This new release of the Qualys Cloud Suite, version 8.9, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.
Cloud Platform: Several significant improvements are included in this release for Authentication including: SSH2 certificate support for UNIX authentication, Vault expansion to support Cyber-Ark AIM, Cisco NX-OS Authentication Records, along with improvements to MS SQL Authentication. Additionally, improvements to scan-related tasks including overlapping scan prevention and network support for external scanners are included in this release.
Vulnerability Management: This release is focused on features to simplify scan processing, improve asset identification, and expand remediation workflow options. A variety of reporting improvements from customer requests were also implemented.
Policy Compliance: We’re excited to announce that Policy Compliance now supports tag-based asset association with policies! Additionally, we’ve expanded UDC coverage, added new platforms, improved scanning workflow, and added policy locking to meet auditor requirements. You can now also export UDC’s with your Policy export.Feature Highlights
Qualys Cloud Platform
- Next Generation Unix Authentication – Now you can configure a single authentication record that supports better integration with third party vaults. This revamp of Unix Authentication supports a large array of certificates, support for multiple root delegation tools, and provides support for SSH2.
- New Authentication Vault for Cyber-Ark AIM – Our new authentication vault supports Cyber-Ark Application Identity Manager (AIM) configured with Cyber-Ark Central Credential Provider (CCP). This new vault can be used to securely retrieve authentication credentials at scan time, for many authentication types, from your Cyber-Ark AIM/CCP solution.
- Cisco NX-OS Authentication Support – We now support authentication for Cisco NX-OS devices.
- MS SQL Server Authentication Support for Member Domains – You can now create a single record for all MS SQL server targets that are members of your domain.
- EC2 Scanning Now Available for Unit Managers – EC2 scanning is not just for Managers anymore! Now Unit Managers can start and schedule EC2 scans as long as the IPs for the EC2 environment are in the Unit Manager’s Business Unit. This feature must be enabled for your subscription. Contact your Account Manager or Support to enable it.
- View Scanner Appliance Model Information – We’ll show the model of the appliance on the Scanner Appliance Information page and the Edit Scanner Appliance page.
- Enhancement to the Prevent Overlapping Scans Feature – We’ve enhanced this feature to also consider paused scans. When you select “Do not allow overlapping scans”, a new scheduled scan will not be started when there’s already an instance of the scan running or paused.
- Use External Scanners to Scan custom networks in VM and PC – You can now use External scanners for scanning custom networks.
- Improved Log Entries for Scheduled Tasks – We have simplified troubleshooting by providing additional details in the activity log for a failed scheduled task. Along with the cause of failure, we now provide task id, title, task owner and user role for a scheduled task (maps, scan or reports) that fails.
Qualys Vulnerability Management (VM)
- Introducing a new user role: Remediation User – You can now create users that only have access to remediation tickets and the vulnerability knowledgebase. These users do not have any scanning or reporting privileges.
- Enhancements to Vulnerability Scan Processing – We’ve changed the way we report the host scan time when updating vulnerabilities and tickets. The host scan time will now be based on when the scan finished, not when the scan started.
- New Scan Option – Purge Hosts when OS is Changed – For environments where systems that are regularly decommissioned or replaced, enabling this option will purge the older host information to reduce stale asset data or conflicting vulnerability data from being reported. This feature must be enabled for your subscription. Contact your Account Manager or Support to enable it.
- Reporting Improvements – Created Date Added to Remediation Reports in CSV Format and option to Display Ignored Vulnerability Status was added to the Vulnerability Scorecard Report
Qualys Policy Compliance (PC/SCAP)
- Support Asset Tags in Compliance Policies – Policy Compliance now supports tag-based asset association with policies! You can now add tags to a policy and all hosts that match any of the tags will be included in the policy when compliance posture data are calculated.
- Include UDCs in Policy Export/Import – You can now include user-defined controls (UDCs) when you export a policy from your account to CSV or XML, and when you import a policy to your account from XML.
- Ability to Lock a Compliance Policy – You can now lock a policy so that you can restrict other users from updating it. This enables you to make sure policy and control values are not changed. Changes to lock status are logged to meet auditor requirements.
- Start Policy Evaluation Anytime – We always evaluate policies when new scan results are processed for the hosts in your policy. With this release, you can also start policy evaluation when saving changes to a policy or anytime from the policies data list. When this process occurs, assets associated by tags will be evaluated.
- Active Directory Technologies Supported for Windows UDCs – Windows 2003 Active Directory, Windows 2008 Active Directory and Windows 2012 R1/R2 Active Directory are now supported with all Windows supported UDC’s.
For more details about the above features – please review the attached release notes: qualys-890-release-notes.
Platform release dates will be published on the Qualys Status page when available.