments such as Amazon EC2, Azure, and Google GCE.
- VM Scanning, Reporting, and SSL Labs Improvements
- Ability to export/import UDC definitions with Policy XML and Qualys Library Content
- Policy Compliance support for PostGRE SQL and UDC Support for Amazon Linux 2016
- Qualys Cloud Platform 8.10 (VM/PC) API Notification 1
- Qualys Cloud Platform 8.10 (VM/PC) API Notification 2
The SANS Institute recently released its 2017 report on cybersecurity trends. We examined the report’s six threat trends in a recent blog post, as well as in a webcast with the report’s author, security analyst John Pescatore, and with Qualys Product Management Vice President Chris Carlson. Now, we’re providing you with a useful checklist to help put you in a better position to respond these trends, which are expected to continue to dominate this year.
A major challenge for enterprise InfoSec teams is keeping their finger on the pulse of two constantly changing elements: external cyber threats and internal technology needs.
Staying a step ahead and proactively adjusting their organization’s security posture accordingly is a must in order to keep attack risks as low as possible. So what are the major shifts in threats and business technology use that CISOs and their staff face in 2017? And how should they respond to these changes?
You will find comprehensive answers to those and other critical InfoSec questions in a new SANS Institute whitepaper written by security analyst John Pescatore.
Philippe Courtot at Qualys Security Conference: Achieving Security When Everything is Connected to Everything
LAS VEGAS – Philippe Courtot, Qualys (QLYS) founder and CEO, in his keynote address today at the Qualys Security Conference 2015, spoke to the massive and rapid evolution in business-technology systems currently underway in the enterprise. They are grappling with the complexities of securing their information in the public and private cloud, on mobile devices, and the data gathered by all of the sensors associated with the Internet of Things. Enterprises are “faced with the challenge of having to retool their entire infrastructure,” Courtot said.