Analytics
2/19/2014
05:13 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AlgoSec Partners With Qualys

New Integration Delivers Application-Centric Vulnerability Management, Aggregating and Scoring Vulnerabilities Based on Risk and Continuously Monitoring for Changes within Data Center Environments

Boston, MA – (February 19, 2014) – AlgoSec, the market leader for Security Policy Management and Qualys, Inc. (NASDAQ:QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced their partnership to enable businesses to manage security and risk across their organizations. With the partnership, the latest version of the AlgoSec Security Management Suite includes integration with QualysGuard Vulnerability Management (VM) to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers. This provides customers with unprecedented visibility into the risk levels of data center applications – even as they change - enabling IT and security teams to effectively communicate with business stakeholders so they can "own their risk" by quickly taking the actions needed to mitigate IT security issues.

RSA Conference 2014
Click here for more articles about the RSA Conference.

"Good risk management influences business decision making, so risks should always be addressed in a business context," wrote Paul Proctor, Analyst, Gartner Inc. "This can be a challenge for IT leaders grounded in the technology-centric aspects of IT risk."1

"Today's cyber-attacks have a direct impact on the bottom line, yet organizations lack the visibility to manage risk from the business perspective," said Yuval Baron, Chairman, President and CEO, AlgoSec. "By integrating QualysGuard VM with our solution, we are changing this paradigm to provide application-centric vulnerability management, allowing organizations to manage security in the context of business and at the speed of business."

In addition to aggregating vulnerability information per business application, AlgoSec provides a security rating across each physical or virtual server. As application connectivity flows change, vulnerability scores are automatically updated to ensure the most up-to-date view of risk to a data center application. Additionally, AlgoSec provides an immediate view of any server that has not been scanned for vulnerabilities within a specific interval.

"Businesses today need the agility to continuously identify security issues and take the necessary steps to mitigate threats," said Philippe Courtot, chairman and CEO for Qualys. "With QualysGuard integrated into the AlgoSec Security Management Suite, customers can gain better visibility into the configurations and vulnerabilities in their environments to take the appropriate remediation or mitigation actions."

The AlgoSec Security Management Suite delivers an automated and application-centric solution for managing complex policies across firewalls, routers, switches and web proxies to improve both security and business agility. The AlgoSec Suite bridges traditional gaps between security, network and application teams to simplify and automate data center and network operations. The AlgoSec Suite simplifies application delivery, streamlines change management, ensures continuous compliance, and delivers a tighter security policy that offers better protection against cyber-attacks.

The AlgoSec Suite, with application-centric vulnerability management is available immediately. The new solution will be demonstrated at RSA at AlgoSec's booth #427.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVE-2014-9709
Published: 2015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.