QualysGuard Web-Service Gives Administrators an Immediate Solution to Protect Against SNMP Vulnerabilities
Redwood City, CA — February 14, 2002 — Qualys, Inc., the leader in the emerging category of Managed Vulnerability Assessment, today announced it is offering free network scan to companies concerned by the SNMP vulnerability advisory issued by CERT® this week, Advisory CA-2002-03. The free scan can be accessed at: https://www.qualys.com/forms/trial_snmp.html
SNMP (Simple Network Management Protocol) is a widely deployed protocol that is commonly used to monitor and manage network devices. Numerous vulnerabilities have been detected in multiple vendors’ SNMP implementations. These vulnerabilities may cause denial of service conditions, service interruptions, and may allow an attacker to gain access to the affected device.
The QualysGuard scan automatically detects if a system is SNMP-enabled and queries the SNMP information base to retrieve and display the SNMP information tree in the resulting report. The reports produced give IT managers a clear and concise look at their network vulnerabilities while providing recommendations on how to implement filters or how to disable SNMP completely.
“SNMP vulnerabilities belong within the information gathering category of threats which allows unauthorized users to access information of interconnected systems,” said Gerhard Eschelbeck, VP of Engineering at Qualys. “ QualysGuard currently detects the presence of 35 SNMP weaknesses on different devices and platforms. Qualys continues to update the web-service with new SNMP signatures as they are discovered with remedies from vendors to fix the problems.”
“SNMP vulnerabilities have been know to exist for a period of time and security communities and advisories recommend to disable SNMP on Internet connected devices as part of best security practices,” added Eschelbeck.
Designed to work on any size network and delivered over the Internet, QualysGuard uses advanced vulnerability detection techniques to assess a network’s security exposures and suggest remedies before intruders can take advantage of them. Via a simple Web-based interface, users can initiate a QualysGuard audit “on demand” by selecting networks or hosts to be audited, and choosing which known vulnerabilities to scan. Upon completion of the security audit, network administrators receive a report detailing vulnerabilities identified, severity level of each, and potential consequences with suggested remedies to fix each vulnerability.
To access the free scan, please visit visit https://www.qualys.com/forms/trial_snmp.html
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.