Vulnerabilities / Threats
10/24/2012
03:02 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Qualys Introduces Predictive Analytics Engine For Zero-Day And Microsoft Patch Tuesday Vulnerabilities

QualysGuard Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard

REDWOOD CITY, Calif. – Oct. 24, 2012 – Qualys Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced at the Qualys Security Conference in Las Vegas, twitter #qsc2012, that QualysGuard® Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard and threat reports for zero-days and Microsoft Patch Tuesday Analysis. These reports provide security professionals with insight into zero-days and upcoming security patches along with exposure ratings, helping them plan and prioritize remediation of the associated vulnerabilities including Verisign's iDefense exclusive zero-day vulnerabilities and global threats.

"Analyzing the impact of Patch Tuesday and zero-day vulnerabilities is a challenging task for IT departments," said Charles Kolodgy, research vice president, Secure Products for IDC. "Providing an instant view of where the impact of the new vulnerabilities are will help customers better assess their risk exposures and therefore allow them to allocate the needed resources to eliminate or mitigate these threats."

Without launching any new scans, the new dashboard and threat reports leverage the vulnerability predictive analytics engine to provide the following:

· Dashboard widget that provides easy-to-read view of the latest Microsoft security bulletins including the percentage of potentially impacted IT assets in the network.

· Microsoft bulletin references linked to vulnerabilities with detailed descriptions of threat, impact and solutions, in addition to potential associated known exploits and malware from multiple sources.

· Vulnerability prediction report per Microsoft bulletin with affected host breakdown by asset groups in the network.

· Search capabilities to search, scan and report on vulnerabilities over specific time periods, affecting different products or software.

· Latest information and signatures for iDefense exclusive zero-day threats with customizable alerts on new zero-days along with a threat report providing the list of IT assets that are potentially impacted by the zero-day.

"Two years back we introduced a patch report in QualysGuard to help IT professionals drive remediation efforts more effectively," said Philippe Courtot, chairman and CEO for Qualys. "Today we are taking another step forward by providing an innovative vulnerability prediction engine for zero-days and Microsoft Patch Tuesday vulnerabilities that predicts potential impact without the need to perform additional scans, so customers can take action the day of the release to minimize their risk of exposure."

About QualysGuard Cloud Platform

The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions helps provide organizations of all sizes with a global view of their security and compliance posture, while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enable customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.

About QualysGuard Vulnerability Management

QualysGuard Vulnerability Management, or QualysGuard VM, is an industry leading and award-winning solution that automates network auditing and vulnerability management across an organization, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. Driven by our comprehensive KnowledgeBase of known vulnerabilities, QualysGuard VM enables cost-effective protection against vulnerabilities without substantial resource deployment.

About Qualys

Qualys Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit www.qualys.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3409
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVE-2014-4620
Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

CVE-2014-4623
Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

CVE-2014-4624
Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

CVE-2014-6151
Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.