Back to qualys.com
18 posts

QSC18 Virtual Edition: Securing Hybrid IT Environments from Endpoints to Clouds

As organizations embrace digital transformation to boost business processes, traditional IT environments get altered, becoming distributed, elastic and hybrid.  “That’s creating a new challenge for security,” Chris Carlson, Qualys’ Product Management VP, said during QSC18 Virtual Edition.

As elements like cloud services, mobility, IoT, and DevOps are incorporated into IT environments, security teams often struggle with asset visibility, credential issues, authentication failures, remote-user scanning, and scheduled scan ineffectiveness.

But these challenges also offer “an opportunity to redefine how security programs and controls are done,” he said during his presentation titled “Securing Hybrid IT Environments from Endpoints to Clouds.” 

Carlson went on to explain how organizations can secure digital transformation efforts with Qualys’ platform, and emphasized the benefits of Cloud Agent sensors. Read on to learn more.

Continue reading …

Continuous Security and Compliance Monitoring for Global IT Assets

In today’s information security world, all assets everywhere must be detected, visible, protected and compliant — all the time. It’s no longer enough to rely on “point in time” security and compliance assessments, such as scheduled weekly or monthly scans on handpicked critical servers.

“You must transition to continuous security and compliance monitoring of all of your global IT assets,” Chris Carlson, a Vice President of Product Management at Qualys, said during a recent webcast.

The reasons for this shift are many and varied, and include these three key ones:

Continue reading …

Qualys Cloud Platform 2.31 New Features

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows.

Continue reading …

New ‘Silence’ Banking Trojan copies Carbanak to Steal from Banks (Analysis with IOCs)

Dark Reading is reporting on a new banking trojan called ‘Silence’ that mimics techniques similar to the Carbanak hacker group targeting banks and financial institutions.  The attack vector is similar – target individuals using spear-phish emails to trick them into running a malicious attachment which will connect to download a dropper to further infect the user’s machine.  This attack does not use an exploit against a vulnerability, but rather takes advantage of social engineering to fool the user into executing the malicious payload and infecting their machine.

Silence is interesting in that the trojan’s capabilities include a screen grabber that will take multiple screenshots of the user’s active monitor and upload the real-time stream to a command and control server for monitoring by the adversary.  This technique allows the threat actor to identify which users have access to specific banking applications, systems, and accounts that they can use for financial gain.

Continue reading …

Qualys Cloud Platform 2.30 New Features

This release of the Qualys Cloud Platform version 2.30 includes updates and new features for Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows.  (This posting has been updated on 9/6/2017 and 10/25/2017 to reflect new feature capabilities in the release, as noted below.)

Continue reading …

Qualys Cloud Platform 2.28 New Features

This release of the Qualys Cloud Platform version 2.28 includes updates and new features for Cloud Agent, AssetView, ThreatPROTECT, Security Assessment Questionnaire and Web Application Scanning, highlights as follows:

Continue reading …

Qualys Cloud Platform 2.27 New Features

This release of the Qualys Cloud Platform version 2.27 includes updates and new features for Cloud Agent and AssetView as follows:

Continue reading …

Qualys Support for Reserve Bank of India (RBI) Cyber Security Guidelines

Reserve Bank of India (RBI), India’s central banking and monetary authority, points out that the number, frequency, and impact of cyber incidents on Indian banks has increased substantially. Like their peers globally, Indian banks are committed to maintaining customer trust, protecting financial assets, and preserving their own brand and reputation as the industry will remain a top target of cybercriminals using increasingly sophisticated methods. Thus, it is urgent that banks continue to improve their cyber defenses.

In a race to adopt technology innovations, the exposure to cyber incidents/attacks has also increased, thereby underlining the urgent need to put in place a robust cyber security and resilience framework. The Reserve Bank of India has provided guidelines on Cyber Security Framework vide circular DBS.

Continue reading …

Qualys Cloud Platform 2.25 New Features

This release of the Qualys Cloud Platform version 2.25 includes updates and new features for Cloud Agent, ThreatPROTECT, and Web Application Scanning as follows:

Continue reading …

Qualys Cloud Platform 2.23 New Features

This release of the Qualys Cloud Platform version 2.23 includes updates and new features for AssetView, Cloud Agent, AWS Region Support, Security Assessment Questionnaire and Web Application Scanning as follows:

Continue reading …