All Posts

30 posts

Qualys Cloud Suite 8.9.1 New Features

This new patch release of the Qualys Cloud Suite, version 8.9.1, includes updates for Cloud-based scanner deployments, VM Reporting Enhancements, and expanded platform coverage for PC.

Cloud Platform: Added EC2 Proxy Server support for the connector and the ability to identify the provider for scanners deployed in cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

Vulnerability Management: Improvements from customer requests for a number of VM Reports and ability to set reopen date for Remediation Tickets.

Policy Compliance: Expanded platform coverage for Microsoft IIS 10, Pivotal Webserver 6, Docker and Windows Server 2016.

Continue reading …

Qualys Cloud Suite 8.9 New Features

This new release of the Qualys Cloud Suite, version 8.9, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

Cloud Platform: Several significant improvements are included in this release for Authentication including: SSH2 certificate support for UNIX authentication, Vault expansion to support Cyber-Ark AIM, Cisco NX-OS Authentication Records, along with improvements to MS SQL Authentication. Additionally, improvements to scan-related tasks including overlapping scan prevention and network support for external scanners are included in this release.

Vulnerability Management: This release is focused on features to simplify scan processing, improve asset identification, and expand remediation workflow options. A variety of reporting improvements from customer requests were also implemented.

Policy Compliance:  We’re excited to announce that Policy Compliance now supports tag-based asset association with policies! Additionally, we’ve expanded UDC coverage, added new platforms, improved scanning workflow, and added policy locking to meet auditor requirements. You can now also export UDC’s with your Policy export. Continue reading …

QualysGuard 8.0 New Features

QualysGuard 8.0 adds the following capabilities to the QualysGuard Cloud Platform and its suite of services:

  • Featured Enhancement: Overlapping IP support
  • Vulnerability Management
    • Improvements to the SSL Certificates List
    • Configure Multiple PCI Option Profiles
    • Security Risk Score Summary Added to XML and CSV Reports
  • Policy Compliance
    • Golden Image Policy Organized Into Sections
    • Select Individual IPs for Your Policy Reports
    • Control Checksum Requirement Removed from Policy XML
  • QualysGuard Platform
    • New Look and Feel for QualysGuard Express
    • Improved IP Selection
    • QualysGuard API Enhancements

Continue reading …

Qualys To Decommission Scan Job “Dispatcher”, Migrate All Subscriptions To “New Scanner Services”

Qualys will decommission its legacy platform scan distribution service, "Dispatcher", in favor of New Scanner Services, which has been in operation since 2010.  The vast majority of user subscriptions have already been migrated to New Scanner Services, and Qualys will now begin a final push to migrate all remaining subscriptions.  The migration action requires no user action and is non-disruptive except in special circumstances, as described below.

This document outlines the process that will occur and provides guidance on what to expect.  If you have further questions, you may contact your Qualys reseller contact; your Qualys account manager; and/or Qualys support. Details about the migration schedule are at the end of this blog post.

Continue reading …

QualysGuard 7.12 Update: Multiple New Enhancements

An update to QualysGuard 7.12 will be released in production in the coming weeks to introduce improvements to the QualysGuard Cloud Platform and API:

  • New Permission to Manage External IDs
  • Dissolvable Agent Per Scan
  • QualysGuard API Enhancements

Continue reading …

QualysGuard 7.11 Update: New Vulnerability Notification Feature

The new QualysGuard Vulnerability Notification feature allows you to configure QualysGuard to send email notifications to users about new and updated vulnerabilities in the QualysGuard KnowledgeBase. An update to QualysGuard 7.11 will be released in production in the coming weeks to introduce this feature.

Continue reading …

QualysGuard 7.11 New Features

QualysGuard 7.11 will be released in production in the coming weeks and includes enhancements to QualysGuard Vulnerability Management (VM) and Policy Compliance (PC) reports, and API.

Highlights include: ability to rerun a report, new “Host Scan Date” filter and “Vulnerability Fixed On” date filter for the vulnerability scorecard report, and API enhancements.

Continue reading …

QualysGuard 7.10 New Features

QualysGuard 7.10 will be released in production in the coming weeks and includes enhancements to QualysGuard Cloud Platform, Vulnerability Management (VM), Policy Compliance (PC) and API.

New QualysGuard Express Lite

The new service offering QualysGuard Express Lite for SMBs is launched with this release.

img1

QualysGuard Cloud Platform Enhancements

Redesigned Application Picker: In this release, the application picker has been redesigned with a new look & feel to clearly show to users the various applications available in their subscriptions.

Continue reading …

Qualys Introduces Express Lite for Small Businesses

Qualys today announced Qualys Express Lite, a small business version of our suite of integrated security and compliance solutions. The new cloud offering delivers the full power of the Qualys Cloud Platform to small and medium-sized businesses (SMBs) so they can better protect themselves against Internet attackers and simplify compliance with PCI and regulatory mandates. Qualys Express Lite is accessible directly from any web browser without buying servers or installing software, making it easy to use and affordable for organizations with limited IT security budgets and expertise.

Small businesses are increasingly facing the threat of Internet attacks. As Symantec recently reported, “the largest growth area for targeted attacks in 2012 was businesses with fewer than 250 employees; 31% of all attacks targeted them” (Symantec Internet Security Threat Report 2013, page 4). That same report also found that thieves are breaking into small businesses in order to “leap frog” into larger companies that may be working with the SMB.

“We’re excited that Qualys Express Lite will make security simple and accessible for our small business customers,” said Doug Davidson, president and CEO for Jacadis. “As a cloud-based service, it’ll be an easy, affordable way to meet vulnerability scanning requirements, as well as provide security and compliance monitoring.”

Read the full announcement or learn more about Qualys Express Lite.

QID for Latest JAVA SE Critical Patch Released Tonight

Oracle just released an extremely important critical patch for Java. It fixes an impressive number of vulnerabilities, and it is recommended to install this update as fast as possible. You can read more about this here: http://laws.qualys.com/2013/02/oracle-releases-early-cpu-for.html

And here is the official page on the Oracle website: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

A new QID “120832 – Oracle Java SE Critical Patch Update – February 2013” has been released and you can use QualysGuard VM to scan your network to find the systems that require the patch.

Here is a report that gives you a preview of the details of a report for this QID, including a list of known exploits that are available for some of the vulnerabilities that are fixed by this patch: