This month’s Patch Tuesday is medium in weight, with 54 CVEs containing 17 Criticals. All but two of the Critical vulnerabilities are in Microsoft’s browsers or browser-related technologies. An additional speculative execution vulnerability announced in June was patched as well. Adobe has also released patches covering multiple product each with multiple CVEs. Browser Vulnerabilities The […]
In his QSC18 Virtual Edition presentation, Jimmy Graham, a Qualys Director of Product Management, said it’s key to have an integrated breach prevention program with asset inventory, vulnerability management, threat prioritization and patch management, and outlined how Qualys can help customers comprehensively and proactively manage their vulnerability risk.
In this GDPR series’ last installment, Hariom Singh, CISSP, Director of Policy Compliance at Qualys, delves into the topic of the business benefits that preparing for GDPR can yield for organizations. Later, we also round up major areas covered in previous posts, and summarize how Qualys can help with GDPR compliance.
With organizations aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, protecting these environments is critical for complying with the EU’s General Data Protection Regulation (GDPR). In this installment of Qualys' GDPR compliance blog series, we explain the importance of having complete visibility and a solid security and compliance posture in these public cloud environ...
Maintaining an IT asset inventory is essential for a strong security posture, but it's a challenging task. The new Qualys Asset Inventory (AI) app gives security teams an invaluable single “source of truth” for IT asset data, as it discover all assets in their global, hybrid infrastructure.
This new release of the Qualys Cloud Platform (VM, SCA, PC), version 8.14, includes several new feature improvements across the apps such as Wallix AdminBastion support, EC2 scan improvements, VM reporting improvements, ESX/ESXi PC support for vCenter, PC STIG Report, and expanded technology support for Qualys Policy Compliance. Feature Highlights Qualys Cloud Platform Wallix AdminBastion Vault Su...
As organizations embrace digital transformation to boost business processes, traditional IT environments get altered, becoming distributed, elastic and hybrid, which in turn is creating new challenges for security, Chris Carlson, Qualys’ Product Management VP, said during QSC18 Virtual Edition.
With web and mobile apps becoming a preferred vector for data breaches, organizations must include application security in their plans for complying with the EU’s General Data Protection Regulation (GDPR.)
Two new built-in widgets for detecting the GravityRAT and GhostSecret advanced threats are now available in Qualys Indication of Compromise (IOC). These threats are of specific concern as they target industries like finance, entertainment, telecommunication and healthcare and have capability to exfiltrate data as well as cause extensive damage to the affected systems. Importing these […]
Digital transformation, driven primarily by the DevOps movement, represents a new opportunity “to redo IT from scratch, but more importantly, to redo security from scratch,” Sumedh Thakar, Qualys' Chief Product Officer, said during QSC18 Virtual Edition.
Qualys CEO, Philippe Courtot set the tone for the company’s first virtual conference, the QSC18 Virtual Edition, with a call to the industry to re-invent security to protect digital transformation efforts.
In this latest installment of Qualys' GDPR blog series, we address another crucial security practice for compliance: Indication of compromise (IOC). In a nutshell, IOC can help customers who are dealing with unauthorized access to customer personal data by an external threat actor or adversary.
June’s Patch Tuesday is lighter weight compared to previous months. In all, 51 unique CVEs are addressed, with 11 CVEs marked as Critical. Adobe also released an out-of-band update for a Flash Player vulnerability last week, which is being actively exploited. Speculative Store Bypass Microsoft released patches for Speculative Store Bypass, also known as Spectre Variant […]
Most organizations lack visibility and control over their digital certificates. But proper certificate management is essential for reducing the risk of breaches and unplanned outages, and for continuously and effectively protecting digital assets. Asif Karel, a Qualys Director of Product Management, provides insights and best practices about digital certificate management in this blog post and rel...
In this latest post of our series on the EU’s General Data Protection Regulation, we’ll explain how file integrity monitoring (FIM) can be crucial in helping organizations comply with this severe regulation.
This blog post addresses cloud security challenges, best practices, and how Qualys can help you secure any infrastructure, at any scale, on-premises and in cloud, via a unified interface, using uniform standards and processes.
In this latest installment of the Qualys GDPR compliance blog series, we’ll focus on another core component for GDPR: policy compliance. With a strong IT policy compliance program, organizations can deploy and manage their IT environment according to applicable government regulations, industry standards and internal requirements.
In this latest security news digest from Qualys, we discuss the FBI's call for a massive wave of reboots of home and small office routers, as well as Intel's confirmation of the existence of yet another Spectre / Meltdown variant.
This release of the Qualys Cloud Platform version 2.33 includes the release for CertView, plus updates and new features for AssetView, Cloud Agent, EC2 Connector, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. CertView Create a baseline inventory of certificate and TLS configurations – CertView lets you discover, inventory and moni...
In this third installment of Qualys’ GDPR compliance blog series, we’ll explain the importance of carefully and continuously assessing the GDPR compliance levels of your third parties and internal staff. We’ll also explain how Qualys can help you beef up these foundational security practices so you can shrink your risk of data breaches that could put your organization on the wrong side of GDPR.
Qualys Security Conference 2018, held in Mumbai on May 10, fortified Qualys’ stand as the leader in securing Digital Transformation in the current global IT landscape. In his keynote, “Our Journey into the Cloud: The Qualys Platform and Architecture”, Qualys Vice President of Product Management Chris Carlson spoke about the company’s journey so far and […]
The EU’s General Data Protection Regulation (GDPR) goes into effect today, imposing strict security requirements on any company worldwide that handles the personal data of EU residents. Qualys Security Assessment Questionnaire (SAQ) – a Qualys app that helps you with this type of procedural risk assessment — has been enhanced with new GDPR-specific templates. Assessing […]
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other […]
In this second installment of our GDPR compliance series, we’ll explain the importance of vulnerability management and threat prioritization, and how Qualys can help you solidify these practices so you can slash your risk of data breaches.