Risk
2/21/2013
01:16 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

TraceSecurity ACloud-based IT GRC Solution To SMEs And SMBs

TraceCSO delivers comprehensive visibility and accountability for improved risk and compliance profiles

LOS GATOS, Calif. -- Feb. 21, 2013 -- TraceSecurity, the pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, and Qualys, Inc., a pioneer and leading provider of cloud security and compliance management solutions, today announced an integration partnership enabling organizations to leverage their investments in QualysGuard® Vulnerability Management (VM) solution when deploying cloud-based comprehensive IT GRC programs from TraceSecurity's TraceCSO solution.

TraceCSO is the industry's first cloud solution for a holistic and risk-based information security program that delivers comprehensive visibility and accountability for improved risk and compliance profiles across all areas of an organization, including cloud environments. While TraceCSO is equipped with its own vulnerability management capabilities, this integration enables QualysGuard users to manage their vulnerability scan results within TraceCSO's centralized interface, and influence other areas of the TraceCSO IT GRC program, such as Risk, Audit, and Compliance Management, just as they would with TraceSecurity's own vulnerability management solution.

"Vulnerability management is core to IT GRC, and we are pleased to offer this integration with TraceCSO's unique cloud-based IT GRC program solution," said Philippe Courtot, chairman and CEO of Qualys. "This integration helps us further support the SMB and SME market by enabling customers to import results from QualysGuard scans into TraceSecurity's IT GRC solution designed for the mid-market."

Vulnerability management is a critical element of an IT GRC solution and an organization's overall information security program. While the identification, classification, remediation, and mitigation of vulnerabilities itself is important, it is essential that the information gathered from vulnerability scanning can impact other critical information security program functions such as risk management, IT auditing, and overall compliance postures to ensure the organization has a complete picture of its overall risk profile.

"We find that many of our prospects are also Qualys customers, and we were pleased to rapidly respond to meet their requests to integrate with QualysGuard," said Peter Stewart, president and CEO of TraceSecurity. "With seamless integration into TraceCSO's workflow, alerting, reporting, and ticketing systems, Qualys customers will continue to benefit from their investments in vulnerability management while leveraging a leading and complete cloud-based IT GRC software solution. We look forward to our continued work and development through this partnership with Qualys."

TraceCSO allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a comprehensive risk-based information security program, to protect their organizations from today's top information security risks, including cloud security and "bring your own device" (BYOD) concerns. Unlike current information security program solutions, which simply provide a console and no remediation tools, TraceCSO identifies and prioritizes risk to an organization's information – including network vulnerabilities – and identifies, implements and audits security controls. To help organizations stay current with the latest regulatory mandates specific to their industry, TraceCSO leverages a global database of hundreds of authorities and more than 25,000 regulations and citations.

About TraceSecurity

TraceSecurity, the leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions. The company's cloud-based services help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture. With more than 1,500 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, high-tech, insurance, government, education and other regulated sectors. Founded in 2004, the company has executive offices in Silicon Valley and offices in Baton Rouge, La. For more information, call (225) 612-2121 or visit www.tracesecurity.com.

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.