This release of the Qualys Cloud Platform version 2.36 includes updates and new features for AssetView (Cloud Assets and Cloud Agents) and Web Application Scanning, highlights as follows.

Continue reading …

Qualys is extending the Cloud Agent capabilities for users of the Policy Compliance (PC) application by letting them define controls.

Until now, the Cloud Agent could only assess Qualys PC’s “out of the box” controls. By adding support for user defined controls (UDC), Qualys PC users now can use Cloud Agents to evaluate those types of controls. UDCs allows users to create their own controls dynamically, as needed, without having to submit control requests to Qualys development.

The UDC controls you’ve already defined in your Qualys Policy Compliance account for compliance scanning will also be evaluated by Qualys Cloud Agent with no action required from you.

Continue reading …

This release of the Qualys Cloud Platform version 2.35 includes updates and new features for AssetView, Cloud Agent, Security Assessment Questionnaire, and Web Application Scanning, highlights as follows.  (Note: this post has been edited after publishing to remove the Rule-Based Method to Purge/Uninstall Cloud Assets and Cloud Agents, and Azure Cloud Connector, which will be available in a subsequent release.)

Continue reading …

This release of the Qualys Cloud Platform version 2.34.1 includes updates and new features for Cloud Agent & AWS EC2 Connector, AssetView, CloudView, and Security Assessment Questionnaire, highlights as follows.

Continue reading …

This release of the Qualys Cloud Platform version 2.34 includes updates and new features for Cloud Agent, EC2 Connector, Continuous Monitoring, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows.

Continue reading …

The digital transformation revolution waits for — and spares — no one. It forces all businesses to adopt tech innovations, like cloud, IoT and mobility, and to protect the resulting IT environments as they become hybrid, distributed and elastic.

With traditional network perimeters dissolved, securing digital transformation efforts gets more challenging by the day, especially for smaller organizations. That’s why Qualys is putting its Qualys Cloud Platform at the disposal of this underserved small-business market — for free.

With the new Qualys Community Edition, smaller organizations will now have access — at no charge — to the cloud-based security that many of the world’s largest companies rely upon to protect their global IT environments.

By tapping the robust, massively scalable Qualys Cloud Platform, they’ll be able to discover IT assets and their vulnerabilities, identify compliance gaps and get detailed, customizable reports.

The Qualys Community Edition is not only aimed at organizations that’ll use it internally. It’s also intended for smaller security practitioners that want to provide exceptional assessments to clients, outclass their competitors and boost revenues.

Continue reading …

As organizations embrace digital transformation to boost business processes, traditional IT environments get altered, becoming distributed, elastic and hybrid.  “That’s creating a new challenge for security,” Chris Carlson, Qualys’ Product Management VP, said during QSC18 Virtual Edition.

As elements like cloud services, mobility, IoT, and DevOps are incorporated into IT environments, security teams often struggle with asset visibility, credential issues, authentication failures, remote-user scanning, and scheduled scan ineffectiveness.

But these challenges also offer “an opportunity to redefine how security programs and controls are done,” he said during his presentation titled “Securing Hybrid IT Environments from Endpoints to Clouds.” 

Carlson went on to explain how organizations can secure digital transformation efforts with Qualys’ platform, and emphasized the benefits of Cloud Agent sensors. Read on to learn more.

Continue reading …

In today’s information security world, all assets everywhere must be detected, visible, protected and compliant — all the time. It’s no longer enough to rely on “point in time” security and compliance assessments, such as scheduled weekly or monthly scans on handpicked critical servers.

“You must transition to continuous security and compliance monitoring of all of your global IT assets,” Chris Carlson, a Vice President of Product Management at Qualys, said during a recent webcast.

The reasons for this shift are many and varied, and include these three key ones:

Continue reading …

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows.

Continue reading …

Dark Reading is reporting on a new banking trojan called ‘Silence’ that mimics techniques similar to the Carbanak hacker group targeting banks and financial institutions.  The attack vector is similar – target individuals using spear-phish emails to trick them into running a malicious attachment which will connect to download a dropper to further infect the user’s machine.  This attack does not use an exploit against a vulnerability, but rather takes advantage of social engineering to fool the user into executing the malicious payload and infecting their machine.

Silence is interesting in that the trojan’s capabilities include a screen grabber that will take multiple screenshots of the user’s active monitor and upload the real-time stream to a command and control server for monitoring by the adversary.  This technique allows the threat actor to identify which users have access to specific banking applications, systems, and accounts that they can use for financial gain.

Continue reading …