Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/24/2012
03:02 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Qualys Introduces Predictive Analytics Engine For Zero-Day And Microsoft Patch Tuesday Vulnerabilities

QualysGuard Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard

REDWOOD CITY, Calif. – Oct. 24, 2012 – Qualys Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced at the Qualys Security Conference in Las Vegas, twitter #qsc2012, that QualysGuard® Vulnerability Management will now feature vulnerability prediction capabilities within a new dashboard and threat reports for zero-days and Microsoft Patch Tuesday Analysis. These reports provide security professionals with insight into zero-days and upcoming security patches along with exposure ratings, helping them plan and prioritize remediation of the associated vulnerabilities including Verisign's iDefense exclusive zero-day vulnerabilities and global threats.

"Analyzing the impact of Patch Tuesday and zero-day vulnerabilities is a challenging task for IT departments," said Charles Kolodgy, research vice president, Secure Products for IDC. "Providing an instant view of where the impact of the new vulnerabilities are will help customers better assess their risk exposures and therefore allow them to allocate the needed resources to eliminate or mitigate these threats."

Without launching any new scans, the new dashboard and threat reports leverage the vulnerability predictive analytics engine to provide the following:

· Dashboard widget that provides easy-to-read view of the latest Microsoft security bulletins including the percentage of potentially impacted IT assets in the network.

· Microsoft bulletin references linked to vulnerabilities with detailed descriptions of threat, impact and solutions, in addition to potential associated known exploits and malware from multiple sources.

· Vulnerability prediction report per Microsoft bulletin with affected host breakdown by asset groups in the network.

· Search capabilities to search, scan and report on vulnerabilities over specific time periods, affecting different products or software.

· Latest information and signatures for iDefense exclusive zero-day threats with customizable alerts on new zero-days along with a threat report providing the list of IT assets that are potentially impacted by the zero-day.

"Two years back we introduced a patch report in QualysGuard to help IT professionals drive remediation efforts more effectively," said Philippe Courtot, chairman and CEO for Qualys. "Today we are taking another step forward by providing an innovative vulnerability prediction engine for zero-days and Microsoft Patch Tuesday vulnerabilities that predicts potential impact without the need to perform additional scans, so customers can take action the day of the release to minimize their risk of exposure."

About QualysGuard Cloud Platform

The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions helps provide organizations of all sizes with a global view of their security and compliance posture, while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enable customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.

About QualysGuard Vulnerability Management

QualysGuard Vulnerability Management, or QualysGuard VM, is an industry leading and award-winning solution that automates network auditing and vulnerability management across an organization, including network discovery and mapping, asset management, vulnerability reporting, and remediation tracking. Driven by our comprehensive KnowledgeBase of known vulnerabilities, QualysGuard VM enables cost-effective protection against vulnerabilities without substantial resource deployment.

About Qualys

Qualys Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit www.qualys.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
More SolarWinds Attack Details Emerge
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/12/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).