Search

Qualys

Qualys

Qualys discovers critical vulnerability, regreSSHion, in OpenSSH server

Middle East News Desk /

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. With over 14 million instances worldwide, regreSSHion is severe and critical, especially for enterprises that rely heavily on OpenSSH for remote server management. OpenSSH is known to be one of the most secure software in the world. This vulnerability is a glaring gap in an otherwise near-flawless implementation. Affected OpenSSH versions: OpenSSH versions earlier than 4.4p1 are vulnerable to this signal handler race condition unless they are patched for CVE-2006-5051 and CVE-2008-4109. Versions from 4.4p1 up to, but not including, 8.5p1 are not vulnerable due to a transformative patch for CVE-2006-5051, which made a previously unsafe function secure. The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function. OpenBSD systems are unaffected by this bug, as OpenBSD developed a secure mechanism in 2001 that prevents this vulnerability. Potential Impact of regreSSHion This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access. It could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization. Moreover, gaining root access would enable attackers to bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, further obscuring their activities. This could also result in significant data breaches and leakage, giving attackers access to all data stored on the system, including sensitive or proprietary information that could be stolen or publicly disclosed. This vulnerability is challenging to exploit due to its remote race condition nature, requiring multiple attempts for a successful attack. This can cause memory corruption and necessitate overcoming Address Space Layout Randomization (ASLR). Advancements in deep learning may significantly increase the exploitation rate, potentially providing attackers with a substantial advantage in leveraging such security flaws. Immediate Steps to Mitigate Risk Addressing the regreSSHion vulnerability in OpenSSH, which enables remote code execution on Linux systems, demands a focused and layered security approach. Below are concise steps and strategic recommendations for enterprises to safeguard against this significant threat: Patch Management: Quickly apply available patches for OpenSSH and prioritize ongoing update processes. Enhanced Access Control: Limit SSH access through network-based controls to minimize the attack risks. Network Segmentation and Intrusion Detection: Divide networks to restrict unauthorized access and lateral movements within critical environments and deploy systems to monitor and alert on unusual activities indicative of exploitation attempts. Read more exclusives and news in our latest issue here. Never miss a story… Follow us on: Security Buyer  @SecurityBuyer  @Secbuyer Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Qualys discovers critical vulnerability, regreSSHion, in OpenSSH server Read More »

