June 2009 Archives

Retired four-star General Peter Pace, USMC has joined the Qualys Board of Directors. With four decades of distinguished Marine Corps service, most recently as the 16th Chairman of the Joint Chiefs of Staff of the U.S. Military, General Pace brings expertise and interest in cyber-security and geo political issues to help guide Qualys expansion within state and government agencies.  

"Cyber-security threats have become a national priority and I look forward to working with the Qualys team to provide strategic guidance around the issues that affect IT security and foreign and domestic governance," said General Pace.

"We are honored to have General Pace join the Qualys Board of Directors and look forward to working with him," said Philippe Courtot, CEO of Qualys. "His long and highly-regarded service history and global perspective will help us better understand and address security

requirements in state and government agencies." 

Read More

With its six casinos offering more than 340,000 square feet of gaming space outfitted with 7,000 slot machines and 400 gaming tables, 1,416 guest rooms, meeting space and conference rooms, needed to find the most, efficient way to discover and fix system vulnerabilities, and to maintain regulatory compliance. 

Central to running its enterprise and IT infrastructure is making sure Foxwoods casino's financial, ERP, guest management, and Web site stay up and running free from viruses, spyware, and criminal hacks. Also, because Foxwoods accepts reservations online, and even runs its own online shopping site - it must comply with the Payment Card Industry Data Security Standard (PCI DSS).

"QualysGuard is our main tool for PCI compliance. It's fully automated and helps with many of the tasks associated with PCI, from assessing relevant systems to providing full reports to the acquiring bank," says Leonard A. Szczygiel, Network Engineer, at Foxwoods. "And we needed a clear way to quantify the security information we were telling our management about. We would discuss the risks of not patching certain systems, and management wouldn't really get what we were trying to explain to them.  Now thanks to the QualysGuard, they do." 

Click here to read more about how Foxwoods Resort Casino assesses and report its PCI

compliance.

Ignite Media Solutions, a marketing services firm, collects and processes Level 1 payment information for its clients. With multi millions of transactions annually, Ignite must remain compliant to the Payment Card Industry Data Security Standard (PCI DSS).

In order to operationalize its IT security and PCI compliance program, Ignite deployed network monitoring, log management, and file integrity monitoring software while the central solution to these efforts is managing proactively all of the software vulnerabilities, configurations, and security policies of its IT systems.

"The quality of Qualys' PCI DSS certification documentation set it apart from its competition," said Mike DeMatteo, PCI Compliance Administrator for Ignite Media Solutions. "The documentation makes applying QualysGuard to the PCI requirements a no-brainer. The other companies I researched didn't do this; it was like pulling teeth to just find out what PCI requirements the others actually covered. Qualys just pulls it all together, making it so easy that one doesn't have to be an information security expert to attain PCI compliance. It's easy to use, does network discovery and mapping, and its dashboard provides the information we need."

When it comes to software vulnerabilities, 2008 will go down as a seminal year. It turned out to be a year when the types of applications targeted by attackers shifted, and we witnessed a significant rise in both the number of vulnerabilities discovered and the number of vulnerabilities found in web applications.

Consider this: Though there was an overall 15 percent rise in vulnerabilities discovered last year, 60 percent of those uncovered were web application flaws. The biggest jump in that class of vulnerabilities was seen in SQL-injection flaws, which doubled year over year. And while desktop and client-side software still is targeted heavily, Microsoft Office's Excel spreadsheet application had the most number of critical vulnerabilities within that productivity suite. In addition, 11 percent of web vulnerabilities were cross-site scripting flaws, while all other web related vulnerabilities accounted for 26 percent of the total.

One of the most important trends last year was a surge in critical server vulnerabilities that don't require user intervention to exploit, such as CVE 2008-1447, which described a weakness in the DNS protocol that made it possible to conduct DNS cache poisoning attacks. In this type of attack, name servers can be made to send users to an incorrect, even malicious, host web site, e-mail server, and redirect other types of traffic to systems under the attacker's control.

Read Full Article

Security executives and thought leaders from leading organizations presented their security and compliance best practices at the Qualys booth during RSA '09. Each speaker discussed how they are using Qualys' security-as-a-service suite to secure their organization and comply with industry regulations. Full presentations can be seen here:

• Best Practices for a Successful VM Program
  Tim Proffitt, Technology Security and Risk Compliance Specialist, Administaff
• Deploying VM and PC Solutions at Cisco
  Doug Dexter, Audit Lead, Cisco
• Building a Full Life Cycle Program for Security and Compliance
  Kam Golpariani, Director of Security Operations, First Advantage
• Using CVSS to Monitor Risk and Prioritize Remediation in a Healthcare Organization
  Rich Seiersen, Principle Solutions Engineer, Kaiser Permanente

Listen to David French and Bill Olson, as they provide an overview on the QualysGuard Security + Compliance Suite and the benefits of the SaaS model:

• QualysGuard Security + Compliance SaaS Suite, David French, VP of US Field Operations, Qualys
• QualysGuard Security + Compliance SaaS Suite, Bill Olson, Field Operations Director, Qualys