Vulnerabilities / Threats
10/24/2012
03:02 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Qualys Introduces Predictive Analytics Engine For Zero-Day And Microsoft Patch Tuesday Vulnerabilities

QualysGuard Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard

REDWOOD CITY, Calif. – Oct. 24, 2012 – Qualys Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced at the Qualys Security Conference in Las Vegas, twitter #qsc2012, that QualysGuard® Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard and threat reports for zero-days and Microsoft Patch Tuesday Analysis. These reports provide security professionals with insight into zero-days and upcoming security patches along with exposure ratings, helping them plan and prioritize remediation of the associated vulnerabilities including Verisign's iDefense exclusive zero-day vulnerabilities and global threats.

"Analyzing the impact of Patch Tuesday and zero-day vulnerabilities is a challenging task for IT departments," said Charles Kolodgy, research vice president, Secure Products for IDC. "Providing an instant view of where the impact of the new vulnerabilities are will help customers better assess their risk exposures and therefore allow them to allocate the needed resources to eliminate or mitigate these threats."

Without launching any new scans, the new dashboard and threat reports leverage the vulnerability predictive analytics engine to provide the following:

· Dashboard widget that provides easy-to-read view of the latest Microsoft security bulletins including the percentage of potentially impacted IT assets in the network.

· Microsoft bulletin references linked to vulnerabilities with detailed descriptions of threat, impact and solutions, in addition to potential associated known exploits and malware from multiple sources.

· Vulnerability prediction report per Microsoft bulletin with affected host breakdown by asset groups in the network.

· Search capabilities to search, scan and report on vulnerabilities over specific time periods, affecting different products or software.

· Latest information and signatures for iDefense exclusive zero-day threats with customizable alerts on new zero-days along with a threat report providing the list of IT assets that are potentially impacted by the zero-day.

"Two years back we introduced a patch report in QualysGuard to help IT professionals drive remediation efforts more effectively," said Philippe Courtot, chairman and CEO for Qualys. "Today we are taking another step forward by providing an innovative vulnerability prediction engine for zero-days and Microsoft Patch Tuesday vulnerabilities that predicts potential impact without the need to perform additional scans, so customers can take action the day of the release to minimize their risk of exposure."

About QualysGuard Cloud Platform

The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions helps provide organizations of all sizes with a global view of their security and compliance posture, while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enable customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.

About QualysGuard Vulnerability Management

QualysGuard Vulnerability Management, or QualysGuard VM, is an industry leading and award-winning solution that automates network auditing and vulnerability management across an organization, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. Driven by our comprehensive KnowledgeBase of known vulnerabilities, QualysGuard VM enables cost-effective protection against vulnerabilities without substantial resource deployment.

About Qualys

Qualys Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit www.qualys.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.