Philippe Courtot

Qualys, Inc., a pioneer and renowned provider of cloud-based security and compliance solutions, announced its research team, using the Qualys Cloud Platform, has identified 7.54 million vulnerabilities related to FireEye Red Team assessment tools and compromised versions of SolarWinds Orion, tracked as Solorigate or SUNBURST, across its 15,700-member customer base. Of the vulnerabilities identified, researchers noted that across 5.29 million unique assets most are related to the FireEye Red Team tools. These findings highlight the scope of the potential attack surface if these tools are misused. The research team further identified that 99.84% of the 7+ million vulnerability instances are from eight vulnerabilities in Microsoft software that have patches available. IT and security organisations Qualys' solution draws from its native security and compliance platform to deliver vulnerability management" To help mitigate risk and exposure from this breach, Qualys is providing IT and security teams free 60-day access to its integrated Vulnerability Management, Detection and Response service, which leverages the power of the Qualys Cloud Platform. More information can be found on the Qualys advisory blog. “The Qualys free solution provides much-needed visibility and response in a single app that many need at a time when IT and security organisations around the world are scrambling to shore up their systems,” said Frank Dickson, Program Vice President, Security and Trust at IDC. Deliver vulnerability management “Qualys' solution draws from its native security and compliance platform to deliver vulnerability management, detection and response, the ability to detect malware, and the integrity of files. It is great solution, easy to use and deploy, and it’s hard to beat as it is free.” “The scope of this nation-state attack is massive, as overnight a widely used and trusted piece of software turned into known malware,” said Sumedh Thakar, President and Chief Product Officer at Qualys. Full situational awareness Qualys teams have been actively researching the issue and helping customers assess their environments" “Since its discovery, Qualys teams have been actively researching the issue and helping customers assess their environments. The good news is that nearly all of the CVE’s are patchable, and we’ve made this solution available to the industry so they can immediately work to protect themselves from being exploited by these vulnerabilities.” Qualys is offering a fully functional licence free for 60 days. The licence enables full situational awareness, detection, and remediation to reduce risk and exposure from the SolarWinds and FireEye breaches. It includes: Real-time, up-to-date inventory and automated organisation of all assets, applications, and services running across the hybrid-IT environment Continuous view of all critical vulnerabilities and their prioritisation based on real-time threat indicators and attack surface Automatic correlation of applicable patches for identified vulnerabilities Patch deployment via Qualys Cloud Agents with zero impact to VPN bandwidth Security configuration hygiene assessment to apply as compensating controls to reduce vulnerability risk Unified dashboards that consolidate all insights for management visualisation via a single pane of glass Integrated security solution “As our teams assessed the very sophisticated SolarWinds / FireEye nation-state attack, we realised that we could help the industry through our very powerful unified Cloud Platform. The integrated security solution provides real-time visibility across the entire global and hybrid IT environment allowing it to detect and prioritise critical vulnerabilities, identify malware and effectively respond all from one single pane of glass,” said Philippe Courtot, Chairman and CEO of Qualys.

Qualys, Inc., a pioneer and globally renowned provider of cloud-based security and compliance solutions, has announced the establishment of a new cloud platform in particular for the United Arab Emirates (UAE) region. With nine locations across the globe, Qualys is expanding its highly scalable cloud platform that powers Qualys’ suite of integrated IT, security, and compliance cloud apps including its latest VMDR (Vulnerability Management, Detection and Response) and Multi-Vector EDR Solutions. Qualys Cloud Platform Uniquely, the Qualys Cloud Platform provides real-time visibility across the entire hybrid environment Uniquely, the Qualys Cloud Platform provides real-time visibility across the entire hybrid environment from on premises, endpoints, mobile, containers, cloud(s) and OT and IoT environments via an array of sensors and connectors that bring the telemetry required to provide continuous 2-second visibility across all IT assets. In addition, the Qualys Cloud Platform automatically builds a comprehensive Global IT Asset Inventory that is continuously updated in real-time and can be synchronised with CMDBs providing a single and accurate ‘source of truth’ for companies of all sizes. Global IT Asset Inventory Furthermore, Qualys also hosts private versions of its cloud platform where 82 companies host the cloud on premises and store data locally, such as the cloud recently announced in partnership with Digital China. The Qualys Cloud Platform in the UAE will support several local compliance requirements, such as the Abu Dhabi Systems and Information Centre’s (ADSIC) Information Security Policy and the UAE Information Assurance Regulation. It will also allow Qualys’ partners, such as managed service providers, the opportunity to offer cloud services to sectors that are highly regulated. Seamless access to key tools and business intelligence “In today’s global digital economy, the competitiveness of nations is dependent on their ability to leverage technology in ways that set them apart,” said Andy Ward, Senior Vice President - ICT Business at du, adding “The UAE’s cloud-first strategy, as set out in the Telecommunication Regulatory Authority’s guidelines of 2018, calls for the establishment of a regional data hub. As such, we commend Qualys for pursuing its vision to launch a UAE-based cloud-services platform.” Andrew continues, “This move aligns with our own strategy to work with the most reputable vendors and ensure businesses across the region have seamless access to the tools and intelligence they require to build innovative ecosystems. Innovation is the gateway for Middle Eastern companies to continue thriving in the new digital landscape. Looking ahead, a host of possibilities await organisations with support from Qualys UAE Cloud.” Built on cloud-native containerised architecture The Qualys Cloud Platform is built on a cloud-native, micro services-based, containerised architecture" Philippe Courtot, Chairman and CEO, Qualys, Inc. stated “The Qualys Cloud Platform is built on a cloud-native, micro services-based, containerised architecture that delivers an extensible, scalable, powerful experience.” Phillippe adds, “And, above all, the cloud platform provides real-time visibility across the entire global and hybrid IT environment, thereby allowing detection and prioritising critical vulnerabilities, identify malware and effectively respond all from one single pane of glass. We are very happy to now deploy another instance of our Global Cloud Platform in the UAE.” Critical security intelligence The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance, and protection for IT systems and web applications across on premises, endpoints, cloud, containers, and mobile environments. Qualys Inc. helps organisations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings.