Risk
2/21/2013
01:16 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

TraceSecurity ACloud-based IT GRC Solution To SMEs And SMBs

TraceCSO delivers comprehensive visibility and accountability for improved risk and compliance profiles

LOS GATOS, Calif. -- Feb. 21, 2013 -- TraceSecurity, the pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, and Qualys, Inc., a pioneer and leading provider of cloud security and compliance management solutions, today announced an integration partnership enabling organizations to leverage their investments in QualysGuard® Vulnerability Management (VM) solution when deploying cloud-based comprehensive IT GRC programs from TraceSecurity's TraceCSO solution.

TraceCSO is the industry's first cloud solution for a holistic and risk-based information security program that delivers comprehensive visibility and accountability for improved risk and compliance profiles across all areas of an organization, including cloud environments. While TraceCSO is equipped with its own vulnerability management capabilities, this integration enables QualysGuard users to manage their vulnerability scan results within TraceCSO's centralized interface, and influence other areas of the TraceCSO IT GRC program, such as Risk, Audit, and Compliance Management, just as they would with TraceSecurity's own vulnerability management solution.

"Vulnerability management is core to IT GRC, and we are pleased to offer this integration with TraceCSO's unique cloud-based IT GRC program solution," said Philippe Courtot, chairman and CEO of Qualys. "This integration helps us further support the SMB and SME market by enabling customers to import results from QualysGuard scans into TraceSecurity's IT GRC solution designed for the mid-market."

Vulnerability management is a critical element of an IT GRC solution and an organization's overall information security program. While the identification, classification, remediation, and mitigation of vulnerabilities itself is important, it is essential that the information gathered from vulnerability scanning can impact other critical information security program functions such as risk management, IT auditing, and overall compliance postures to ensure the organization has a complete picture of its overall risk profile.

"We find that many of our prospects are also Qualys customers, and we were pleased to rapidly respond to meet their requests to integrate with QualysGuard," said Peter Stewart, president and CEO of TraceSecurity. "With seamless integration into TraceCSO's workflow, alerting, reporting, and ticketing systems, Qualys customers will continue to benefit from their investments in vulnerability management while leveraging a leading and complete cloud-based IT GRC software solution. We look forward to our continued work and development through this partnership with Qualys."

TraceCSO allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a comprehensive risk-based information security program, to protect their organizations from today's top information security risks, including cloud security and "bring your own device" (BYOD) concerns. Unlike current information security program solutions, which simply provide a console and no remediation tools, TraceCSO identifies and prioritizes risk to an organization's information – including network vulnerabilities – and identifies, implements and audits security controls. To help organizations stay current with the latest regulatory mandates specific to their industry, TraceCSO leverages a global database of hundreds of authorities and more than 25,000 regulations and citations.

About TraceSecurity

TraceSecurity, the leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions. The company's cloud-based services help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture. With more than 1,500 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, high-tech, insurance, government, education and other regulated sectors. Founded in 2004, the company has executive offices in Silicon Valley and offices in Baton Rouge, La. For more information, call (225) 612-2121 or visit www.tracesecurity.com.

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3562
Published: 2014-08-21
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVE-2014-3577
Published: 2014-08-21
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...

CVE-2014-5158
Published: 2014-08-21
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.

CVE-2014-5159
Published: 2014-08-21
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.

CVE-2014-5210
Published: 2014-08-21
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.