Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Qualys Adds Vulnerability Prediction Capabilities To QualysGuard Platform

Cloud-based security and compliance solutions provider Qualys has updated two of its products to help administrators better manage vulnerabilities and mitigation, the company said Wednesday at its own Qualys Security Conference in Las Vegas.

Qualys IPO

Cloud-based security and compliance solutions provider Qualys has updated two of its products to help administrators better manage vulnerabilities and mitigation, the company said Wednesday at its own Qualys Security Conference in Las Vegas.

Qualys IPO

Qualys added vulnerability prediction capabilities and threat reports for analyzing zero-day vulnerabilities and Microsoft updates in its QualysGuard Vulnerability Management platform, the company said. Along with the Vulnerability Management update, Qualys also released new features in QualysGuard Cloud Platform that will allow organizations to improve vulnerability exception management during reporting and remediation, the company said.

The update to QualysGuard Cloud Platform will allow customers to increase the efficiency of their vulnerability management and policy compliance programs and reduce the cost of securing IT assets, Qualys said. The latest update also supports continuous scanning and allows security teams to configure a scheduled scan task which launches automatically once the previous task is complete, the company said. A scanner calendar offers users a visual layout of scans that have already run as well as future scheduled tasks.

“With this release, we continue to enable customers to further automate their vulnerability management programs and streamline their compliance initiatives,” Phippe Courtot, chairman and CEO of Redwood City, California-based Qualys, said in a statement.

The QualysGuard Cloud Platform includes improved remediation workflow with automatic vulnerability exception handling. Customers would be able to manage expectations for vulnerabilities that cannot be fixed or need to be ignored during remediation. This improves exception management and prioritization of remediation efforts, the company said.

The company also added compliance scanning with non-administrative privileges on Windows systems. QualysGuard Policy Compliance processes data points retrieved during a scan using non-administrator type of accounts to generate a more thorough compliance report. Another compliance report identifies authentication issues during scans by displaying a list of hosts for which the process failed, Qualys said.

The QualysGuard Vulnerability Management reports give security professionals insight into zero-days and include “exposure ratings” for upcoming security patches, Qualys said. With these reports, security teams can plan and prioritize remediation tasks.

The new dashboard widget on QualysGuard Vulnerability Management provides easy-to-read views of the latest security bulletins from Microsoft. The widget also displays the percentage of potentially impacted IT assets in the network based on those bulletins, Qualys said. A vulnerability prediction report released for each Microsoft bulletin will list affected hosts broken down by asset groups. Security teams will be able to search, scan, and report on vulnerabilities over specific time periods.

Advertisement. Scroll to continue reading.

QualysGuard Predictive Analytics Screenshot

The bulletins are linked to detailed descriptions of the threat, impact and solutions, as well as potentially related known-exploits and malware. The threat reports will also provide security teams with the latest information and signatures for exclusive zero-day threats drawn from Verisign’s iDefense along with a list of IT assets within the customer’s network that may be potentially impacted by the zero-day, according to Qualys.

Qualys originally added a patch report in QualysGuard two years ago to help IT staff drive remediation efforts, Courtot said. The new capabilities provide “an innovative vulnerability prediction engine” that predicts potential impact of zero-day and Patch Tuesday vulnerabilities without needing to run additional scans, he said.

“Customers can take action the day of the release to minimize their risk of exposure,” Courtot said.

“Analyzing the impact of Patch Tuesday and zero-day vulnerabilities is a challenging task for IT departments,” said Charles Kolodgy, research vice president, Secure Products for IDC. Customers will be able to better assess their risk exposures and allocate needed resources to eliminate or mitigate threats,” Kolodgy said.

Updates are available immediately to all QualysGuard customers in the US and Europe. Pricing is by annual subscriptions based on the number of QualysGuard solutions and systems deployed.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.