Security News

Qualys CyberSecurity Asset Management 3.0 consolidates asset discovery and risk assessment into a single solution. A key differentiator of Qualys CyberSecurity Asset Management 3.0 is in the way its External Attack Surface Management technology works.

In this Help Net Security interview, Sumedh Thakar, President and CEO of Qualys explores the vision behind the Qualys Enterprise TruRisk Platform, a strategic move aimed at redefining how enterprises measure, communicate, and eliminate cyber risk. We delve into how Qualys assists CISOs in the complex balancing act of managing critical issues under budget constraints, the financial implications of cyber risk, and the advanced capabilities of the TruRisk Platform in providing a unified view of enterprise risk.

Cloud-based IT, security and compliance solutions company Qualys used the final leg of its multi-city Qualys Security Conference series to welcome software engineers, partners and customers to Las Vegas this November 2022 to discuss this issue and others. All assets discovered by the Network Passive Sensor are reported to Qualys Asset Inventory, where the edge security team can view information about them.

Automate Workflows - Qflow technology, built into the Qualys Cloud Platform, delivers drag and drop visual workflows to automate time-consuming and complex vulnerability management tasks such as performing vulnerability assessments for ephemeral cloud assets as they are launched or alerting for high profile threats or quarantine high-risk assets saving valuable resources and time. With the VMDR 1.0 introduction in 2020, Qualys brought the four core elements of vulnerability management into a seamless workflow to help organizations efficiently respond to threats.

Three months into Log4Shell, the Qualys Cloud Platform suggests that 30% of the Log4j instances still remain unpatched. Qualys research team reveals the current state of Log4Shell.

To help incident response and threat hunting teams navigate this complex environment, Qualys has unveiled its Qualys Context XDR. In this interview with Help Net Security, Jim Wojno, Senior Director of XDR at Qualys, explains the advantages of using Qualys Context XDR and how it can provide clarity through context. Qualys Context XDR is uniquely positioned to address this issue by providing deep and meaningful context to the barrage of security events by correlating rich asset inventory and vulnerability context; network endpoint telemetry from Qualys sensors and; high-quality threat intelligence and third-party log data.

Free for the first 60 days, the new service is designed to help you better understand your organization's exposure to ransomware and automate the steps needed to reduce your risk. Available starting Oct. 5, Qualys' Ransomware Risk Assessment service is designed to help you identify and track the data and other assets most susceptible to the threat of ransomware.

Qualys announced it has collaborated with Red Hat to drive greater security for both the container and host operating system for Red Hat OpenShift. The Cloud Agent for Red Hat Enterprise Linux CoreOS on OpenShift combined with the Qualys solution for Container Security provides continuous discovery of packages and vulnerabilities for the complete Red Hat OpenShift stack.

While traditional IT teams and inventory tools provide an IT view of inventory, software support, and licensing, security teams are looking for the security context of assets such as assets that are not running security tools, detection of unauthorized software, internet visibility, and more. Security tools like EDR help secure assets, but do not let security teams know which critical assets are not running EDR, or if databases are visible from the internet? All security teams have defined authorized and unauthorized software policies.

Security teams need to monitor IT asset health from a cybersecurity perspective by detecting security tool blind spots and responding to exposures quickly. "As an organization focused on Security Operations, we believe that 'you can't protect what you don't understand,' with understand being the key word. Hence, asset management in the security operations context isn't just 'seeing' an asset; it is having the right 'risk' context of each and every software, hardware and IoT asset at our fingertips," said Jatinder Pal Singh, director of security operations at Informatica.