Qualys

Qualys Unveils TotalCloud 2.0

Middle East News Desk /

Qualys, provider of disruptive cloud-based IT, security and compliance solutions, has unveiled TotalCloud 2.0. This significant upgrade to Qualys’ AI-powered cloud native application protection platform (CNAPP) delivers a single prioritized view of cloud risk and is the first to extend its protection to SaaS applications. The shift toward multi-cloud and SaaS environments presents organizations with the opportunity for innovation and agility but also introduces complex security challenges. This has led to the adoption of numerous security tools, each providing different and sometimes conflicting perspectives on the organization’s risk level. Navigating these diverse risks across fragmented environments poses a challenge for organizations, impeding effective risk prioritization, reporting and remediation. “Efficiently managing risk and responding quickly to threats or attacks on cloud workloads is challenging for organizations,” said Melinda Marks, practice director, Cybersecurity at Enterprise Strategy Group. “Qualys TotalCloud 2.0 provides a unified platform to identify and consolidate all cloud data across diverse multi-cloud environments, providing broader visibility and context for efficient remediation of security issues. This approach fosters improved collaboration among security, IT, and development teams, to efficiently mitigate risk and protect business-critical applications.” TotalCloud 2.0 with TruRisk Insights provides a single, prioritized view of cloud risk. The solution correlates unique indicators from diverse Qualys sources, such as Cloud Workload Protection (CWP), Cloud Security Posture Management (CSPM), and Cloud Detection and Response (CDR). It combines these with SaaS and infrastructure posture to allow organizations to fix the most harmful threats quickly. “Ensuring the security of our customers is paramount to us, so we turned to our trusted partner Qualys to help us secure our cloud solutions,” said Rodrigo Herrera Villalón, head of application security, Banco BCI. “Qualys TotalCloud enables us to holistically secure our cloud environment by providing insights into our risk exposure. It brings together and analyzes vulnerability and posture assessment and threat mitigation data, so we can quickly identify and mitigate the most critical issues.” Qualys TotalCloud 2.0’s enhancements streamline operations by providing: TruRisk Insights: Singular, Prioritized View of Cloud Risk – TruRisk Insights streamlines the identification of the highest-risk assets. In analyzing anonymized customer data[1], Qualys found 120,000+ internet-accessible cloud workloads, with less than 10% having confirmed vulnerabilities. Qualys TruRisk Insights correlated risk indicators and identified less than 0.3% of workloads with a confluence of suspicious activities, malware, and misconfigurations. This streamlined focus allowed organizations to prioritize critical issues by eliminating 99% of workloads that didn’t require immediate attention. Additionally, TotalCloud 2.0 integrates data from your External Attack Surface Management (EASM) solutions, giving you visibility into how external threats may perceive and target your cloud assets. Comprehensive Protection for SaaS Applications – Today’s threats extend beyond public cloud into organizations’ critical SaaS applications. Without adequate protection, these applications can serve as entry points for lateral movement into the cloud environment. The recent SEC regulation mandates that all public companies are now obligated to disclose cyber incidents and meet cybersecurity readiness requirements for data stored in SaaS systems. TotalCloud is the first CNAPP solution to incorporate SaaS security posture management (SSPM) ensuring that configurations and permissions in apps like Microsoft 365, Zoom, Slack, Google Workspace, etc. are seamlessly integrated into your overall security posture for enhanced decision making. Supply Chain Risk Mitigation – TotalCloud effortlessly scans all open-source software pre-and-post deployment across various compute workloads, including containers, utilizing both agent and agentless techniques. This comprehensive approach significantly diminishes supply chain risk by identifying vulnerabilities across multi-cloud environments. Operationalized Risk Reduction – Streamlines operations and removes silos between IT and security with ITSM integrations. Automatically assign tickets and enable orchestration of remediation with your ITSM tools such as ServiceNow and JIRA to significantly reduce risk and speed mean time to remediation. “Managing security across multiple cloud and SaaS applications can lead to scattered risk scores that are challenging for organizations to prioritize, let alone remediate,” said Sumedh Thakar, president and CEO of Qualys. “TotalCloud 2.0 silences the noise from disparate security tools, offering a clear, prioritized view of risk across multi-cloud, SaaS applications, and assets. This ensures swift resolution of critical issues, dramatically reducing the organization’s risk.” [1] Data from current TotalCloud customers with CSPM and CDR enabled. Read more exclusives and news in our latest issue here. Never miss a story… Follow us on: Security Buyer  @SecurityBuyer  @Secbuyer Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Qualys Unveils TotalCloud 2.0 Read More »

