All Posts

40 posts

New Features in Qualys Vulnerability Management and Policy Compliance

Today we are excited to announce several new features, workflows, and new technology support in Qualys Vulnerability Management and Policy Compliance.

These new features will be deployed as a part of QWEB 10.0 and Portal 3.0 release versions.

Continue reading …

Policy Compliance Library Updates, March 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The March release introduces 3 CIS Benchmark policies, 6 DISA STIG policies, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

Continue reading …

Automatically Discover, Prioritize and Remediate Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys VMDR

A severe vulnerability exists in Apache Tomcat’s Apache JServ Protocol. The Chinese cyber security company Chaitin Tech discovered the vulnerability, which is named “Ghostcat” and is tracked using CVE-2020-1938The security issue has received a critical severity rating score of 9.8 based on CVSS v3 Scoring system. 

Vulnerability Details:
Due to a file inclusion defect in the AJP service (port 8009) that is enabled by default in Tomcat, an attacker can construct a malicious request package for file inclusion operation, and then read the web directory file on the affected Tomcat server. If the system allows users to upload files, an attacker can upload malicious code to the server, and gain the ability to perform remote code execution.

Continue reading …

Policy Compliance Library Updates, February 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The February release includes 8 CIS Benchmark policies, 4 Qualys Security Configuration and Compliance policies, and 1 mandate [MARS-Ev2] policy. Apart from adding a new technology support, it also provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS at CIS has been updated.

Continue reading …

Policy Compliance Library Updates, January 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.Policy Library

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The January release includes 5 CIS Benchmark policies, 4 Qualys Security Configuration and Compliance policies, and 1 DISA STIG policy. Apart from adding a new technology support, it also provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

Continue reading …

Policy Compliance Library Updates, December 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

Continue reading …

Qualys Cloud Platform 8.22 New Features (VM, PC)

Update December 11, 2019: See additional details about this release.

The 8.22.0 release adds several new features in Qualys Cloud Platform, adds a new API in Policy Compliance and support for 2 new technologies for OCA.

Continue reading …

Policy Compliance Library Updates, November 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The November release adds support to 3 new technologies, includes 1 new CIS Benchmark policy and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

Continue reading …

Qualys Cloud Platform 8.21.7 New Features

Update November 27, 2019: The features referenced in this blog post will be released in Qualys Cloud Platform release 8.22.

Update November 19, 2019: The features referenced in this blog post will be released in the next Qualys Cloud Platform release scheduled for December 2019, and will be announced separately. We apologize for any confusion this may have caused.

Original Post: The upcoming release of the Qualys Cloud Platform (VM, PC), version 8.21.7, will include new features in Qualys Cloud Platform, Vulnerability Management, and Policy Compliance.

Continue reading …

Policy Compliance Library Updates, October 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The October release includes the following new policy and updates:

  • 2 new technologies for OCA
  • 7 new technologies for Scanner
  • 10 new CIS Benchmark policies
  • 3 new browser policies for Cloud Agent
  • 11 new Industry and Best Practice policies
  • 1 new DISA STIG policy
  • 1 Microsoft Security Baseline policy
  • More than 100 updated policies

Qualys’ Certification Page at CIS has been updated.

Continue reading …