Analytics
2/19/2014
05:13 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

AlgoSec Partners With Qualys

New Integration Delivers Application-Centric Vulnerability Management, Aggregating and Scoring Vulnerabilities Based on Risk and Continuously Monitoring for Changes within Data Center Environments

Boston, MA – (February 19, 2014) – AlgoSec, the market leader for Security Policy Management and Qualys, Inc. (NASDAQ:QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced their partnership to enable businesses to manage security and risk across their organizations. With the partnership, the latest version of the AlgoSec Security Management Suite includes integration with QualysGuard Vulnerability Management (VM) to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers. This provides customers with unprecedented visibility into the risk levels of data center applications – even as they change - enabling IT and security teams to effectively communicate with business stakeholders so they can "own their risk" by quickly taking the actions needed to mitigate IT security issues.

RSA Conference 2014
Click here for more articles about the RSA Conference.

"Good risk management influences business decision making, so risks should always be addressed in a business context," wrote Paul Proctor, Analyst, Gartner Inc. "This can be a challenge for IT leaders grounded in the technology-centric aspects of IT risk."1

"Today's cyber-attacks have a direct impact on the bottom line, yet organizations lack the visibility to manage risk from the business perspective," said Yuval Baron, Chairman, President and CEO, AlgoSec. "By integrating QualysGuard VM with our solution, we are changing this paradigm to provide application-centric vulnerability management, allowing organizations to manage security in the context of business and at the speed of business."

In addition to aggregating vulnerability information per business application, AlgoSec provides a security rating across each physical or virtual server. As application connectivity flows change, vulnerability scores are automatically updated to ensure the most up-to-date view of risk to a data center application. Additionally, AlgoSec provides an immediate view of any server that has not been scanned for vulnerabilities within a specific interval.

"Businesses today need the agility to continuously identify security issues and take the necessary steps to mitigate threats," said Philippe Courtot, chairman and CEO for Qualys. "With QualysGuard integrated into the AlgoSec Security Management Suite, customers can gain better visibility into the configurations and vulnerabilities in their environments to take the appropriate remediation or mitigation actions."

The AlgoSec Security Management Suite delivers an automated and application-centric solution for managing complex policies across firewalls, routers, switches and web proxies to improve both security and business agility. The AlgoSec Suite bridges traditional gaps between security, network and application teams to simplify and automate data center and network operations. The AlgoSec Suite simplifies application delivery, streamlines change management, ensures continuous compliance, and delivers a tighter security policy that offers better protection against cyber-attacks.

The AlgoSec Suite, with application-centric vulnerability management is available immediately. The new solution will be demonstrated at RSA at AlgoSec's booth #427.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0103
Published: 2014-07-29
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

CVE-2014-0475
Published: 2014-07-29
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

CVE-2014-0889
Published: 2014-07-29
Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedule Management through 6.0.3, allow remote atta...

CVE-2014-2226
Published: 2014-07-29
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtains sensitive information via unspecified vectors.

CVE-2014-3020
Published: 2014-07-29
install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 before FP33 in IBM Tivoli Integrated Portal (TIP) 2.1 and 2.2 sets world-writable permissions for the installRoot directory tree, which allows local users to gain privileges via a Trojan horse program.

Best of the Web
Dark Reading Radio