Qualys

Qualys Expands Cloud Platform

Middle East News Desk /

Qualys announced the expansion of its TruRisk platform to serve the needs of both large enterprises and small and medium-sized businesses. The new offerings, VMDR TruRisk packages and Enterprise TruRisk Management, will help organisations reduce cyber risk across their infrastructure and drive business growth. Cybersecurity Solutions Tailored for Small and Medium Businesses Qualys’ new packaging combines Vulnerability Management Detection and Response (VMDR), Patch Management and Multi-Vector EDR into tailored offerings for small and medium-sized businesses. These packages, VMDR TruRisk, VMDR TruRisk FixIT and VMDR TruRisk ProtectIT, offer simple, easy-to-deploy, all-inclusive cybersecurity solutions to manage, remediate and protect against continuously emerging cyber threats and reduce risk. The convenient packaging and pricing allow our partners to bring more Qualys offerings to customers and streamline the onboarding process. VMDR TruRisk – Brings the power of Qualys Cloud Platform and the capabilities of VMDR to small and medium-sized businesses. With VMDR TruRisk, smaller organizations now have access to enterprise-grade asset visibility, vulnerability management, risk assessment, and prioritized remediation workflows. VMDR TruRisk FixIT – Provides all the benefits of VMDR TruRisk as well as Qualys Patch Management for risk-based detection and remediation. With VMDR TruRisk FixIT, customers can prioritize vulnerabilities and automate patching based on business criticality. VMDR TruRisk ProtectIT – Delivers the benefits of VMDR TruRisk FixIt plus additional anti-malware and threat protection based on multi-vector and business context for all endpoints to block malware and ransomware. Enterprise TruRisk Management Qualys is introducing Enterprise TruRisk Management (ETM) to provide a unified view of cyber risk. ETM empowers customers to bring in external security and vulnerability findings from third-party security, vulnerability, and IT tools to the Qualys ecosystem, turning data from multiple sources into action with a single, powerful cyber risk management program. This approach empowers enterprises to communicate and manage risk effectively and brings together security and ITOps to rapidly reduce risk. “The rapid increase in disclosed vulnerabilities and the speed at which they are weaponized leaves security and IT teams struggling to respond. What is needed is a preventative platform that pulls together all sources of exposure data into one correlated view of risk,” said Michelle Abraham, Research Director, Security and Trust at IDC. “Qualys Enterprise TruRisk Management fills this need by pulling together data from other vulnerability scanners and tools into one platform to deliver data-driven risk prioritization that can drive smarter decisions and faster remediation.” Availability – Enterprise TruRisk Management Enterprise TruRisk Management will be available for preview in early March. To sign up for the preview, visit qualys.com/etm-preview. Learn more by reading the Enterprise TruRisk Management blog. “As companies look to consolidate their security toolsets, Qualys is excited to launch these packages that make it extremely simple and economical for customers to adopt multiple Qualys solutions,” said Sumedh Thakar, president and CEO of Qualys. “Our expansion of the TruRisk platform to serve both large enterprises and small/medium businesses demonstrates our commitment to enhancing the collection of risk intelligence and in helping organisations respond to risk quickly.” To read more news and exclusive features see our latest issue here. Never miss a story… Follow us on:  Security Buyer  @SecurityBuyer  @SecbuyerME Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Qualys Expands Cloud Platform Read More »

Qualys

Qualys Introduces TotalCloud

Middle East News Desk /

Qualys, provider of disruptive cloud-based IT, security and compliance solutions, is announcing  TotalCloud with FlexScan delivering cloud-native VMDR with Six Sigma Accuracy via agent and agent-less scanning for comprehensive coverage of cloud-native posture management and workload security across multi-cloud and hybrid environments. As business applications and on-premises infrastructure migrate to the cloud, security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Additionally, teams must deal with a plethora of industry acronym-driven point solutions that provide a fragmented view of risk without context. This approach increases security costs and complexity while leaving cloud applications vulnerable to attacks. “Qualys is enhancing its widely used platform to deliver visibility, context, speed, automation, and orchestration in a comprehensive solution to help organizations scale their security and compliance programs for modern software development,” said Melinda Marks, senior analyst at ESG. “Qualys TotalCloud incorporates security into development workflows, enabling them to release secure, reliable code while giving security teams the control and visibility they need to manage risk by reducing their attack exposure and rapidly responding to threats.” “As a finance organization, we need a continuous view of the security and compliance posture across our cloud applications, with clear insights into risk,” said Prabhuram Rajarathinam, CISO at Cholamandalam Investment and Finance Company. “Qualys TotalCloud with FlexScan will enable our cloud security and DevOps teams to use the multiple assessments to further strengthen the security of our cloud applications.” With more than 31 million workloads already secured by Qualys, Qualys TotalCloud extends the industry-leading accuracy of VMDR with cloud-native FlexScan assessments to unify Cloud Posture Management and Cloud Workload Security in a single view with risk insights. TotalCloud automates inventory, assessment, prioritization and risk remediation via an easy-to-use drag-and-drop workflow engine for continuous and zero-touch security from code to production cloud applications. Qualys FlexScan Qualys TotalCloud introduces FlexScan a comprehensive cloud-native assessment solution that allows organizations to combine multiple cloud scanning options for the most accurate security assessment of their cloud environment. Security teams will have multiple hybrid assessment capabilities to secure the entire cloud attack surface including: Zero-touch, agent-less, cloud service provider API-based scanning for fast analysis. Virtual appliance-based scanning to assess unknown workloads over the network for open ports and remotely exploitable vulnerability detection. Snapshot assessment that mounts the workload snapshot for periodic offline scanning including vulnerabilities and OSS scanning. Qualys Cloud Agents in the workload for comprehensive, real-time vulnerability, configuration and security assessment. Qualys TotalCloud provides security teams with: Immediate multi-cloud posture insights ​— The unified cloud posture dashboard provides inventory, security and compliance posture insights across multi-cloud environments in minutes. Teams can easily identify and prioritize the misconfigurations that cause the highest risk with additional context on workload vulnerability and security posture. Unified security view to prioritize cloud risk with TruRisk ​— A single view of cloud security insights across cloud workloads, services and resources is provided via the console. Additionally, Qualys TruRisk quantifies security risk by workload criticality and vulnerability detections and correlates it with ransomware, malware and exploitation threat intelligence to prioritize, trace and reduce risk. Fast remediation with no code, drag-and-drop workflows ​— The integration of QFlow technology into TotalCloud saves security and DevOps teams valuable time and resources. Automation and no-code, drag-and-drop workflows help simplify the time-consuming operational tasks of assessing vulnerabilities on ephemeral cloud assets, alerting on high-profile threats, remediating misconfigurations, and quarantining high-risk assets. Shift-left security to catch issues early ​— TotalCloud provides shift-left security integrated into developers existing CI/CD tools to continuously assess cloud workloads, containers and Infrastructure as Code (IaC) artifacts. This allows for the rapid identification of security exposures and remediation steps during the development, build and pre-deployment stages while providing support for the major cloud providers including AWS, Azure and Google Cloud. “Cloud security is getting very fragmented with too many point solutions, which brings more complexity,” said Sumedh Thakar, president and CEO of Qualys. “Our customers want seamless, comprehensive insight into cyber risk across their multi-cloud and non-cloud assets. With our innovative TotalCloud offering, we bring flexible, high-quality cloud-native risk assessment to our customer base as they look to expand into the cloud with Qualys.” To read more news and exclusive features see our latest issue here. Never miss a story… Follow us on:  Security Buyer  @SecurityBuyer  @SecbuyerME Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Qualys Introduces TotalCloud Read More »

