Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Exploitability Database Added To Vulnerability Management Software

Qualys : 28 July, 2010  (New Product)
The QualysGuard product now offers improved vulnerability management with the includes of exploitability data from a number of vendors
QualysGuard Vulnerability Management (VM) now includes correlated exploitability information from real-time feeds to provide customers with up-to-date references to exploits and related security resources. With this new feature, customers running vulnerability scans can easily view the latest correlated exploits from third party vendors including Core Security, Immunity, and related exploit information from Metasploit and The Exploit-DataBase. This helps customers to prioritise remediation activities according to risk assessment performed by the correlated running exploits.

Previously, when running vulnerability scans, customers would get a list of Common Vulnerabilities and Exposures (CVEs), and have to manually look up exploits for each CVE, taking up the time and energy of security staff or consultants. Now, QualysGuard VM scans automatically, producing a list of correlated exploits for each CVE, using the most comprehensive databases of tested exploits from Core Security, Immunity, The Exploit-DataBase or Metasploit, enabling customers to quickly and easily assess the impact of each vulnerability from a risk standpoint, helping them prioritise their remediation plans. The exploit information can also be included in scanning reports, providing a more complete view of security risk. Customers who use these penetration testing tools can also produce actionable reports to apply the exploits on target hosts.

"Qualys' work with penetration test vendors eliminates the manual process of linking vulnerabilities to exploits," said Wolfgang Kandek, CTO of Qualys. "This provides security professionals and consultants a clearer view of the exploitability of their IT assets so they can spend more time remediating issues and proactively planning their security strategies."

The new exploitability correlation feature includes:

* Live exploit feeds from Core Security, Immunity (and their partners Agora, Dsquare, Enable Security, White Phosphorous), Metasploit and The Exploit-DataBase. Customers can choose the source of exploit data.

* An "Exploitability" column in the QualysGuard KnowledgeBase indicating whether exploitability information is available for the vulnerability from third party vendors and/or publicly available sources.

* Exploit details for any vulnerability selected, including the CVE reference, a description of the exploit provided by the source and a link to the exploit when available.

* The ability to include exploitability information for vulnerabilities in scan reports.

"For years Core has lead the way in the integration between scanning and security testing solutions, and customers have been using the integration between QualysGuard and IMPACT Pro to enhance and improve their vulnerability management processes," said Fred Pinkett, vice president of product management at Core Security. "This new level of information available will provide QualysGuard users with more valuable and useful information to help prioritise remediation and make their security programs more effective and efficient."

"With today's growing threat landscape and corporate adoption of new computing architectures, it is more important than ever to proactively plan security measures to protect valuable company data," said Justine Aitel, CEO for Immunity. "By integrating the exploit information from Immunity CANVAS with vulnerability information from QualysGuard VM, we are providing joint customers with a single solution that will enable them to definitively understand their existing exposure. This approach will enable organisations to effectively prioritise remediation efforts therefore increasing the coordination between the Security and IT Operation Teams."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo