All Posts

428 posts

Assess Vulnerabilities, Misconfigurations in CI/CD Pipeline

After the publication of Golden AMI Pipeline integration with Qualys, some Qualys customers reached out asking how to integrate Qualys Vulnerability Management scanning into other types of CI/CD Pipelines. To answer these questions, we’ve published the new guide, Assess Vulnerabilities and Misconfiguration in CI/CD Pipelines.

Continue reading …

Qualys Cloud Platform 8.21.2 New Features

The upcoming release of the Qualys Cloud Platform (VM, PC), version 8.21.2, includes several new features in Qualys Cloud Platform and support for multiple technologies in Qualys Policy Compliance. The 8.21.2 release is scheduled to go live on 16th Sept, 2019.

Continue reading …

Patch Management 1.3 New Features

This release of Qualys Patch Management version 1.3 includes new features, highlights as follows.

  • Patch Scheduling enhancement: “No Patch Window” – When scheduling a patch deployment, instead of having to specify a Patch Window time frame, you can select “None”.  This will allow a job to continue to run until all of the Assets in the job are able to perform the deployment, instead of timing out at the end of the Patch Window. This is especially useful in situations where you have an emergency patch that absolutely must be installed as soon as possible.  If an Asset is offline when the job is set to run, it will run the job once the  Cloud Agent checks in again.
  • Suppress reboot – You can choose to suppress the reboot notification and subsequent reboot after a patch deployment.  This feature allows you to deploy patches, and then use another mechanism to restart the Assets.  Any Asset that has the reboot suppressed will still report the Reboot Required flag to the platform.
  • Create Job in “Enabled” state – Previously, you would create a Deployment Job in a Disabled state, and then Enable the job from the Jobs screens.  Now, you can choose to have the Job saved in an Enabled state, reducing the amount of clicks required to start a Job.
  • Opportunistic Patch Download – When creating a Job, you can now opt to have the Cloud Agent download the patches in the background before the job runs, reducing the amount of time the job takes to complete.

Continue reading …

Policy Compliance Library Updates, July 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices. 

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The July 2019 release includes the following new policy and updates:

  • 13 updated policies
  • 11 new technologies
  • 6 new DISA STIG policies
  • 1 new Industry and Best Practice policies
  • 1 Microsoft Security Baseline policy

Continue reading …

FedRAMP ConMon – Efficiently & Effectively Managing SLAs for RA-5d Requirement

Are you a FedRamp-certified organization looking to more effectively maintain your FedRAMP status? There are tools available to help simplify the process and while the process involves some terminology, it is easily understood as outlined below. Additionally, it is supported by pre-built dashboards in the Qualys Cloud Platform that help organizations meet SLAs for required remediations.

Continue reading …

Qualys Cloud Platform 2.40 New Features

This release of the Qualys Cloud Platform version 2.40 includes updates and new features for Web Application Scanning, highlights as follows.

Continue reading …

Qualys Cloud Platform (VM, PC) 8.21 New Features

This new release of the Qualys Cloud Platform (VM, PC), version 8.21, adds new technologies and platforms, and support for scanning ESXi hosts on vCenter for vulnerabilities.

Continue reading …

Qualys Policy Compliance Notification: Policy Library Updates (June)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The June release includes the following new policies and updates:

  • 5 new technologies
  • 4 new Industry and Best Practice policies
  • 4 updated policies

Continue reading …

Countdown to Black Hat: Top 10 Sessions to Attend — #7

Black Hat USA 2019 is just weeks away, and with scores of training courses and research briefings to choose from, planning your schedule can be a challenge. To help you, we’re posting a weekly recommendation on our blog, and explaining why we think Qualys customers could find it useful and relevant. This week’s choice is the presentation Trust and Transformation — The Post Breach Journey

In this talk, Jamil Farshchi, Equifax’s Chief Information Security Officer, will share experiences, best practices and insights about responding to a headline-grabbing data breach. In this 25-minute session, he’ll focus on how a business can regain the trust of customers, partners, investors, regulators and other stakeholders after suffering a significant data breach.

Continue reading …

Countdown to Black Hat: Top 10 Sessions to Attend — #6

With Black Hat USA 2019 less than a month away, we continue our blog series with weekly recommendations of training courses and research briefings to attend at the conference. Our pick this week: the research briefing Controlled Chaos: The Inevitable Marriage of DevOps & Security.

This 50-minute presentation focuses on the increasingly critical issue of securing DevOps, as this approach to agile and iterative software development and IT operations becomes the “business engine” for organizations.

Kelly Shortridge, Capsule8’s product strategy VP, and Nicole Forsgren, Google Cloud researcher and strategist, will explain the DevOps basics and the resilience and chaos engineering concepts. The speakers will address the importance of marrying DevOps and security, and the necessary shift away from security for its own sake to security as an enabler of business objectives.

Continue reading …