Qualys

Qualys Acquires Blue Hexagon’s AI/Machine Learning Platform

Middle East News Desk /

AI/ML technology to transform Qualys’ massive data lake into a powerful predictive analytics platform that performs real-time zero-day threat detection Qualys, Inc. a provider of disruptive cloud-based IT, security and compliance solutions, has announced it has acquired the assets of Blue Hexagon. This brings AI/machine learning (AI/ML) to the Qualys Cloud Platform to help convert petabytes of highly integrated data into meaningful insights for customers. This acquisition will enable Qualys to leverage its powerful Cloud Platform and its more than 10 trillion data points to uncover behavior patterns including active vulnerability exploitation, identification of advanced network threats, and adaptive risk mitigation across all assets and applications. This dynamic combination of highly integrated security data with machine learning technology will bring predictive and automated reduction of cyber security risk to Qualys customers. “The team and I are delighted to join such an innovative, industry-leading cloud security company,” said Nayeem Islam, CEO and co-founder of Blue Hexagon. “Our deep learning-based Network Detection and Response products augment Qualys’ massive security data lake with network data and deep learning, enabling enhanced security risk assessment and detection.” Blue Hexagon is an AI/ML innovator of Cloud Threat Detection and Response solutions enabling enterprises to adopt the public cloud securely through real-time detection of several types of cloud attacks, from supply chain infection in containers and storage, to crypto miners and APTs with command and control, to unauthorized activity from malicious actors. The Blue Hexagon AI/ML technology will be integrated throughout the Qualys Cloud Platform allowing customers to: Detect active vulnerability exploitations — Blue Hexagon’s AI/ML-based threat detection capability, integrated into Qualys VMDR, will augment vulnerability assessment by detecting active exploitations based on behavior patterns and suspicious activities over the network. Implement adaptive risk mitigation — Leverage the Qualys Cloud Platform for predictive analytics to reduce the risk of open vulnerabilities and threats including exposure of business-critical assets with adaptive mitigations. Augment detection and response with the context of network threats — Blue Hexagon’s AI/ML-driven network detection will allow Qualys Multi-Vector EDR and Context XDR to collect, inspect and analyze network telemetry, protocols and traffic in an agentless manner, including encrypted traffic, for early signs of ransomware and malware attacks. “It is a pleasure to welcome the brightest minds in AI/ML and cybersecurity to the Qualys team,” said Sumedh Thakar, president and CEO of Qualys. “Qualys’ mission is helping organizations identify and reduce cyber risks, and the blue hexagon platform will enable us to provide powerful context-aware insights that will enhance our customers’ cyber resilience.” All Blue Hexagon employees are joining the Qualys team with Nayeem Islam becoming vice president of product management for the threat analytics platform. To read more news and exclusive features see our latest issue here. Never miss a story… Follow us on:  Security Buyer  @SecurityBuyer  @SecbuyerME Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Qualys Acquires Blue Hexagon’s AI/Machine Learning Platform Read More »

Qualys Brings EASM to Cloud Platform

Middle East News Desk /

Qualys, Inc., a pioneer and provider of disruptive cloud-based IT, security and compliance solutions, has announced it is adding External Attack Surface Management (EASM) capabilities to the Qualys Cloud Platform. Integrated into CyberSecurity Asset Management 2.0, the new component adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface. Digital transformation, increased adoption of cloud and Internet of Things (IoT), a growing remote workforce, and a technology talent shortage have led to an exponential rise in organisations’ attack surface. This expansion makes it harder for security teams to correlate externally visible and internally managed assets and govern compromises that occur because of undiscovered, unmanaged, or poorly managed IT assets. Organisations need a new approach to view vulnerable assets from the outside in and execute like an attacker to quickly identify areas of risk. “Organisations must proactively manage their cyber defenses, which includes finding and addressing vulnerabilities to reduce cyber risk,” said Michelle Abraham, research director, Security and Trust at IDC. “Qualys’ unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its Vulnerability Management, Detection and Response (VMDR) solution into a single view. As a result, organisations can better identify undiscovered assets and immediately access and mitigate the cyber risk within the same workflow.” “Qualys CyberSecurity Asset Management provides invaluable attack surface insights from an external attacker’s point of view,” said Mike Orosz, vice president information and product security at Vertiv. “This view allows us to proactively augment our vulnerability management program by discovering risks presented by previously unknown internet-facing devices. Additionally, the automated workflows enable us to prioritise security engineering actions that will reduce cyber risk and rapidly improve our company’s security.” Qualys CyberSecurity Asset Management 2.0 with EASM enables organisations to continuously monitor and reduce the entire enterprise attack surface including internal and internet-facing assets and discover previously unidentified exposures. It also helps synchronise with CMDBs, detect security gaps like unauthorised or end-of-support software, open ports, remotely exploitable vulnerabilities, digital certificate issues, unsanctioned apps and domains, and mitigate risk by taking appropriate actions. Qualys CyberSecurity Asset Management with EASM allows Security and IT teams to: Uncover Gaps Across the Entire Attack Surface — From a single cloud platform, the solution continuously discovers and accurately classifies internal and external internet-facing assets. It automatically finds your subsidiaries, performs horizontal and vertical domain and subdomain enumeration, correlates WHOIS and DNS records and attributes assets to your organisation. Get a Reliable, Accurate View Aligning Security and IT Ops — Augment uncertain, outdated data in your CMDB with CyberSecurity Asset Management. Teams can capture unmanaged assets and gain a single source of truth for internet-facing assets, along with location and context, through automatic synchronisation with enterprise CMDBs and vulnerability management to streamline ongoing attack surface monitoring and response. Rapidly Remediate Risk with Native VMDR 2.0 Integration — CyberSecurity Asset Management 2.0 and Qualys VMDR 2.0 improve the cybersecurity program posture with TruRisk scoring and automated and one-click orchestration of vulnerability and remediation workflows to convert internet-facing assets into fully managed and patched assets. “Achieving full asset visibility remains one of cybersecurity’s most elusive goals,” said Sumedh Thakar, president and CEO of Qualys. “CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to comprehensively address the increased threat landscape. Taking protection a step further, we’ve natively integrated the solution with Qualys VMDR so organizations can prioritise vulnerabilities and asset groups based on risk and proactively remediate to quickly reduce exposure.” For more news and exclusive features, please see our Q2 issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Qualys Brings EASM to Cloud Platform Read More »

