This new release of the Qualys Cloud Platform (VM, PC), version 8.13, includes several new feature improvements across the apps such as the ability to test authentication records, as well as improvements to UDC’s and report options in Qualys Policy Compliance.
Qualys Product Management Director Tim White and SANS Institute Analyst John Pescatore did a deep dive into the Center for Internet Security’s Critical Security Controls during a recent webcast, and answered questions from audience members about these 20 foundational security practices, and about the importance of maintaining basic security hygiene.
In this blog post, we’re providing edited transcripts of their answers to all the questions, including those that they didn’t have time to address during the one-hour webcast, which was titled “Automating CIS Critical Security Controls for Threat Remediation and Enhanced Compliance.” We hope you find their explanations insightful and useful.
In addition, if you didn’t catch the webcast live, we invite you to listen to the CIS controls webcast recording. We also encourage you to download a copy of a highly detailed guide that maps the CIS controls and sub-controls directly to specific features in Qualys apps.
This new release of the Qualys Cloud Suite, version 8.11, adds several new major features including:
- Customizable Login Banners
- New VM features including QID Changelog View, PCAP Scanning in Express Lite subscriptions, Scanning Options, and Timestamps on IG QID’s.
- PC improvements to File Monitoring UDC as well as Policy Compliance Reporting Options.
- Expanded Policy Compliance platform support including Palo Alto Firewall, MongoDB, and Apache Tomcat on Windows.
This new release of the Qualys Cloud Suite, version 8.10, includes new capabilities and improvements to for VM, PC and shared platform improvements:
- Authentication Vault integration with BeyondTrust
- Mandate-Based reporting for Policy Compliance to simplify reporting against multiple mandates and audit frameworks.
- Expanded support & features for scanning Cloud Environments such as Amazon EC2, Azure, and Google GCE.
- VM Scanning, Reporting, and SSL Labs Improvements
- Ability to export/import UDC definitions with Policy XML and Qualys Library Content
- Policy Compliance support for PostGRE SQL and UDC Support for Amazon Linux 2016
- Qualys Cloud Platform 8.10 (VM/PC) API Notification 1
- Qualys Cloud Platform 8.10 (VM/PC) API Notification 2
On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows. Exploiting these vulnerabilities in many cases leads to remote code execution and full system access.
Both end-of-support and current Windows versions are impacted, including Windows 2003, XP, Vista, 7, 2008, 8, and 2012. Microsoft has released patches for each vulnerability across all supported platforms, but will not be releasing patches for end-of-support versions of Windows. It is highly recommended that any end-of-support Windows systems be replaced or isolated, as these systems will often be impacted by new vulnerabilities, without the availability of a patch.
For zero-day vulnerabilities in Operating Systems, you can use your existing asset inventory information from Qualys AssetView, and search for any OS to determine how many vulnerable assets are deployed. This can be done without additional scanning if the data is relatively fresh.
A new zero-day vulnerability (CVE-2017-7269) impacting Microsoft IIS 6.0 has been announced with proof-of-concept code. This vulnerability can only be exploited if WebDAV is enabled. IIS 6.0 is a component of Microsoft Windows Server 2003 (including R2.) Microsoft has ended support for Server 2003 on July 14, 2015, which means that this vulnerability will most likely not be patched. It is recommended that these systems be upgraded to a supported platform. The current workaround is to disable the WebDAV Web Service Extension if it is not needed by any web applications.
The Qualys Cloud Platform can help you detect the vulnerability, track and manage Server 2003 Assets, as well as block exploits against web-based vulnerabilities like this one.