Qualys Community

161 posts

Are Your Vendors, Partners and Other Business Allies Putting Your Organization at Risk?

Qualys SAQ Automates the Process of Assessing Your Third Parties’ Security Posture

How compliant are vendors and other third parties with information security standards, your organization’s internal policies and government regulations? Making these assessments has never been easy, but it’s getting increasingly complicated, and the stakes are getting higher. While your organization may have gone to great lengths to secure its IT infrastructure, networks and assets, the vendors and other third parties with remote access to your systems and data can make you vulnerable to breaches.

Continue reading …

Qualys Supports New Cisco Threat-Centric NAC

Integrated Vulnerability Data Dynamically Alters User Permissions Based on the Fluctuating Threat Ratings of a Device

The onslaught of new devices and applications in the enterprise has clouded visibility into who and what is connecting to the network. This raises increased security concerns, since more devices mean more potential ways to compromise the network. Enterprises have generally responded to these concerns by continually adding security systems from multiple vendors to their networks.

Continue reading …

New Qualys App for Splunk Enterprise Adds Real-time Dashboard and Analytics for Web Application Scanning

The newly released Qualys Web Application Scanning (WAS) App for Splunk Enterprise delivers information about affected web applications and prevalent vulnerabilities into the Splunk dashboard, and enables preconfigured searches and reports, for customers using both Qualys and Splunk. Just like with Qualys WAS, this new app also helps you analyze consistent WAS data across application lifecycles, detect unauthorized apps and rapidly harden your web apps with Qualys Web Application Firewall (WAF).

Continue reading …

Qualys Cloud Suite 8.8 New Features

A new release of the Qualys Cloud Suite, version 8.8, is targeted for release in July and includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

Cloud Platform: Asset Search has been improved making it easier to find, report and take actions on assets via the Asset Search Report. Several improvements to enforce security levels for Windows authentication were added, along with new options for scanner replacement, IPv6 Configuration, and stored data retention.

Vulnerability Management: Several exciting new features are available in VM in this release including CVSS version 3 and the ability to close vulnerabilities for “dead hosts” following a scan. Additional attributes are now available when downloading KnowledgeBase and in Vulnerability Notifications.

Policy Compliance: We are continuing the expansion of application technology assessment with the addition of Oracle WebLogic, IBM HTTP Server 8, IBM WebSphere 8, and assessment for Checkpoint Firewall. Improvements have been made to Exception Management, and it’s now easier to associate Cloud Agent assets with Policies. We’ve also included several improvements to the User Defined Controls and released the new Windows Group Membership UDC.

Continue reading …

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

Continue reading …

So Many Vulnerabilities, So Little Time: ThreatPROTECT Identifies the Assets You Must Patch Now

If you are an information security professional, you’ve probably experienced vulnerability disclosure overload. We’re referring to that acute sense of feeling burdened that can afflict even the best infosec teams. This ailment strikes when infosec pros grapple with the constant release of vulnerability announcements, amounting to thousands per year.

Continue reading …

Qualys Cloud Platform 2.14 New Features

A new release of the Qualys Cloud Platform includes several new platform features and also includes new versions of the following modules:

Continue reading …

WAS 4.8 Features Vulnerability Retest Function and Finding Severity Customization

We are pleased to announce Qualys Web Application Scanning 4.8 (WAS) featuring quick and easy vulnerability retest functionality, without having to launch a full scan; and the ability to customize the severity of findings to meet your business needs.

Continue reading …

How to Avoid Account Lockouts When Scanning Web Applications

Organizations that use automated scanners to test the security of their web apps must watch out for instances where these tools may trigger user account lockouts inadvertently.  Here we explain why this occurs and offer some tips for how to prevent this from happening with Qualys Web Application Scanning (WAS).

Continue reading …

Protect Your Systems Against SAMSAM and Prove the Value of Cyber Security to Your Organization

By now, security pros everywhere have heard about SAMSAM, the sinister ransomware attack that exploits years-old vulnerabilities in JBoss and has hit hospitals particularly hard. The spread and “success” of SAMSAM shines the spotlight on the well-known infosec problem of prioritizing vulnerability remediation work.

Continue reading …