Qualys Brings EASM to Cloud Platform

News Desk /

Qualys, Inc., a pioneer and provider of disruptive cloud-based IT, security and compliance solutions, has announced it is adding External Attack Surface Management (EASM) capabilities to the Qualys Cloud Platform. Integrated into CyberSecurity Asset Management 2.0, the new component adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface. Digital transformation, increased adoption of cloud and Internet of Things (IoT), a growing remote workforce, and a technology talent shortage have led to an exponential rise in organisations’ attack surface. This expansion makes it harder for security teams to correlate externally visible and internally managed assets and govern compromises that occur because of undiscovered, unmanaged, or poorly managed IT assets. Organisations need a new approach to view vulnerable assets from the outside in and execute like an attacker to quickly identify areas of risk. “Organisations must proactively manage their cyber defenses, which includes finding and addressing vulnerabilities to reduce cyber risk,” said Michelle Abraham, research director, Security and Trust at IDC. “Qualys’ unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its Vulnerability Management, Detection and Response (VMDR) solution into a single view. As a result, organisations can better identify undiscovered assets and immediately access and mitigate the cyber risk within the same workflow.” “Qualys CyberSecurity Asset Management provides invaluable attack surface insights from an external attacker’s point of view,” said Mike Orosz, vice president information and product security at Vertiv. “This view allows us to proactively augment our vulnerability management program by discovering risks presented by previously unknown internet-facing devices. Additionally, the automated workflows enable us to prioritise security engineering actions that will reduce cyber risk and rapidly improve our company’s security.” Qualys CyberSecurity Asset Management 2.0 with EASM enables organisations to continuously monitor and reduce the entire enterprise attack surface including internal and internet-facing assets and discover previously unidentified exposures. It also helps synchronise with CMDBs, detect security gaps like unauthorised or end-of-support software, open ports, remotely exploitable vulnerabilities, digital certificate issues, unsanctioned apps and domains, and mitigate risk by taking appropriate actions. Qualys CyberSecurity Asset Management with EASM allows Security and IT teams to: Uncover Gaps Across the Entire Attack Surface — From a single cloud platform, the solution continuously discovers and accurately classifies internal and external internet-facing assets. It automatically finds your subsidiaries, performs horizontal and vertical domain and subdomain enumeration, correlates WHOIS and DNS records and attributes assets to your organisation. Get a Reliable, Accurate View Aligning Security and IT Ops — Augment uncertain, outdated data in your CMDB with CyberSecurity Asset Management. Teams can capture unmanaged assets and gain a single source of truth for internet-facing assets, along with location and context, through automatic synchronisation with enterprise CMDBs and vulnerability management to streamline ongoing attack surface monitoring and response. Rapidly Remediate Risk with Native VMDR 2.0 Integration — CyberSecurity Asset Management 2.0 and Qualys VMDR 2.0 improve the cybersecurity program posture with TruRisk scoring and automated and one-click orchestration of vulnerability and remediation workflows to convert internet-facing assets into fully managed and patched assets. “Achieving full asset visibility remains one of cybersecurity’s most elusive goals,” said Sumedh Thakar, president and CEO of Qualys. “CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to comprehensively address the increased threat landscape. Taking protection a step further, we’ve natively integrated the solution with Qualys VMDR so organizations can prioritise vulnerabilities and asset groups based on risk and proactively remediate to quickly reduce exposure.” For more news updates, check out our June issue here. Media contact  Rebecca Morpeth Spayne,  Editor, Security Portfolio  Tel: +44 (0) 1622 823 922

Qualys Brings EASM to Cloud Platform Read More »

