Here’s a common scenario organizations increasingly face: Too many web apps with too many vulnerabilities and no chance for immediate remediation.
In the interim, the organization is left exposed to potentially devastating breaches, at a time when web apps have become one of cyber attackers’ favorite targets.
In recent years cybercrime has gone from an array of independent hackers to a global industrialized operation that utilizes collaboration, worldwide coordination and advanced criminal techniques to evade detection. One would expect this increased organization and sophistication would improve the speed at which “hackers hack.” And you would be correct: according to a recently released report, the time between an exploit announcement and the first attack is typically just 7.5 days, down from just under 10 days in 2008.
Your organization is likely already struggling with meeting internal and regulatory requirements for patch times. In addition, vulnerabilities and their risk to the organization are increasing each day, as hackers are now able to weaponize new vulnerabilities faster than ever.
Updating your computer software for security purposes should be a no-brainer, after all we have been working on this issue for the last 10+ years and it should be a solved problem. Nevertheless, many people use their PCs basically as they received it, ignoring patch warnings, thinking it does not apply to them:
(from a recent dialogue that I had on a news/comment site) or believe they have more important things to do:
Today Microsoft pulled an Office 2013 UI update for Outlook (KB2817630) from the Windows update servers. The update was meant to improve usability of Outlook 2013, but in certain conditions rendered the Navigation pane in Outlook unusable.
The update KB2817630 applies only to Office 2013 and is unrelated to security bulletin MS13-068, which applies only to Microsoft Office 2007 and 2010, and which we continue to recommend as a high priority security update.
QualysGuard Express Lite is a new version of our cloud service, designed specifically to help small businesses with limited IT budgets and staff secure their systems. It combines the power of the QualysGuard Cloud Platform with a new, step-by-step web browser interface that guides you through scanning for vulnerabilities, generating easy-to-understand reports, prioritizing what to fix first, and simplifying compliance with mandates such as PCI.
Express Lite brings three popular Qualys solutions together into one subscription package: