New additions to Qualys

July 25th, 2017 by admin Leave a reply »

As per the new announcement, Qualys is upgrading its Software-as-a-Service cloud platform. It now provides customers with new cloud security and SSL/TLS certificate security abilities.

“CloudView a is an entirely new module built on the Qualys Cloud Platform,” Hari Srinivasan, Director of Product Management, Qualys, told eSecurityPlanet.

“CloudView is a new app framework in the Qualys Cloud Platform for a comprehensive and continuous protection of cloud infrastructure.”

Srinivasan mentioned that Cloudview has multiple apps which includes Cloud Inventory and Cloud Security Assessment, Cloud Inventory (CI) and Cloud Security Assessment (CSA).

CI and CSA provides a continuous security of public cloud infrastructure.

“These two apps allow teams to gain critical insights into these cloud resources and their security posture across them,” Srinivasan said.

The company provides insight into SSL/TLS certificate status and deployment.

“SSL Labs does not however store this data for later use,” Asif Karel, Director of Product Management at Qualys, told eSecurityPlanet. “CertView is a commercial offering intended for enterprise customers who will not only benefit from similar assessments of their public as well as internal servers and services, they will also be able to create and maintain an inventory of the certificates deployed in all of their environments and critical infrastructure.”

Karel also mentioned that the customers will be able to find the flaws in the certificate and related dangers

“The grading calculation highlights the support, or lack of support, for mechanisms such as HSTS that prevent protocol downgrade attacks as well as other TLS related vulnerabilities,” Karel said.

HTTP Strict Transport Security (HSTS) is a configuration on a webserver that only allows pages to be served over SSL/TLS as HTTPS.

The market is changed due to the arrival of free Let’s Encrypt. But it has a drawback which karel mentioned.

“Unsuspecting users might think they are communicating with trustworthy sites because the identity of the site has been validated by a CA (Certificate Authority), without realizing that these are just domain validated certificates with no assurance about the identity of the organization that owns the site, Karel said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.

Leave a Reply