Qualys

Qualys delivers Multi-Vector EDR 2.0

News Desk /

Qualys, a provider of disruptive cloud-based IT, security and compliance solutions, has announced Multi-Vector EDR 2.0 with additional threat-hunting and risk mitigation capabilities improving alert prioritisation and reducing the time needed to respond to threats. Security practitioners are inundated with alerts, which burdens them to prioritise the ones that represent the riskiest threats, wastes their valuable time and exposes their organisations to increased risk. Yet, traditional endpoint detection and response (EDR) solutions still focus solely on endpoint activity to detect attacks and incorporate only MITRE ATT&CK techniques – not tactics. As a result, practitioners are forced to rely on additional tools to improve their cyber risk posture leading to slow and incomplete threat remediation actions. EDR needs to evolve to scale and provide more meaningful threat context, in near real time, to meet the challenges of the modern threat landscape. “Effective endpoint protection starts with reducing the amount and severity of instances the security team needs to address,” said Michael Suby, Vice President of research at IDC. “Qualys leverages its Cloud Platform to analyse context and data points via its integration with vulnerability and patch management along with device controls to reduce the volume of incoming incidents. This volume reduction is a key factor in saving time and resources, as it allows teams to focus on the riskiest threats that matter the most, ensuring their attack surface is less exposed.” The updated Qualys Multi-Vector EDR operationalises MITRE ATT&CK tactics and techniques allowing security practitioners to quickly analyse and respond to threats. Additionally, the Qualys Cloud Platform’s extended prediction and prevention capabilities provide orchestrated access to multiple context vectors including asset criticality, vulnerabilities, system misconfigurations, and recommended patches via a single agent and unified dashboard. Qualys Multi-Vector EDR’s comprehensive approach prevents future attacks by identifying and eliminating vulnerabilities exploited by malware. Through native integration with Qualys VMDR, practitioners can pivot from a single malware incident, such as Conti, to identifying all assets susceptible to CVEs associated with the malware and then patch via Qualys Patch Management. Qualys Multi-Vector EDR provides: · Comprehensive Threat Response – the solution leverages dynamic analysis from MITRE ATT&CK Threat Context Mapping and the rich Qualys Cloud Threat Database to prioritise threat response and improve the remediation of vulnerabilities and system misconfigurations. · Holistic Multi-Vector Security – Native integration with other Qualys Cloud Platform apps provides the risk posture and rich asset criticality context that eliminates the blind spots of stand-alone EDR solutions while also improving remediation and response times. · Easy to Deploy, Use and Manage – Organisations can enable EDR with one click on a single agent providing asset inventory and vulnerability risk context along with patch management to comprehensively reduce the risk of compromise. “Traditional EDR products solely focus on detecting threat activity on the endpoint, but what organisations want is to mitigate overall security risk to avoid attacks,” said Sumedh Thakar, President and CEO of Qualys. “By combining Qualys Multi-Vector EDR with VMDR and patch management, Qualys helps organisations focus on eliminating the riskiest threats quickly while strengthening their cyber resilience.” Qualys successfully participated in its first year of MITRE Engenuity Evaluations, round 4. Its Multi-Vector EDR detected the simulated adversary throughout the attack chain. Overall, the solution detected 100% of the tested steps and returned 74% visibility into the entire attack chain. The results attest to how Multi-Vector EDR leverages the Qualys Cloud Platform to sift through the noise to surface the data that matters most to the security team while also providing detections throughout the attack.   To read more exclusive features and latest news please see our April issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Qualys delivers Multi-Vector EDR 2.0 Read More »

