Risk
2/21/2013
01:16 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

TraceSecurity ACloud-based IT GRC Solution To SMEs And SMBs

TraceCSO delivers comprehensive visibility and accountability for improved risk and compliance profiles

LOS GATOS, Calif. -- Feb. 21, 2013 -- TraceSecurity, the pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, and Qualys, Inc., a pioneer and leading provider of cloud security and compliance management solutions, today announced an integration partnership enabling organizations to leverage their investments in QualysGuard® Vulnerability Management (VM) solution when deploying cloud-based comprehensive IT GRC programs from TraceSecurity's TraceCSO solution.

TraceCSO is the industry's first cloud solution for a holistic and risk-based information security program that delivers comprehensive visibility and accountability for improved risk and compliance profiles across all areas of an organization, including cloud environments. While TraceCSO is equipped with its own vulnerability management capabilities, this integration enables QualysGuard users to manage their vulnerability scan results within TraceCSO's centralized interface, and influence other areas of the TraceCSO IT GRC program, such as Risk, Audit, and Compliance Management, just as they would with TraceSecurity's own vulnerability management solution.

"Vulnerability management is core to IT GRC, and we are pleased to offer this integration with TraceCSO's unique cloud-based IT GRC program solution," said Philippe Courtot, chairman and CEO of Qualys. "This integration helps us further support the SMB and SME market by enabling customers to import results from QualysGuard scans into TraceSecurity's IT GRC solution designed for the mid-market."

Vulnerability management is a critical element of an IT GRC solution and an organization's overall information security program. While the identification, classification, remediation, and mitigation of vulnerabilities itself is important, it is essential that the information gathered from vulnerability scanning can impact other critical information security program functions such as risk management, IT auditing, and overall compliance postures to ensure the organization has a complete picture of its overall risk profile.

"We find that many of our prospects are also Qualys customers, and we were pleased to rapidly respond to meet their requests to integrate with QualysGuard," said Peter Stewart, president and CEO of TraceSecurity. "With seamless integration into TraceCSO's workflow, alerting, reporting, and ticketing systems, Qualys customers will continue to benefit from their investments in vulnerability management while leveraging a leading and complete cloud-based IT GRC software solution. We look forward to our continued work and development through this partnership with Qualys."

TraceCSO allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a comprehensive risk-based information security program, to protect their organizations from today's top information security risks, including cloud security and "bring your own device" (BYOD) concerns. Unlike current information security program solutions, which simply provide a console and no remediation tools, TraceCSO identifies and prioritizes risk to an organization's information – including network vulnerabilities – and identifies, implements and audits security controls. To help organizations stay current with the latest regulatory mandates specific to their industry, TraceCSO leverages a global database of hundreds of authorities and more than 25,000 regulations and citations.

About TraceSecurity

TraceSecurity, the leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions. The company's cloud-based services help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture. With more than 1,500 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, high-tech, insurance, government, education and other regulated sectors. Founded in 2004, the company has executive offices in Silicon Valley and offices in Baton Rouge, La. For more information, call (225) 612-2121 or visit www.tracesecurity.com.

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-1157
Published: 2015-05-27
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2)...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?