Critical Vulnerability Can be Detected via Qualys SSL Labs Server Test or Directly with QualysGuard Vulnerability Management Cloud Service
REDWOOD CITY, Calif., April 8, 2014 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that the Qualys SSL Labs service detects the OpenSSL vulnerability disclosed yesterday as “HeartBleed” (CVE-2014-0160). Administrators responsible for the security of websites can access the free tool at https://www.ssllabs.com, enter a URL and find out on whether their site is vulnerable to the new threat, as well as get information about the overall health of the site’s SSL implementation. Qualys reports that traffic to the SSL Labs site has grown by an order of magnitude since the new vulnerability was announced.
For QualysGuard customers the HeartBleed issue also is detectable by the QualysGuard Vulnerability Management (VM) cloud service as QID 42430. This means that Qualys customers can get reports detailing their enterprise-wide exposure whenever they next scan their assets, which allows them to efficiently remediate the issue.
“The HeartBleed vulnerability is easy to exploit and there are already many proof-of-concept tools available that one can use in minutes,” said Ivan Ristic, Director of Engineering at Qualys and renowned SSL technology expert. “After a successful attack, the attacker can obtain a large chunk of server memory, which can contain server private keys, session keys, passwords and other sensitive data. IT administrators need to map their exposure and install the patched version wherever necessary.”
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 6,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the CloudSecurityAlliance (CSA).
For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.