Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/7/2018
08:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Qualys Introduces Out-of-Band Configuration Assessment

New Qualys Cloud Platform extension allows customers to get full visibility of security and compliance posture across inaccessible, sensitively located assets.

LAS VEGAS – Black Hat USA 2018, Booth #204 – August 6, 2018 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced a new Out-of-Band Configuration Assessment (OCA) module that allows customers to achieve complete visibility of all known IT infrastructure by pushing vulnerability and configuration data to the Qualys Cloud Platform from systems that are otherwise difficult or impossible to assess.

OCA’s expanded data collection approach completes customers’ global IT asset visibility by significantly broadening the types of technologies supported by the Qualys Cloud Platform. An API-based sensor module, OCA enables customers to add metadata from unscanned assets into the Qualys Cloud Platform to gain deeper assessment of configuration, and achieve better visibility of potentially critical vulnerabilities across their full environment.

Security teams strive to minimize risk by securing all enterprise assets from cyber threats. However, a sub-set of these assets may remain at risk due to remote scanning challenges such as inaccessible locations, placement on highly secure disconnected “air gap” networks or with sensitivity to scans. Qualys OCA offers customers a simple alternative method to reduce that risk by assessing the security of these critical disconnected assets via an API that extracts asset, configuration and vulnerability data and delivers it into the Qualys Cloud Platform for inclusion in their overall security and compliance program.

“This new groundbreaking method of data extraction helps customers extend their single-pane-of-glass visibility to all assets, which is a key first step to ensuring continuous security,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “As a new addition to the Qualys sensor family, Out-of-Band Configuration Assessment gives customers the ability to broaden compliance programs to include such highly locked-down devices and those on air-gapped networks.”

Qualys Out-of-Band Configuration Assessment offers customers:

● Flexible Data Collection: Offline and inaccessible device metadata and configurations can be collected out of band via automation or manually, and then uploaded into the Qualys Cloud Platform via API or directly via the simple user interface.

● Multiple Cloud Apps Supported: Data collected via OCA is shared across apps in the Qualys Cloud Platform, and currently leveraged by Asset Inventory, Policy Compliance, and Vulnerability Management. The data is processed and treated just like data from agents or scanners, allowing these data to be incorporated into existing compliance and vulnerability reporting.

● Automated and Customizable Data Collection: Customers can automate their process for data collection and integration to suit their unique needs. They control how, when, and what data is accessed on their devices and by whom.

The Qualys Sensor Family

Part of the Qualys Cloud Platform, the Qualys family of sensors provide customers continuous visibility on premises, at endpoints or in the cloud. Qualys Cloud Platform sensors are always on, giving you continuous 2-second visibility of all your IT assets. Remotely deployable, centrally managed and self-updating, the sensors come as physical or virtual appliances or lightweight agents, as well as the OCA module. Qualys also offers native integrations with third-party cloud platforms for full visibility.

Licensing and Availability

Qualys OCA module is free. Customers can allocate a sub-set of licenses to this module. Qualys OCA will be generally available starting in September.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16319
PUBLISHED: 2019-09-15
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
CVE-2019-16320
PUBLISHED: 2019-09-15
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.
CVE-2019-16321
PUBLISHED: 2019-09-15
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.