Risk
2/21/2013
01:16 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

TraceSecurity ACloud-based IT GRC Solution To SMEs And SMBs

TraceCSO delivers comprehensive visibility and accountability for improved risk and compliance profiles

LOS GATOS, Calif. -- Feb. 21, 2013 -- TraceSecurity, the pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, and Qualys, Inc., a pioneer and leading provider of cloud security and compliance management solutions, today announced an integration partnership enabling organizations to leverage their investments in QualysGuard® Vulnerability Management (VM) solution when deploying cloud-based comprehensive IT GRC programs from TraceSecurity's TraceCSO solution.

TraceCSO is the industry's first cloud solution for a holistic and risk-based information security program that delivers comprehensive visibility and accountability for improved risk and compliance profiles across all areas of an organization, including cloud environments. While TraceCSO is equipped with its own vulnerability management capabilities, this integration enables QualysGuard users to manage their vulnerability scan results within TraceCSO's centralized interface, and influence other areas of the TraceCSO IT GRC program, such as Risk, Audit, and Compliance Management, just as they would with TraceSecurity's own vulnerability management solution.

"Vulnerability management is core to IT GRC, and we are pleased to offer this integration with TraceCSO's unique cloud-based IT GRC program solution," said Philippe Courtot, chairman and CEO of Qualys. "This integration helps us further support the SMB and SME market by enabling customers to import results from QualysGuard scans into TraceSecurity's IT GRC solution designed for the mid-market."

Vulnerability management is a critical element of an IT GRC solution and an organization's overall information security program. While the identification, classification, remediation, and mitigation of vulnerabilities itself is important, it is essential that the information gathered from vulnerability scanning can impact other critical information security program functions such as risk management, IT auditing, and overall compliance postures to ensure the organization has a complete picture of its overall risk profile.

"We find that many of our prospects are also Qualys customers, and we were pleased to rapidly respond to meet their requests to integrate with QualysGuard," said Peter Stewart, president and CEO of TraceSecurity. "With seamless integration into TraceCSO's workflow, alerting, reporting, and ticketing systems, Qualys customers will continue to benefit from their investments in vulnerability management while leveraging a leading and complete cloud-based IT GRC software solution. We look forward to our continued work and development through this partnership with Qualys."

TraceCSO allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a comprehensive risk-based information security program, to protect their organizations from today's top information security risks, including cloud security and "bring your own device" (BYOD) concerns. Unlike current information security program solutions, which simply provide a console and no remediation tools, TraceCSO identifies and prioritizes risk to an organization's information – including network vulnerabilities – and identifies, implements and audits security controls. To help organizations stay current with the latest regulatory mandates specific to their industry, TraceCSO leverages a global database of hundreds of authorities and more than 25,000 regulations and citations.

About TraceSecurity

TraceSecurity, the leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions. The company's cloud-based services help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture. With more than 1,500 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, high-tech, insurance, government, education and other regulated sectors. Founded in 2004, the company has executive offices in Silicon Valley and offices in Baton Rouge, La. For more information, call (225) 612-2121 or visit www.tracesecurity.com.

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7241
Published: 2014-12-19
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

CVE-2014-7249
Published: 2014-12-19
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 992...

CVE-2014-7267
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268.

CVE-2014-7268
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267.

CVE-2014-8272
Published: 2014-12-19
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.