This new release of the Qualys Cloud Suite, version 8.4, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.
Qualys’ library of built-in policies makes it easy to comply with commonly-adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware. We are also expanding our coverage of mandate-based policies with out of the box coverage of industry and government regulations such as PCI and HIPAA.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.
We will be releasing new controls that will require some customers to make changes to their Oracle targets.
For customers that grant granular permissions to allow access to our Oracle assessment capabilities, new CID’s are being released that require additional rights to be granted. Failure to grant the new rights will result in an error when you assess your Oracle environment.
Summary: This is a minor change to add flexibility in expanded platform support. There will be no downtime with this update, but you will need to make changes to policies and possibly some controls being used against Windows 2012 R2 or Windows 8.1.
This new release of the Qualys Cloud Suite includes multiple improvements to Vulnerability Management and Policy Compliance.
- Qualys Cloud Platform Updates
- New Getting Started Tutorials
- Forgot Password Workflow
- Expired Password Options
- Ability to Delete Empty Networks
- Cisco IOS Authentication – Support for Cyber-Ark PIM Suite Vaults
- Run Scheduled Reports on Demand
- Download Email List from Distribution Group
- General UI Improvements
- New Authentication Vault API
- Vulnerability Management (VM) Updates
- Policy Compliance (PC) Updates
Qualys Cloud Suite 8.3 will be released in production in the coming weeks and includes enhancements to Vulnerability Management (VM) and Policy Compliance (PC), the Qualys Cloud Platform and the API.
For release notifications containing details specific to each platform, including the release date, and to subscribe to release notifications for your platform, please see the following:
- US Platform 1 Release Notification
- US Platform 2 Release Notification
- EU Platform Release Notification
This new release of the Qualys Cloud Suite of Security and Compliance Applications includes multiple improvements to Vulnerability Management and Policy Compliance designed to improve ease of use, add reporting options and features, and expand platform support including compliance scanning for Amazon EC2.
Feature highlights include:
- Asset Tag Support in Remediation Policies in Vulnerability Management
- Policy Library and Reporting Improvements in Policy Compliance
- Compliance Scanning support for Amazon EC2 in Policy Compliance
- Several core improvements including:
- New Authentication Dashboard with drill down support
- Account Activity page
- Customizable report footers
- Improved date picker
- Notification improvements
- Platform support for Microsoft IIS 8
Comply with PCI DSS 3.0 using Mandate-Based Reporting in Qualys Policy Compliance
We are excited to announce an ‘out-of-box’, ready-to-use mandate-based policy for PCI DSS 3.0 consisting of security checks which automate assessment of ‘In-scope’ PCI assets. This policy will greatly simplify the process merchants have to go through to validate PCI compliance for a key set of technical controls that need to be validated across a wide set of different technologies. Qualys Policy Compliance can now automatically scan for all these PCI controls and provide you a detailed report that you can use to demonstrate ongoing compliance.
QualysGuard 8.0 adds the following capabilities to the QualysGuard Cloud Platform and its suite of services:
- Featured Enhancement: Overlapping IP support
- Vulnerability Management
- Improvements to the SSL Certificates List
- Configure Multiple PCI Option Profiles
- Security Risk Score Summary Added to XML and CSV Reports
- Policy Compliance
- Golden Image Policy Organized Into Sections
- Select Individual IPs for Your Policy Reports
- Control Checksum Requirement Removed from Policy XML
- QualysGuard Platform
- New Look and Feel for QualysGuard Express
- Improved IP Selection
- QualysGuard API Enhancements
An update to QualysGuard 7.12 will be released in production in the coming weeks to introduce improvements to the QualysGuard Cloud Platform and API:
- New Permission to Manage External IDs
- Dissolvable Agent Per Scan
- QualysGuard API Enhancements
Update: Also see details on the update to QualysGuard 7.12.
QualysGuard 7.12 will be released in production in the coming weeks and includes enhancements to QualysGuard Vulnerability Management (VM) and Policy Compliance (PC) reports, and API.
Highlights include: new Certificate (SSL) Dashboard, new VM Authentication Report, Test Control function in the Policy Editor, and API enhancements.