Free Qualys Security Scan Available for the New SANS Top 20.New Zero-Day and Client-Side Application Vulnerabilities Scan Available at https://sans20.qualys.com LONDON -- Qualys, Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced the availability of a free network scanning service to help companies find and eliminate vulnerabilities listed in the annual SANS Top 20 update for 2006 that was announced earlier today. The SANS Top 20 is designed by the SANS Institute The SANS Institute (SysAdmin, Audit, Networking, and Security) is a trade name owned by the for-profit Escal Institute of Advanced Technologies. SANS provides computer security training, professional certification, and a research archive. and security experts from industry and government to provide organizations with a prioritized list of newly discovered exposures to their networks. Qualys' free scan for the 2006 SANS Top 20 is available at https://sans20.qualys.com. "Our list of the top 20 vulnerabilities does no good at all unless companies discover whether their computers can be compromised and fix the ones that have the vulnerabilities," said Alan Paller, director of research, SANS. "I have been enormously appreciative of Qualys, both for helping to research the Top 20, and for making a free testing tool available that tells businesses and government agencies whether their systems are vulnerable to the Top 20." In addition to identifying vulnerabilities in Windows and UNIX UNIX Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). categories, this year's Top 20 demonstrated a shift from server-side to client-side vulnerabilities and includes categories for zero-day vulnerabilities and highlights the most important Microsoft Office Microsoft's primary desktop applications for Windows and Mac. Depending on the package, it includes some combination of Word, Excel, PowerPoint, Access and Outlook along with various Internet and other utilities. and Web application exploitable vulnerabilities. These changes further reflect the increase in exploits for malicious or personal gain, such as targeting military and government contractor A government contractor is a private company that produces goods or services under contract for the government. Often the terms of the contract specify cost plus – i.e., the contractor gets paid for its costs, plus a specified profit margin. sites using phishing attacks. The full SANS report can be found at http://www.sans.org/top20. "The SANS Top 20 list is an important tool in helping businesses prioritize their efforts to address security vulnerabilities," said Amol Sarwate, manager of the Vulnerability Lab at Qualys and a contributing member to the SANS Top 20. "As a service to our customers and the security community as a whole, Qualys supports the SANS Institute and we are glad to share our research in vulnerability management to help organizations address the increasing threats in client-side and application vulnerabilities, and criminal-based attacks." Sarwate, along with other experts in the community, provided contributions to the development of the SANS Top 20 list and presented on the topics of client-side vulnerabilities and zero-day threats at the SANS Top 20 event in London on Wednesday. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the Top 20 list, the shift from server-side to client-side vulnerabilities continues to be an increasing trend, as are attacks by cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. criminals for financial gain. And, according to the SANS Institute, there has been a significant surge in the number of online criminals in Asian countries, as well as Eastern European initiated attacks. As a result, several banks have reported 400 to 500 percent increases in losses to cyber fraud from 2005 to 2006. Qualys' on demand model provides customers with immediate vulnerability updates, such as the Top 20 listing, without the need for installing software or building out additional infrastructure. In addition to the free scan, the QualysGuard[R] service detects new exposures in the SANS Top 20. About Qualys Qualys, Inc., the leader in on demand vulnerability management and policy compliance, serves more than 2,400 enterprise subscribers around the world, including 200 of the Forbes Global 2000. Qualys global customers include AXA AXA Anguilla, Anguilla (Airport Code) AXA Alpha Chi Alpha AXA Animal Crossing Ahead (online forum community/guide to the game Animal Crossing) AXA Auxiliary Artery , DuPont, eBay, ICI (language) ICI - An extensible, interpretated language by Tim Long with syntax similar to C. ICI adds high-level garbage-collected associative data structures, exception handling, sets, regular expressions, and dynamic arrays. Ltd., Kaiser Permanente Kaiser Permanente is an integrated managed care organization, based in Oakland, California, founded in 1945 by industrialist Henry J. Kaiser and physician Sidney R. Garfield. , Novartis and Oracle. Qualys' on demand platform is delivered and supported by strategic partners and managed security service providers around the world, including IBM Global Services IBM Global Services is the world's largest business and technology services provider. It is the fastest growing part of IBM, with over 190,000 professionals serving customers in more than 160 countries. , Symantec, BT and Fujitsu. Qualys is headquartered in Redwood Shores, California Redwood Shores is an upscale and desirable [1] waterfront neighborhood on the San Francisco Peninsula in California. It is located on the eastern edge of Belmont, but is actually part of incorporated Redwood City. , with business units in Europe and Asia. For more information, please visit www.qualys.com. Qualys, the Qualys logo, and QualysGuard are trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion