DevSecOps: Building Continuous Security into IT and App Infrastructures
In this podcast recorded at RSA Conference 2017, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about DevSecOps.
Hackers Exploit Apache Struts Vulnerability to Compromise Corporate Web Servers
Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers. According to researchers from Qualys, the simple presence on the web server of this component, which is part of the Apache Struts framework by default, is enough to allow exploitation.
Overcome Problems with Public Cloud Storage Providers
Third-party security offerings such as Qualys Virtual Scanner Appliance for AWS or Azure can help to inspect app deployments for security risks and help remediate vulnerabilities.
Global Cloud Security Market to Reach $13.93 Billion by 2024
A new report by GrandView Research emphasizes the growing emergence of enterprises with assets in a ‘hybrid-cloud’ state as they migrate workloads between various different public and private cloud platform options. Qualys' Hari Srinivasan shares his opinion on how enterprises can thrive as they transform.
On Shaky Ground: SHA-1 Web Standard Cracked
Ivan Ristic, SSL Labs founder at Qualys, told SC Media on Friday that while this collision is unsurprising, it's an important accomplishment for the security community.
The Rise of the Chief Digital Officer and Six Other Takeaways from RSA 2017
There aren’t many chief digital officers (CDOs) out there yet, but that’s set to change, said Sumedh Thakar, chief product officer at Qualys, a cloud based security platform built for digital transformation. These c-suite executives excel at busting silos that stand in the way of digitization and keeping all of an organization’s data secure.
Google Team Cracks Longtime Pillar of Internet Security
SSL Labs founder Ivan Ristic explains the declining use of cryptographic technology known as SHA-1, on which researchers have been able to demonstrate a successful attack.
Examining the Current State of Database Security
Considering that database systems hold extremely valuable and sensitive information, one would assume that most organizations would fiercely protect these “crown jewels” with great care. Qualys Director of Vulnerability Labs Amol Sarwate discusses the current state of database security.
13 New Security Products That Made a Splash at RSA Conference 2017
Qualys made a number of new-product announcements at the show, including an Indicator of Compromise (IOC) service that monitors endpoint activity to detect suspicious activity. The company also announced a new File Integrity Monitoring (FIM) service that logs and centrally tracks file changes.
Qualys' Product Chief Explains the 'Digital Transformation'
Sumedh Thakar, Qualys' Chief Product Officer, talks about how the digital transformation of the economy is impacting security.
RSAC 2017: The End of Easy Cash Bounties
Probably the most important news for the crowd security testing community is a partnership announced between Qualys, the global leader of automated security testing, and Bugcrowd, a prominent bug bounty platform. Henceforth, vulnerabilities detected by Qualys WAS won’t be eligible anymore for an award in bounty programs of joint customers. In brief: security researchers, making easy cash by reporting trivial security flaws, are out of the game now.
30 Hot New Security Products Announced At RSA 2017
Qualys and IBM have expanded their partnership, the two companies announced at RSA, bringing together Qualys' IT security solutions with IBM's managed security services portfolio. Under the partnership, IBM will bring Qualys Vulnerability Management, Policy Compliance, Continuous Monitoring and ThreatPROTECT to its IBM X-Force Command Centers around the world, boosting its visibility and security management capabilities.
Qualys App for IBM QRadar Offers Critical Insight into Key Vulnerability Metrics
At RSA Conference 2017, Qualys launched a new Qualys App for the IBM QRadar Security Intelligence Platform, which allows customers to visualize their network IT assets and vulnerabilities in real-time, and helps teams produce continuous vulnerability and risk metrics from a data analytics perspective.
Adobe Issues patches, Microsoft's Usual Patch Tuesday Fixes Delayed
Amol Sarwate, director of engineering at Qualys, told SC Media on Tuesday, that “overall, it was an easy day for system administrators with only Adobe patches, but a cliff-hanger from Microsoft as there is no indication when the patches with the new format will arrive."
Microsoft Pushes Pause on February Patch Tuesday
Qualys' Amol Sarwate discusses Microsoft's decision to delay February's security bulletins for an unspecified reason, despite a known zero-day flaw.
Qualys and Bugcrowd Bring Automation, Crowdsourcing to Web App Security
At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs.
Qualys Cloud Platform Offers Two New Disruptive Services
Qualys announced a major expansion of its Qualys Cloud Platform. New services include File Integrity Monitoring (FIM) and Indicators of Compromise (IOC) detection solutions that enable customers to consolidate even more critical security and compliance functions into a single cloud-based dashboard, and remove the point-solution sprawl that proliferates across their endpoints.
