Qualys Blog

www.qualys.com
26 posts

Qualys Cloud Suite 8.9.3 New Features

This new patch release of the Qualys Cloud Suite, version 8.9.3, includes updates for cloud-based scanner deployments and tagging improvements.

Continue reading …

Qualys Cloud Suite 8.9.1 New Features

This new patch release of the Qualys Cloud Suite, version 8.9.1, includes updates for Cloud-based scanner deployments, VM Reporting Enhancements, and expanded platform coverage for PC.

Cloud Platform: Added EC2 Proxy Server support for the connector and the ability to identify the provider for scanners deployed in cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

Vulnerability Management: Improvements from customer requests for a number of VM Reports and ability to set reopen date for Remediation Tickets.

Policy Compliance: Expanded platform coverage for Microsoft IIS 10, Pivotal Webserver 6, Docker and Windows Server 2016.

Continue reading …

Qualys Cloud Suite 8.9 New Features

This new release of the Qualys Cloud Suite, version 8.9, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

Cloud Platform: Several significant improvements are included in this release for Authentication including: SSH2 certificate support for UNIX authentication, Vault expansion to support Cyber-Ark AIM, Cisco NX-OS Authentication Records, along with improvements to MS SQL Authentication. Additionally, improvements to scan-related tasks including overlapping scan prevention and network support for external scanners are included in this release.

Vulnerability Management: This release is focused on features to simplify scan processing, improve asset identification, and expand remediation workflow options. A variety of reporting improvements from customer requests were also implemented.

Policy Compliance:  We’re excited to announce that Policy Compliance now supports tag-based asset association with policies! Additionally, we’ve expanded UDC coverage, added new platforms, improved scanning workflow, and added policy locking to meet auditor requirements. You can now also export UDC’s with your Policy export. Continue reading …

Qualys Cloud Suite 8.8 New Features

A new release of the Qualys Cloud Suite, version 8.8, is targeted for release in July and includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

Cloud Platform: Asset Search has been improved making it easier to find, report and take actions on assets via the Asset Search Report. Several improvements to enforce security levels for Windows authentication were added, along with new options for scanner replacement, IPv6 Configuration, and stored data retention.

Vulnerability Management: Several exciting new features are available in VM in this release including CVSS version 3 and the ability to close vulnerabilities for “dead hosts” following a scan. Additional attributes are now available when downloading KnowledgeBase and in Vulnerability Notifications.

Policy Compliance: We are continuing the expansion of application technology assessment with the addition of Oracle WebLogic, IBM HTTP Server 8, IBM WebSphere 8, and assessment for Checkpoint Firewall. Improvements have been made to Exception Management, and it’s now easier to associate Cloud Agent assets with Policies. We’ve also included several improvements to the User Defined Controls and released the new Windows Group Membership UDC.

Continue reading …

Qualys Cloud Suite 8.7 New Features

This new release of the Qualys Cloud Suite, version 8.7, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.  This release is scheduled to go live in March and release dates for each platform will be published on the Qualys Status page when finalized.

Continue reading …

New Qualys App for Splunk Enterprise Delivers Real-time Dashboard and Analytics for Security and Compliance Data

Many customers that use the Qualys Cloud Platform for vulnerability management are also using Splunk Enterprise to collect their security and compliance data. Thanks to the new Qualys VM App for Splunk Enterprise with the included Qualys Technology Add-on (TA), customers can monitor and evaluate real-time threat alerts and analysis through a single dashboard. With this unified perspective, customers achieve a more complete picture as well as a streamlined workflow – across their entire infrastructure.

Continue reading …

ForeScout Integrates with Qualys

ForeScout Integrates with Qualys to Provide Joint Customers Real-time Vulnerability Management Assessment and Mitigation Capabilities

Qualys and ForeScout Technologies, Inc. recently announced a partnership which integrates Qualys Vulnerability Management (VM) and ForeScout CounterACT, to provide joint customers with real-time assessment and mitigation capabilities against vulnerabilities, exposures and violations. This post will detail how the integrated solution can help organizations improve timeliness and efficacy of their vulnerability assessments, automate policy-based mitigation of endpoint security risks, and reduce security exposures and their attack surface.

Continue reading …

Qualys Cloud Suite 8.5 New Features

This new release of the Qualys Cloud Suite, version 8.5, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

Continue reading …

Qualys Cloud Suite 8.4 New Features

This new release of the Qualys Cloud Suite, version 8.4, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

Continue reading …

How to Check for Unprotected MongoDB Databases

Recently three students from University of Saarland in Germany discovered that the MongoDB databases running on several thousand commercial web servers allow remote attackers to easily access and manipulate the database from the Internet. According to their research, it is not uncommon for MongoDB databases to be configured to accept any connection from the Internet.

In this blog I will discuss how unauthorized access works and how to check if your MongoDB is exposed. Qualys Vulnerability Management has released QID 19965 to check for the same.

Continue reading …