Qualys Community

183 posts

Agility and Flexibility Needed To Manage Risk Throughout Vendor Relationship Lifecycle

We conclude our series on assessing third-party risk, where we’ve described scenarios in which an automated, cloud-based system can help you identify security and compliance gaps among vendors, partners and employees.

As we have outlined in this blog series, CISOs and their infosec teams need clarity and visibility not only into their IT environments, but also across their roster of trusted vendors. Organizations that don’t properly assess and manage the risk of doing business with their vendors, partners, suppliers, contractors and other third parties make their IT network and data vulnerable to hackers.

Continue reading …

Security Is Tough, but Infosec Pros Can Find Joy in the Work

Anger. Frustration. Despondency. Hopelessness. Capitulation.

These are typical feelings experienced by infosec pros, as they deal with careless end users, impatient executives, emerging technology, budget constraints and understaffing.

“It’s tough out there,” said Mike Rothman, president of Securosis, an information security and analysis firm.

Continue reading …

Infosec Teams Need More Collaboration and Automation to Defend Their Organizations and Help Them Succeed

Infosec teams are under a figurative DDoS (distributed denial of service) attack caused by a variety of business and operational factors that overwhelm them and keep them from crafting strategies to address long-term challenges.

Instead, infosec pros spend most of their time at work doing “day-to-day” tasks due to issues like understaffing and an overload of security alerts, according to Joseph Blankenship, a Senior Analyst at Forrester Research.

Continue reading …

The Big Year: 2016 Product Advances Highlighted at QSC

Several product management leaders took the stage at Qualys Security Conference 2016 in Las Vegas on Wednesday to outline major recent improvements to Qualys products, including Cloud Agent, AssetView, ThreatPROTECT, Vulnerability Management, Policy Compliance and Web Application Scanning.

Continue reading …

As Traditional Network Perimeters Dissolve, Qualys Cloud Platform Provides Global Security and Compliance Visibility

Every day, a large bank scans 1.4 million devices, a home improvement chain scans 2,200 stores and a major cloud infrastructure provider scans 2 million devices.

What do these three big companies have in common? They all rely on the Qualys Cloud Platform for these critical security scans, Qualys Chief Product Officer Sumedh Thakar said at the company’s annual conference.

Continue reading …

Qualys CEO Philippe Courtot Kicks Off QSC16 with Call for Organizations to Secure Their Digital Transformations

As organizations pursue digital transformation efforts, traditional security solutions are falling short, reducing CISOs’ visibility into the increasingly complex IT environments of cloud computing and interconnected business, and creating infosec challenges hackers are eager to exploit.

CEOs are under business pressure to adopt new, emerging technologies that can improve their businesses by gathering and analyzing more data about their products and customers, but security can’t be overlooked.

“Bad guys have taken advantage of the fact that digital transformation forces us to open our networks and interconnect many things,” Philippe Courtot, Qualys’ chairman and CEO, said during the opening keynote of this year’s Qualys Security Conference.

Continue reading …

Lasso In Employee Training, Vendor Regulatory Compliance with Automated Risk Assessments

We continue our series on assessing third-party risk, where we’re describing scenarios in which an automated, cloud-based system can help you identify security and compliance gaps among vendors, partners and employees.

In addition to protecting their organization’s IT environment, CISOs must also closely monitor the security and compliance policies and procedures of trusted third parties.

Continue reading …

Qualys Cloud Platform 2.17 New Features

Qualys Cloud Platform release 2.17 includes updates and new features for:

  • AssetView (version 2.17.0)
  • Cloud Agent Platform (version 1.8.0)
  • Continuous Monitoring (version 1.16.0)
  • Security Assessment Questionnaire (version 2.2.0)

Continue reading …

To Gauge Risk from Third Parties and Employees, Scalability and Automation Are Essential

We continue our series on assessing third-party risk, where we’re describing scenarios in which an automated, cloud-based system can help you identify security and compliance gaps among vendors, partners and employees.

As discussed in this series’ first installment, it’s short-sighted to put great effort into protecting your IT environment while ignoring the security and compliance policies and procedures of your trusted third parties.

We illustrated this principle with the hypothetical example of two CISOs — Jane and Emily — who almost simultaneously hire the same outsourcer, and grant it privileged access to their respective companies’ sensitive data and IT systems.

Continue reading …

Assessing Risk from Vendors and Other Third Parties Is Key to Business Success

Jane and Emily are CISOs at two large companies which about five years ago almost simultaneously hired a well-known outsourcer that provides back office business services. Both companies entrusted the outsourcer with sensitive corporate data and granted it special access to their IT systems.

Both Jane and Emily had spent a lot of time, effort and money boosting their respective companies’ physical and IT security, and tightening their compliance with external regulations and internal rules.

However, these two successful CISOs differed in a key area: third party risk management. Jane had given short shrift to this important but overlooked area. Meanwhile, Emily had made it a priority to create a formal, comprehensive, centralized and automated program for assessing third-party risk.

Continue reading …