Qualys Expands Detection, Web App Security, and Data Sharing Portfolio
Qualys this week announced new tools and features to provide customers with improved detection capabilities, expanded web application security features, and improved vulnerability data sharing.
New Products of the Week: Qualys WAS 5.0 and WAF 2.0
Qualys Web Application Scanning includes new features allowing customers to rapidly scan their IoT, mobile and web applications and APIs (SOAP and REST-based). Qualys WAF 2.0 includes new features like web application scanning integration, one-click virtual patches for vulnerabilities, custom security rules, built-in security templates for Wordpress, Joomla, Drupal and OWA and a cloud-based management portal.
RSA Conference USA 2017: Qualys Debuts New Disruptive Services to Increase Visibility and Security
Qualys now combines a comprehensive set of both prevention and detection solutions in the same lightweight Qualys Cloud Agent already deployed for an organization’s global asset inventory, vulnerability management, and policy compliance programs.
Qualys Brings Web Application Security Automation to a New Level
At RSA Conference 2017, Qualys announced new functionality in its web application security offerings, including scalable fast scanning, detection and patching of websites, mobile applications and Application Programming Interfaces (APIs) in one unified platform.
IoT security threat to become real post-Mirai at RSA Conference 2017
In addition to IoT, experts including Qualys' Chris Carlson pointed to turmoil in global politics being a thread that could present in a number of different ways at the RSA Conference USA 2017. "The EU GDPR will change how organizations approach cybersecurity protection, possibly moving from a mandate or compliance-based approach to a best-practices approach to protecting and defending an organization."
Microsoft Delays Windows Zero Day Patch; Researcher Drops Exploit Code
Qualys' Amol Sarwate explains the risks related to a recent Microsoft Windows Server Message Block vulnerability.
The 20 Coolest Cloud Security Vendors Of The 2017 Cloud 100
Qualys provides a single integrated security suite for customers and MSPs who want to consolidate their security and compliance solutions onto a single, cloud-based platform. The flagship Qualys Cloud Platform includes asset discovery, network security, threat protection, compliance monitoring and web app security.
Is IoT turning into the Internet of Thugs?
The rise in attacks on connected devices is underscored by the overall rise of vulnerabilities disclosed by companies like Microsoft.
Banks Try to Thwart Hackers, Take Aim at Vendors
Qualys Chief Product Officer Sumedh Thakar discusses the investments Qualys has made to help customers achieve assurance in the company's own security policies.
Is Antivirus Getting Worse?
Qualys Vulnerability Labs Director Amol Sarwate discusses the need for a combination of multiple technologies to help address a threat landscape that now increasingly evades anti-virus technologies.
Oracle Patches Raft of Vulnerabilities in Business Applications
"Oracle updates are huge and touch a wide range of products," said Amol Sarwate, director of vulnerability labs at Qualys. "As compared to older CPUs this was a regular-sized update but is bound to keep administrators busy due to the sheer number of vulnerabilities and products it touches."
2017 IT Forecast: Cloudy With A Chance Of Security Concerns
Jason Kent, VP of product management, Web app security at Qualys, discusses the benefits of hybrid cloud, but warns of security challenges in storing an app's front end in one place and database in another.
Oracle's Monster Security Update: 270 Fixes and Over 100 Remotely Exploitable Flaws
"Security firm Qualys notes that over 100 of the flaws fixed in this update can be used by a remote attacker without requiring credentials."
Microsoft Rings in New Year With Light January Patch Tuesday
"Remote attackers and unauthenticated attackers -- so, an attacker who doesn't have any credentials on the box or anything like that -- [can] send a special request, a special authentication request, to the server, which would cause the server to reboot," said Amol Sarwate, director of vulnerability labs for Qualys Inc., in Redwood City, Calif.
Patch Tuesday: Microsoft Issues Two Critical Fixes
Qualys Director of Vulnerability Labs Amol Sarwate explains howe Microsoft's new security portal is driven by an online database and instead of having to browse through an index of documents, enabling users to sort, search, and filter the database to find details about a specific security bulletin and its associated updates.
Hackers are Having a Field Day with Stolen Credentials
Qualys Vulnerability Labs Director Amol Sarwate summarizes 2016 trends in credential breaches and offers related best practices for software vendors, website owners and end users.