All Posts

60 posts

ForeScout Integrates with Qualys

ForeScout Integrates with Qualys to Provide Joint Customers Real-time Vulnerability Management Assessment and Mitigation Capabilities

Qualys and ForeScout Technologies, Inc. recently announced a partnership which integrates Qualys Vulnerability Management (VM) and ForeScout CounterACT, to provide joint customers with real-time assessment and mitigation capabilities against vulnerabilities, exposures and violations. This post will detail how the integrated solution can help organizations improve timeliness and efficacy of their vulnerability assessments, automate policy-based mitigation of endpoint security risks, and reduce security exposures and their attack surface.

Continue reading …

Qualys Cloud Suite 8.5 New Features

This new release of the Qualys Cloud Suite, version 8.5, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

Continue reading …

Qualys Cloud Suite 8.4 New Features

This new release of the Qualys Cloud Suite, version 8.4, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

Continue reading …

How to Check for Unprotected MongoDB Databases

Recently three students from University of Saarland in Germany discovered that the MongoDB databases running on several thousand commercial web servers allow remote attackers to easily access and manipulate the database from the Internet. According to their research, it is not uncommon for MongoDB databases to be configured to accept any connection from the Internet.

In this blog I will discuss how unauthorized access works and how to check if your MongoDB is exposed. Qualys Vulnerability Management has released QID 19965 to check for the same.

Continue reading …

Qualys Cloud Suite 8.3 New Features

This new release of the Qualys Cloud Suite includes multiple improvements to Vulnerability Management and Policy Compliance.

Feature Highlights

Qualys Cloud Suite 8.3 will be released in production in the coming weeks and includes enhancements to Vulnerability Management (VM) and Policy Compliance (PC), the Qualys Cloud Platform and the API.

For release notifications containing details specific to each platform, including the release date, and to subscribe to release notifications for your platform, please see the following:

Continue reading …

Qualys 8.2 New Features

This new release of the Qualys Cloud Suite of Security and Compliance Applications includes multiple improvements to Vulnerability Management and Policy Compliance designed to improve ease of use, add reporting options and features, and expand platform support including compliance scanning for Amazon EC2.

Feature highlights include:

  • Asset Tag Support in Remediation Policies in Vulnerability Management
  • Policy Library and Reporting Improvements in Policy Compliance
  • Compliance Scanning support for Amazon EC2 in Policy Compliance
  • Several core improvements including:
    • New Authentication Dashboard with drill down support
    • Account Activity page
    • Customizable report footers
    • Improved date picker
    • Notification improvements
    • Platform support for Microsoft IIS 8

Continue reading …

Sync Your VM Data Fast

Make your Qualys data your own by synchronizing it locally. Though report templates are an easy way to set up and distribute that data, they are typically not flexible enough to meet the unique requests from unique teams that crop up over time. Synchronizing your Qualys data locally and enabling all teams in your organization to query it locally, will give you the most scalable access to your data.

Continue reading …

QualysGuard 8.0 New Features

QualysGuard 8.0 adds the following capabilities to the QualysGuard Cloud Platform and its suite of services:

  • Featured Enhancement: Overlapping IP support
  • Vulnerability Management
    • Improvements to the SSL Certificates List
    • Configure Multiple PCI Option Profiles
    • Security Risk Score Summary Added to XML and CSV Reports
  • Policy Compliance
    • Golden Image Policy Organized Into Sections
    • Select Individual IPs for Your Policy Reports
    • Control Checksum Requirement Removed from Policy XML
  • QualysGuard Platform
    • New Look and Feel for QualysGuard Express
    • Improved IP Selection
    • QualysGuard API Enhancements

Continue reading …

QualysGuard 7.12 Update: Multiple New Enhancements

An update to QualysGuard 7.12 will be released in production in the coming weeks to introduce improvements to the QualysGuard Cloud Platform and API:

  • New Permission to Manage External IDs
  • Dissolvable Agent Per Scan
  • QualysGuard API Enhancements

Continue reading …

QualysGuard 7.12 New Features

Update: Also see details on the update to QualysGuard 7.12.

QualysGuard 7.12 will be released in production in the coming weeks and includes enhancements to QualysGuard Vulnerability Management (VM) and Policy Compliance (PC) reports, and API.

Highlights include: new Certificate (SSL) Dashboard, new VM Authentication Report, Test Control function in the Policy Editor, and API enhancements.

Continue reading …