Back to qualys.com
4 posts

Qualys Broadens Security Offerings for Azure

Qualys is expanding its security and compliance capabilities for Microsoft Azure, by adding protection for the on-premises Azure Stack and extending capabilities for public cloud deployments.

By using Qualys’ platform to defend hybrid IT environments, organizations get a unified view of their security posture, and can apply the same standards and processes on premises and in clouds.

“The advantages of doing so all within a single pane of glass is to reduce your total cost of ownership, and to have all the data in one place,” Hari Srinivasan, a Qualys Director of Product Management, said during a presentation at Microsoft’s Ignite 2018 conference.

That way, when a major attack like WannaCry is unleashed, organizations can quickly assess their risk and take action from a single console, instead of scrambling to assemble fragmented information from siloed tools.

Read on to learn more about Qualys’ comprehensive offerings for Azure.

Continue reading …

The Sky Is Falling! Responding Rationally to Headline Vulnerabilities

It’s happening more and more.

Gill Langston, a Qualys Director of Product Management, speaks at RSA Conference 2018

High profile vulnerabilities like Meltdown and Spectre are disclosed, and become headline-grabbing news not just in the technology press, but on general news outlets worldwide.

Even if the vulnerabilities aren’t associated with an attack, the news reports rattle C-level executives, who ask the security team for a plan to address the by now notorious bug, and pronto.

Often, a counter-productive disruption of the normal vulnerability and patch management operations ensues, as those involved scramble to draft a response against the clock in a panic atmosphere, punctuated by confusion and finger-pointing.

“Should I just immediately be jumping and reacting? Should I start deploying patches, and then go from there? I’m going to argue that that’s not always the case,” Gill Langston, a Product Management Director at Qualys, said Wednesday during a presentation at RSA Conference 2018.

Continue reading …

Continuous Web Security Assessment for Production and DevOps Environments

Web applications have become essential for business, as they simplify and automate key functions and processes for employees, customers and partners, making organizations more agile, innovative and efficient.

Unfortunately, many web applications are also unsafe due to latent vulnerabilities and insecure configurations. Web application attacks rank as the most likely to trigger a data breach, according to the 2016 and 2017 editions of the Verizon Data Breach Investigations Report.

Those findings are consistent with SANS Institute’s 2016 State of Application Security Report, which found that “public-facing web applications were the largest items involved in breaches and experienced the most widespread breaches.”

“Insecure web applications are a real problem today,” Dave Ferguson, Director of Product Management for Web Application Scanning at Qualys, said during a recent webcast. “Web apps are a foothold into your organization for potential attackers.”

Continue reading …

Implementing the CIS 20 Critical Security Controls: Building Upon Foundational Cyber Hygiene

Most successful cyber attacks exploit known vulnerabilities for which patches are available, or take advantage of weak configuration settings that could have been easily hardened. You can significantly lower the risk of being victimized by this type of common, preventable attack by adopting the Center for Internet Security’s Critical Security Controls (CSCs).

This set of 20 structured InfoSec best practices offers a methodical and sensible plan for securing your IT environment, and maps to most security control frameworks, government regulations, contractual obligations and industry mandates.

The CSCs were first developed in 2008 and are periodically updated by a global community of volunteer cybersecurity experts from government, academia and industry. “The CIS Controls provide a prioritized approach to cyber security, starting with the most essential tasks and progressing to more sophisticated techniques,” Tony Sager, CIS Chief Evangelist, wrote recently.

In this blog series, we’re explaining how Qualys Cloud Platform — a single, integrated, end-to-end platform for discovery, prevention, detection, and response — and its Qualys Cloud Apps can help security teams of any size to broadly and comprehensively adopt the CIS controls.

Continue reading …