Qualys

Qualys delivers Multi-Vector EDR 2.0

Middle East News Desk /

Qualys, a provider of disruptive cloud-based IT, security and compliance solutions, has announced Multi-Vector EDR 2.0 with additional threat-hunting and risk mitigation capabilities improving alert prioritisation and reducing the time needed to respond to threats. Security practitioners are inundated with alerts, which burdens them to prioritise the ones that represent the riskiest threats, wastes their valuable time and exposes their organisations to increased risk. Yet, traditional endpoint detection and response (EDR) solutions still focus solely on endpoint activity to detect attacks and incorporate only MITRE ATT&CK techniques – not tactics. As a result, practitioners are forced to rely on additional tools to improve their cyber risk posture leading to slow and incomplete threat remediation actions. EDR needs to evolve to scale and provide more meaningful threat context, in near real time, to meet the challenges of the modern threat landscape. “Effective endpoint protection starts with reducing the amount and severity of instances the security team needs to address,” said Michael Suby, Vice President of research at IDC. “Qualys leverages its Cloud Platform to analyse context and data points via its integration with vulnerability and patch management along with device controls to reduce the volume of incoming incidents. This volume reduction is a key factor in saving time and resources, as it allows teams to focus on the riskiest threats that matter the most, ensuring their attack surface is less exposed.” The updated Qualys Multi-Vector EDR operationalises MITRE ATT&CK tactics and techniques allowing security practitioners to quickly analyse and respond to threats. Additionally, the Qualys Cloud Platform’s extended prediction and prevention capabilities provide orchestrated access to multiple context vectors including asset criticality, vulnerabilities, system misconfigurations, and recommended patches via a single agent and unified dashboard. Qualys Multi-Vector EDR’s comprehensive approach prevents future attacks by identifying and eliminating vulnerabilities exploited by malware. Through native integration with Qualys VMDR, practitioners can pivot from a single malware incident, such as Conti, to identifying all assets susceptible to CVEs associated with the malware and then patch via Qualys Patch Management. Qualys Multi-Vector EDR provides: · Comprehensive Threat Response – the solution leverages dynamic analysis from MITRE ATT&CK Threat Context Mapping and the rich Qualys Cloud Threat Database to prioritise threat response and improve the remediation of vulnerabilities and system misconfigurations. · Holistic Multi-Vector Security – Native integration with other Qualys Cloud Platform apps provides the risk posture and rich asset criticality context that eliminates the blind spots of stand-alone EDR solutions while also improving remediation and response times. · Easy to Deploy, Use and Manage – Organisations can enable EDR with one click on a single agent providing asset inventory and vulnerability risk context along with patch management to comprehensively reduce the risk of compromise. “Traditional EDR products solely focus on detecting threat activity on the endpoint, but what organisations want is to mitigate overall security risk to avoid attacks,” said Sumedh Thakar, President and CEO of Qualys. “By combining Qualys Multi-Vector EDR with VMDR and patch management, Qualys helps organisations focus on eliminating the riskiest threats quickly while strengthening their cyber resilience.” Qualys successfully participated in its first year of MITRE Engenuity Evaluations, round 4. Its Multi-Vector EDR detected the simulated adversary throughout the attack chain. Overall, the solution detected 100% of the tested steps and returned 74% visibility into the entire attack chain. The results attest to how Multi-Vector EDR leverages the Qualys Cloud Platform to sift through the noise to surface the data that matters most to the security team while also providing detections throughout the attack.   To read more exclusive features and latest news please see our Q1 issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Qualys delivers Multi-Vector EDR 2.0 Read More »

automation

The case for automation in cybersecurity

Middle East News Desk /

Hadi Jaafarawi, Managing Director – Middle East at Qualys, discusses making the case for automation in security operations The cybersecurity industry, unfortunately, cannot claim to be in the business of good news. Threat actors ensure that we are continually warning of new vectors and techniques and advising new approaches to combat them. It is hardly controversial to suggest that COVID-19, apart from its horrendous impact on public health and population welfare, has impacted the ability of companies to keep their customers and employees safe from cyberattacks. Fresh complexities in the architecture of corporate technology infrastructures have left IT and security teams in catch-up mode — confused, overworked, and underequipped. In a short break from doom and gloom, a PwC global poll shared some good news. It showed around 69% of organisations are planning to increase their cybersecurity budgets in 2022, and more than a quarter (26%) plan increases of 11% or more. Such action will be vital in the United Arab Emirates (UAE) where, according to a VMware report, 80% of security professionals reported increases in the number of attacks their organisation faced, and attributed the surge directly to remote work. In November last year, Dr Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government again spoke of a cyber pandemic, having previously used the term publicly in December 2020 after reporting that the country had seen a 250% increase in attacks because of remote working. The persistence of skills gaps The Middle East has now-famous skills gaps in key technology areas at a time when technology is the answer to almost all public and corporate issues, from governance to operations to monetisation. But cybersecurity stands out as perhaps the most critical gap at a time when organisations have moved to the cloud in vast numbers and turned IT environments on their heads. Server farms are now multi-cloud ecosystems. Vetted, regularly patched corporate PCs are now rogue personal devices of unknown pedigree. Automation can plug some of these gaps. Attackers move quickly and adeptly, so the modern threat hunter cannot afford to rely on traditional patching cycles. Automation is a means to speed up many standard tasks and reduce execution errors. On the IT side of the equation, we see a lot of acceptance of automation. Measurable cost savings and proven efficiencies have driven more and more of it. To embrace automation at scale, the entire cybersecurity discipline may have to unlearn what it has learned and break with tradition. DevOps teams are unafraid to break and fix, break and fix, break and fix — employing an iterative approach to the improvement of an end-product. Security teams, however, are trained to minimise impact and ensure that every tool they use does not interfere with the infrastructure at large. Automation can help regional firms plug their security skills gaps, but only if they adopt the same experimental mentality of break and fix.   To read more exclusive features and latest news please see our Q1 issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

The case for automation in cybersecurity Read More »

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Scroll to Top