Apple OS X and Firefox and Mozilla Browsers Show Rapid Growth in Critical Vulnerabilities, Reinforcing the Need for Vigilance
Redwood City, CA - May 8, 2006 - Qualys®, Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced the availability of its free SANS Top 20 Scan to help companies detect and eliminate the most dangerous vulnerabilities and threats impacting networks worldwide as revealed by the SANS Top 20 2006 Spring Update last week. The Qualys scan is mapped directly to these new threats using Qualys’ market leading QualysGuard® on demand service. Most notable among the vulnerabilities the SANS Institute revealed was the rapid growth in critical vulnerabilities being discovered in Apple OS X, including a zero day vulnerability, and Firefox and Mozilla browsers. Qualys’ free scan for the SANS Top-20 is available at https://sans20.qualys.com.
“The continuing growth of client side based attacks, which are often a stepping stone to opening doors in your network and the growth of Mac OS X vulnerabilities reveal the importance of constant vigilance and ongoing testing by companies of all sizes on a regular basis,” said Amol Sarwate, vulnerability lab manager at Qualys and a member of the SANS20 committee. “The changes announced by SANS last week reflect the dynamic nature of the evolving threat landscape. The SANS Top 20 is an invaluable tool for businesses to test their security posture against the constantly increasing and ingenious threats which appear on an almost daily basis.”
The SANS Top-20 is designed by the SANS Institute and security experts from industry and government to provide organizations with a prioritized list of newly discovered exposures to their networks. Qualys is a contributing member to the SANS Top-20.
In addition to identifying new vulnerabilities in Apple OS X, Firefox and Mozilla which are becoming more commonly used across the enterprise, the SANS Spring update Top-20 also includes continuing discovery of multiple zero day vulnerabilities in Internet Explorer and a surge in commodity zero day attacks used to infiltrate systems for profit motives. The full updated SANS report can be found at http://www.sans.org/top20/2005/spring_2006_update.php.
The shift from server-side to client-side vulnerabilities was also a significant finding in the “Laws of Vulnerabilities” research published by Qualys last year. According to the research, more than 60 percent of new critical vulnerabilities occur in client applications. Client-side vulnerabilities require a user to take action, such as visiting a malicious website or opening an infected email attachment. The research can be found at www.qualys.com/laws.
The Qualys on demand model provides customers with immediate scanning for the latest vulnerabilities, such as the Top-20 listing, without the need for installing software or building out additional infrastructure. In addition to the free scan, the QualysGuard® solution detects new exposures in the SANS Top-20.
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organizations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
For media inquiries or to find the appropriate spokesperson
Contact: Della Lowe
Contact: Stacy Simpson
For all other matters