Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/26/2015
08:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

BMC and Qualys Join Forces to Improve Enterprise Security

Integrated solution combines BMC BladeLogic and Qualys Vulnerability Management to quickly identify and remediate threats and boost collaboration between Security and IT Operations teams

SAN JOSE and REDWOOD CITY, Calif. – February 25, 2015 – As organizations move to become more digital, they must maintain the security and privacy of their digital assets: critical systems, data, and intellectual property. Today, BMC and Qualys announce the first solution to tie vulnerability information to automated remediation actions. This dramatically reduces the window of vulnerability while simultaneously improving IT operational performance. 

While data breaches can be catastrophic, most are preventable, as 80 percent of exploits utilize vulnerabilities with known fixes. One of the causes of successful attacks is the misalignment of objectives between the security team, responsible for identifying vulnerabilities, and the IT operations team, responsible for implementing the changes to the systems. This misalignment is the SecOps gap.

“Given the number of information security vulnerabilities that exist in the world today, security and IT operations can benefit tremendously from tighter collaboration and more efficient workflow,” said Michael Allen, information security officer at Morningstar, Inc. “With Intelligent Compliance, we now have an integrated solution to automate our information security processes, greatly reducing time and cost.”

The joint solution, Intelligent Compliance, addresses the gap through a combination of security and compliance audit data from Qualys Vulnerability Management (VM) with the associated action from BMC BladeLogic Server Automation to remediate the vulnerability.  Specifically, it helps:

·      Reduce the Window of Exposure to Vulnerabilities – accelerate remediation of vulnerabilities through automation

 

·      Avoid Downtime – make remediation actions predictable and safe, minimizing both planned and unplanned outages

 

·      Increase Speed and Frequency of Audits – run automated audits as frequently as needed, or even on-demand, without impacting other operational activities

 

·      Stay Compliant with Industry Regulations – take advantage of pre-built audit and remediation content for common policies

 

·      Lower the Cost of Audit and Remediation – automate actions that were previously manual

 

“The SecOps gap is a significant problem, undermining companies’ efforts to keep their customer information and intellectual property safe and secure,” said Phil Harris, CTO and president of Cloud and Data Center Automation at BMC. “The BladeLogic suite has always been a great way to remediate vulnerabilities and compliance issues quickly and safely, but now we are excited to combine that with Qualys’ extremely detailed vulnerability scanning data.”

“Reducing the window of exposure to vulnerabilities on critical systems is a fundamental proactive measure to deflect cyber attacks,” said Philippe Courtot, chairman, and CEO of Qualys, Inc. “Together with BMC, we can now offer the ability to not only identify threats in real time, but to significantly accelerate remediation while greatly reducing the time and cost required to conduct audits.”

Analyst perspective

Charles Kolodgy

Research vice president, secure products, IDC:

 

“Organizations face an escalating need to improve operational excellence in security and IT compliance, since the downsides of a security breach can be catastrophic.  One reason current approaches aren’t successful is a disconnect between security and operations teams.  The combination of vulnerability scanning solutions, like Qualys, and remediation solutions, like BMC BladeLogic, can improve a company's security posture and the IT organization's efficiency.  Any company in an industry or situation where security or compliance is important should investigate a combined solution like the Qualys and BMC integration.”

Availability

The integration between BladeLogic and Qualys is available now. For more information, current BMC and Qualys customers should contact their account managers, visit www.bmc.com/compliance, and join BMC and Qualys for a webinar, Get Complete IT Compliance: Reduce Risk and Cost, on March 10.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16271
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
CVE-2020-16272
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
CVE-2020-8574
PUBLISHED: 2020-08-03
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
CVE-2020-8575
PUBLISHED: 2020-08-03
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
CVE-2020-12739
PUBLISHED: 2020-08-03
A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. The vulnerability is due to improper design or implementation of the Ethernet communication modules of the CNC. An attack...