All Posts

4 posts

Office Depot Extends the Value of Cloud-based Security via Qualys APIs

When Office Depot went looking for a new vulnerability management system, it picked Qualys’ for several reasons, including the variety and capabilities of its application programming interfaces (APIs). This was the topic of a recent talk by Office Depot Director of Global Information Security Jon Scheidell.

Since deploying Qualys Vulnerability Management (VM) about three years ago, the office supply chain has made ample and effective use of Qualys APIs in ways that have helped improve its overall security posture and its business operations.

“They’re one of the security vendors that does a better job of not only creating APIs for different features but also documenting them very, very well,” Scheidell said during a recent presentation at the Black Hat USA 2016 conference.

Qualys has always prioritized the extensibility of its platform via APIs, starting in the early 2000s with the release of its first product, and it has intensified its API efforts in the last four or five years.

Today, almost all of the major functions of the Qualys Cloud Platform are accessible to third party developers via APIs. In addition to Vulnerability Management, Qualys offers complete API sets for Web Application Scanning, Web Application Firewall, Policy Compliance, Continuous Monitoring, Malware Detection and the platform’s underlying asset management and tagging functionality.

Continue reading …

New Qualys App for Splunk Enterprise Adds Real-time Dashboard and Analytics for Web Application Scanning

The newly released Qualys Web Application Scanning (WAS) App for Splunk Enterprise delivers information about affected web applications and prevalent vulnerabilities into the Splunk dashboard, and enables preconfigured searches and reports, for customers using both Qualys and Splunk. Just like with Qualys WAS, this new app also helps you analyze consistent WAS data across application lifecycles, detect unauthorized apps and rapidly harden your web apps with Qualys Web Application Firewall (WAF).

Continue reading …

New Qualys App for Splunk Enterprise Delivers Real-time Dashboard and Analytics for Security and Compliance Data

Many customers that use the Qualys Cloud Platform for vulnerability management are also using Splunk Enterprise to collect their security and compliance data. Thanks to the new Qualys VM App for Splunk Enterprise with the included Qualys Technology Add-on (TA), customers can monitor and evaluate real-time threat alerts and analysis through a single dashboard. With this unified perspective, customers achieve a more complete picture as well as a streamlined workflow – across their entire infrastructure.

Continue reading …

RSA 2014: Automating the 20 Critical Security Controls

Earlier today I gave a presentation at RSA Conference 2014 in San Francisco about the 20 Critical Security Controls (CSC) and some ideas on how to implement them using QualysGuard. The document for the 20 CSC provides a number of suggestions for each control, called Quick Wins that point out aspects of the controls that are relatively easy to implement. One example is the detection of new machines, or how to report on machines that do not run an approved version of the operating system.

Continue reading …