Vulnerabilities / Threats
10/24/2012
03:02 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Qualys Introduces Predictive Analytics Engine For Zero-Day And Microsoft Patch Tuesday Vulnerabilities

QualysGuard Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard

REDWOOD CITY, Calif. – Oct. 24, 2012 – Qualys Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced at the Qualys Security Conference in Las Vegas, twitter #qsc2012, that QualysGuard® Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard and threat reports for zero-days and Microsoft Patch Tuesday Analysis. These reports provide security professionals with insight into zero-days and upcoming security patches along with exposure ratings, helping them plan and prioritize remediation of the associated vulnerabilities including Verisign's iDefense exclusive zero-day vulnerabilities and global threats.

"Analyzing the impact of Patch Tuesday and zero-day vulnerabilities is a challenging task for IT departments," said Charles Kolodgy, research vice president, Secure Products for IDC. "Providing an instant view of where the impact of the new vulnerabilities are will help customers better assess their risk exposures and therefore allow them to allocate the needed resources to eliminate or mitigate these threats."

Without launching any new scans, the new dashboard and threat reports leverage the vulnerability predictive analytics engine to provide the following:

· Dashboard widget that provides easy-to-read view of the latest Microsoft security bulletins including the percentage of potentially impacted IT assets in the network.

· Microsoft bulletin references linked to vulnerabilities with detailed descriptions of threat, impact and solutions, in addition to potential associated known exploits and malware from multiple sources.

· Vulnerability prediction report per Microsoft bulletin with affected host breakdown by asset groups in the network.

· Search capabilities to search, scan and report on vulnerabilities over specific time periods, affecting different products or software.

· Latest information and signatures for iDefense exclusive zero-day threats with customizable alerts on new zero-days along with a threat report providing the list of IT assets that are potentially impacted by the zero-day.

"Two years back we introduced a patch report in QualysGuard to help IT professionals drive remediation efforts more effectively," said Philippe Courtot, chairman and CEO for Qualys. "Today we are taking another step forward by providing an innovative vulnerability prediction engine for zero-days and Microsoft Patch Tuesday vulnerabilities that predicts potential impact without the need to perform additional scans, so customers can take action the day of the release to minimize their risk of exposure."

About QualysGuard Cloud Platform

The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions helps provide organizations of all sizes with a global view of their security and compliance posture, while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enable customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.

About QualysGuard Vulnerability Management

QualysGuard Vulnerability Management, or QualysGuard VM, is an industry leading and award-winning solution that automates network auditing and vulnerability management across an organization, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. Driven by our comprehensive KnowledgeBase of known vulnerabilities, QualysGuard VM enables cost-effective protection against vulnerabilities without substantial resource deployment.

About Qualys

Qualys Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit www.qualys.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web