Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Qualys Web Application Firewall 2.0 Brings Virtual Patching, Event Response

Qualys today announced the availability of version 2.0 of the company’s Web Application Firewall (WAF). The latest version of the solution comes with several new features designed to help organizations address web application security issues.

Qualys today announced the availability of version 2.0 of the company’s Web Application Firewall (WAF). The latest version of the solution comes with several new features designed to help organizations address web application security issues.

Qualys WAF is a cloud-based service designed to block website attacks in real time. The solution is capable of handling web server vulnerabilities, application framework issues, improper configurations, and coding faults.

Fully integrated with the Qualys Web Application Scanning (WAS) solution, Qualys WAF 2.0 enables companies to create “virtual patch” rules based on vulnerability information delivered by WAS. This virtual patching feature helps Qualys customers fine-tune their security policies, customize WAF security rules for web applications, and quickly remove false positives.

In an effort to help organizations with prioritizing and mitigating vulnerabilities, Qualys WAF 2.0 introduces customizable event response capabilities. This functionality allows customers to create exceptions to certain types of web events.

Qualys WAF is easy to deploy and configure even without a dedicated security staff, Qualys said. The Qualys console allows customers to centrally manage the web application firewall from any location.

“Many organizations are struggling to find a balance between identifying and effectively addressing vulnerabilities fast enough to avoid falling victim to large-scale breaches,” noted Philippe Courtot, chairman and CEO of Qualys. “By integrating security rules and policies from our WAF solution with Qualys WAS data, we are providing significant value to our customers with the flexibility and automation needed to tackle web application security threats. It’s a giant step towards complete automation of web application security.”

Pricing for an annual subscription for Qualys Web Application Firewall starts at $1,995 for small businesses and $9,995 for larger enterprises, depending on the number of web apps and virtual appliances they have. Organizations can also register for a free trial.

At the RSA Conference, Qualys also unveiled its Cloud Agent Platform (CAP). The solution is designed to help companies assess and resolve the security and compliance of IT assets on mobile endpoints, on-premise, and in cloud environments.

Qualys CAP is currently available for trial on the Windows platform. The company says the service will go live on May 15 for Windows, and in the third quarter for Unix and OS X.

Qualys also announced today the expansion of the Qualys Continuous Monitoring solution with internal monitoring capabilities. According to the security firm, the new feature enables organizations to proactively identify potential threats, and accelerate incident response time.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

ICS/OT

Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

ICS/OT

The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.

Incident Response

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations...

Data Protection

Artificial intelligence is more artificial than intelligent.