In the ever-evolving landscape of cybersecurity, where attacks grow increasingly sophisticated, organizations must leverage every tool at their disposal to stay one step ahead. While CISOs and SecOps teams often focus on disciplines such as vulnerability detection, attack surface management, and threat intelligence, there’s an IT system dependency they often forget: the Configuration Management Database (CMDB). Traditionally viewed as an IT operations tool, the CMDB has long been associated with tasks like tracking hardware and software assets, managing configuration changes, and facilitating ..read more

Organizations are continuously seeking effective strategies to protect their digital environments. With over 26,000 vulnerabilities discovered last year, Qualys Vulnerability Management, Detection, and Response (VMDR) offers a comprehensive solution designed to meet the needs of both security and IT teams, aimed at simplifying the processes involved in mitigating these risks and strengthening security measures. Integral to this platform, the Qualys 5-Step Vulnerability Remediation Guide, complemented by a detailed dashboard, has been meticulously crafted to support current VMDR customers in re ..read more

Small and medium-sized businesses have increasingly become reliant on web applications – whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital technologies. The impact of the COVID-19 pandemic forced a surge in online business activity. Nevertheless, this digital transformation journey brings with it a host of cybersecurity challenges, ranging from data breaches to phishing attacks, which can devastate an SMB’s reputation, financial health, a ..read more

On March 25th, 2024, a critical security vulnerability was discovered in the LayerSlider plugin for WordPress, marked as CVE-2024-2879. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS score of 9.8 out of 10.0, is identified as an SQL injection vulnerability impacting LayerSlider versions 7.9.11 through 7.10.0.  Qualys Web Application Scanning released a QID 150868 to address CVE-2024-2879. The detection is part of the OWASP Top 10 Injection category. SQL injections have been getting a lot of visibility recently which we h ..read more

Introduction In today’s tech-driven world, cloud computing has completely changed how businesses store and manage their data. It offers many advantages, like flexibility, scalability, and cost savings, making it a go-to choice for organizations of all sizes. Keeping your data secure, especially in databases, is crucial, as cybercriminals always seek ways to gain unauthorized access to sensitive information. Ensuring your database’s safety in the cloud is a top priority. A data breach can be disastrous, leading to financial losses, legal trouble, and damage to your reputation. Understanding com ..read more

NCSC details the importance of having asset management and remediation as key requirements of a successful VM program. “A vulnerability management process shouldn’t exist in isolation. It is a cross-cutting effort and involves not just those working in IT operations, but also security and risk teams.” In its recent vulnerability management guidance, the UK’s National Cyber Security Centre (NCSC) provided five vulnerability management principles. This guidance is intended to help all organisations, from small and medium businesses to enterprises and the public sector, understand where to focu ..read more

How Qualys Cybersecurity Solutions Ensure Compliance The European Union’s revised Network and Information Security (NIS2) Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple with the complexities of compliance, Qualys offers a suite of powerful cybersecurity solutions that can help streamline the process and ensure adherence to NIS2 requirements. The NIS2 Directive expands upon its predecessor, NIS1, by widening the scope of covered entities and introducing more stringent cy ..read more

QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do.   While there are many ways defenders can reduce their MTTR and improve their odds against attackers, perhaps none are as important as achieving an effective risk-based approach to vulnerability prioritization. However, this is easier said than done. Here’s why:  The industry-standard cataloging doctrine of Common Vulnerabi ..read more

Qualys is proud to announce that our Endpoint Detection & Response solution has earned top certifications from two of the most respected independent anti-virus testing organizations – SE Labs and AV-Test. These prestigious validations underscore Qualys’ mission to deliver best-in-class malware protection as part of our comprehensive endpoint security capabilities. The Necessity of Third-Party Testing While Qualys has long been recognized as a trusted provider of innovative and effective cybersecurity solutions, we understand the importance of independent testing. It instills confidence ..read more

What is File Access Monitoring (FAM)? FAM is a security practice that involves tracking and logging access to sensitive files. FAM should be included with any File Integrity Monitoring (FIM) solution to trigger alerts when critical host files not intended for regular use are accessed. Importance of FAM in regulatory compliance Data compliance regulations such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Sarbanes-Oxley Act (SOX), and Health Insurance Portability and Accountability Act (HIPAA) require that organizations monitor how sensitive data is a ..read more