qualys inc (QLYS) Key Developments
Qualys, Inc. Announces General Availability of Web Application Firewall (WAF)
Feb 25 14
Qualys, Inc. announced the general availability of its QualysGuard Web Application Firewall (WAF) service for web applications running in Amazon EC2 and on-premise. Deployed as a virtual image alongside web applications, the QualysGuard WAF can be set up and configured within minutes, enabling organizations to easily provide protection for their websites. WAF technology shields websites by applying sets of rules to HTTP conversations to prevent them from being attacked, but the technology is typically costly and difficult to apply because the rules need to be updated often to cover application updates and to address changing threats. The QualysGuard WAF cloud service provides rapid deployment of robust security for web applications with minimal cost of ownership, and it is constantly updated with new rules to keep up with application updates and newly emerging threats. QualysGuard WAF offers: Easy, simple set-up. QualysGuard WAF is deployed as a virtual image alongside web applications. It can be set up and configured in minutes, requiring no equipment or admin resources or dedicated security staff to get set up and running. Real-time application defense and hardening. QualysGuard WAF blocks attacks against websites in real time. The service provides a shield around coding defects, application framework flaws, web server bugs, and improper configurations. Seamless, automatic updates, increasing security over time. Running on the QualysGuard Cloud Platform, the WAF service is updated automatically with new defenses from the Qualys research team, and the defense is activated intelligently according to specified policies -- all without disrupting the websites or site visitors. Centralized Cloud Management. Delivered via the QualysGuard Cloud Platform, WAF can be centrally managed from anywhere in the world via the QualysGuard console. It provides a clear dashboard showing timelines and geolocation graphs of events. The cloud platform also provides maximum efficiency by security events from all customers, with immediate rules deployment to all WAFs connected to it.
Qualys, Inc. Introduces Groundbreaking Continuous Monitoring Cloud Service for Global Perimeters
Feb 25 14
Qualys, Inc. introduced Continuous Monitoring, the most recent addition to its QualysGuard Cloud Platform. This new offering gives organizations the ability to proactively identify threats and unexpected changes in Internet-facing devices within their DMZ, cloud-based environments, and web applications, before they are breached by attackers. It brings a new paradigm to vulnerability management, empowering customers to continuously monitor mission-critical assets throughout their perimeter and immediately get alerted to anomalies that could expose them to cyber attacks.
Built on the QualysGuard Cloud Platform used by the majority of the Fortune 1,000 and thousands of companies around the world, this new service allows companies to continuously monitor: Hosts and devices exposed to the Internet - to see whenever systems appear, disappear, or are running unexpected operating systems. Digital certificates - to track SSL certificates used on systems to know if they are weak or self-signed, and when they're due to expire. Ports and services open on each system - to keep tabs on which network ports are open, which protocols are used, and whether they change over time. Vulnerabilities on hosts or applications - to know when vulnerabilities appear (or reappear), whether they can be exploited, and if patches are available. Applications installed on perimeter systems - to find out when application software gets installed or removed from these systems. When Continuous Monitoring detects changes in the perimeter that could lead to exploitation, it alerts the responsible IT staff assigned to these assets to take the appropriate mitigation measures. The immediate notification provided by Continuous Monitoring frees security teams from the delays and burdens of waiting for scheduled scanning windows and sifting through reports. In the MarketScope for Vulnerability Assessments, Gartner Analyst Kelly Kavanagh noted 'Gartner's vulnerability management life cycle activities include the secure configuration of IT assets, regular assessment of vulnerabilities and compliance with security configuration policies, remediation of vulnerabilities or security configuration issues, and ongoing monitoring to detect malicious events or activities. The use of VA products or services as a best practice has been incorporated into a number of prescriptive compliance regimes, including the PCI DSS, the U.S. Federal Information Security Management Act (FISMA) and desktop configuration requirements. In particular, the National Institute of Standards and Technology (NIST) 800-53 requirements for 'continuous monitoring' serve as an accelerator for the frequency of VA use'.
Risk I/O Partners with Qualys to Monitor Perimeter Security Risks
Feb 24 14
Risk I/O announced a partnership with Qualys where it has integrated QualysGuard Vulnerability Management (VM) into Risk I/O and bundled perimeter vulnerability scanning for its customers. For businesses that need to understand the vulnerability and threat risks of their organization's perimeter in real-time, the new integration enables them to sync their vulnerability data with Risk I/O's threat processing engine, allowing organizations to gain visibility into their most likely vector for a breach. Risk I/O's vulnerability threat management platform processes external Internet breach and exploit data and continuously matches it with vulnerability scan results. This happens on a near real-time basis allowing organizations to monitor their exposure to active Internet breaches and what vulnerabilities within their perimeters pose the greatest risks. With the addition of the QualysGuard vulnerability data, Risk I/O can now determine the likelihood of a breach in an organization's perimeter. Risk I/O processes over a billion vulnerabilities a month against Internet breach data for its users.
AlgoSec Partners with Qualys Allowing Organizations to Manage Security Risks in Business Context
Feb 19 14
AlgoSec and Qualys, Inc. announced their partnership to enable businesses to manage security and risk across their organizations. With the partnership, the latest version of the AlgoSec Security Management Suite includes integration with QualysGuard Vulnerability Management (VM) to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers. This provides customers with unprecedented visibility into the risk levels of data center applications -- even as they change -- enabling IT and security teams to effectively communicate with business stakeholders so they can "own their risk" by quickly taking the actions needed to mitigate IT security issues. The AlgoSec Security Management Suite delivers an automated and application-centric solution for managing complex policies across firewalls, routers, switches and web proxies to improve both security and business agility. The AlgoSec Suite bridges traditional gaps between security, network and application teams to simplify and automate data center and network operations. The AlgoSec Suite simplifies application delivery, streamlines change management, ensures continuous compliance, and delivers a tighter security policy that offers better protection against cyber-attacks.
Qualys, Inc. Presents at AGC Partner's 10th Annual West Coast InfoSec and Emerging Growth Conference, Feb-24-2014 11:00 AM
Feb 19 14
Qualys, Inc. Presents at AGC Partner's 10th Annual West Coast InfoSec and Emerging Growth Conference, Feb-24-2014 11:00 AM. Venue: Westin San Francisco Market Street, Metropolitan III - 2(nd) Floor, 50 Third Street, San Francisco, CA 94103, United States. Speakers: Donald C. McCauley, Chief Financial Officer and Principal Accounting Officer.