Analytics
2/19/2014
05:13 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

AlgoSec Partners With Qualys

New Integration Delivers Application-Centric Vulnerability Management, Aggregating and Scoring Vulnerabilities Based on Risk and Continuously Monitoring for Changes within Data Center Environments

Boston, MA – (February 19, 2014) – AlgoSec, the market leader for Security Policy Management and Qualys, Inc. (NASDAQ:QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced their partnership to enable businesses to manage security and risk across their organizations. With the partnership, the latest version of the AlgoSec Security Management Suite includes integration with QualysGuard Vulnerability Management (VM) to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers. This provides customers with unprecedented visibility into the risk levels of data center applications – even as they change - enabling IT and security teams to effectively communicate with business stakeholders so they can "own their risk" by quickly taking the actions needed to mitigate IT security issues.

RSA Conference 2014
Click here for more articles about the RSA Conference.

"Good risk management influences business decision making, so risks should always be addressed in a business context," wrote Paul Proctor, Analyst, Gartner Inc. "This can be a challenge for IT leaders grounded in the technology-centric aspects of IT risk."1

"Today's cyber-attacks have a direct impact on the bottom line, yet organizations lack the visibility to manage risk from the business perspective," said Yuval Baron, Chairman, President and CEO, AlgoSec. "By integrating QualysGuard VM with our solution, we are changing this paradigm to provide application-centric vulnerability management, allowing organizations to manage security in the context of business and at the speed of business."

In addition to aggregating vulnerability information per business application, AlgoSec provides a security rating across each physical or virtual server. As application connectivity flows change, vulnerability scores are automatically updated to ensure the most up-to-date view of risk to a data center application. Additionally, AlgoSec provides an immediate view of any server that has not been scanned for vulnerabilities within a specific interval.

"Businesses today need the agility to continuously identify security issues and take the necessary steps to mitigate threats," said Philippe Courtot, chairman and CEO for Qualys. "With QualysGuard integrated into the AlgoSec Security Management Suite, customers can gain better visibility into the configurations and vulnerabilities in their environments to take the appropriate remediation or mitigation actions."

The AlgoSec Security Management Suite delivers an automated and application-centric solution for managing complex policies across firewalls, routers, switches and web proxies to improve both security and business agility. The AlgoSec Suite bridges traditional gaps between security, network and application teams to simplify and automate data center and network operations. The AlgoSec Suite simplifies application delivery, streamlines change management, ensures continuous compliance, and delivers a tighter security policy that offers better protection against cyber-attacks.

The AlgoSec Suite, with application-centric vulnerability management is available immediately. The new solution will be demonstrated at RSA at AlgoSec's booth #427.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

CVE-2014-3409
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVE-2014-3636
Published: 2014-10-25
D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.