26 matches found
FedRAMP High Authorized: Qualys TotalCloud CNAPP – From Compliance to Defense
Qualys TotalCloud has achieved FedRAMP High Authorization, marking a major milestone in delivering validated cloud security and compliance assurance for high-impact federal and regulated environments. Key Takeaways Qualys TotalCloud CNAPP is a FedRAMP High Authorized that enables continuous,...
What Makes a Vulnerability Management Dashboard Effective?
Let's be direct: a high CVSS score doesn't mean a vulnerability is a top priority for your organization. Attackers don't care about theoretical scores; they care about clear, exploitable pathways to your critical assets. If your vulnerability management dashboard is only showing you generic...
Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure
Misconfiguration, excessive privilege, and tool fragmentation remain the main reasons why enterprise cloud environments are breached. Recent reports on cloud-native application protection note that most incidents can be traced back to configuration or identity errors rather than platform flaws, a...
What Is a Threat Exposure Management Platform? A Guide
For years, vulnerability management has been like a doctor treating symptoms without a diagnosis. You get a report full of issues—a high temperature here, a cough there—and you try to treat the most severe ones first. But you lack the context to understand the root cause. Are these symptoms...
Agentic AI for 6G: A New Paradigm for Autonomous RAN Security Compliance
Agentic AI systems are emerging as powerful tools for automating complex, multi-step tasks across various industries. One such industry is telecommunications, where the growing complexity of next-generation radio access networks RANs opens up numerous opportunities for applying these systems...
AgenticCyber: A GenAI-Powered Multi-Agent System for Multimodal Threat Detection and Adaptive Response in Cybersecurity
The increasing complexity of cyber threats in distributed environments demands advanced frameworks for real-time detection and response across multimodal data streams. This paper introduces AgenticCyber, a generative AI powered multi-agent system that orchestrates specialized agents to monitor...
The 5-Step Exposure Remediation Automation Process
Security teams are often buried under a mountain of vulnerability alerts. The daily reality is a constant scramble to patch the most critical issues, leaving a massive backlog of lower-priority—but still dangerous—exposures. This reactive cycle is exhausting and unsustainable. It’s like trying to...
appsec-sentinel
AppSec-Sentinel AI-powered security scanner with cross-file...
Patch Automation for Browsers with TruRisk™ Eliminate
Recently, CISA added a Chrome zero-day vulnerability, CVE-2025-10585, to its Known Exploited Vulnerabilities KEV Catalog, confirming that threat actors are actively exploiting this high-severity flaw in real-world attacks. This vulnerability affects multiple web browsers that utilize the Chromium...
Steps to TruRisk™ – 5: Eliminate Risk and Lead with Confidence
“We shall not fail or falter; we shall not weaken or tire … Give us the tools and we will finish the job.” – Winston Churchill Every security team knows this truth: you can’t patch everything, and you can’t necessarily protect everything. Perfection is rare, but decisive execution can change...
Subverting AIOps Systems Through Poisoned Input Data
In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out...
Remediate WMI Class Corruption Errors with Qualys TruRisk™ Eliminate
When Windows Management Instrumentation WMI classes fail, it can disrupt critical security operations by causing vulnerability scans to miss important data and compliance reports to lack accuracy. These issues may lead to gaps in visibility, making it harder for security teams to maintain a...
Autonomous AI-Based Cybersecurity Framework for Critical Infrastructure: Real-Time Threat Mitigation
Critical infrastructure systems, including energy grids, healthcare facilities, transportation networks, and water distribution systems, are pivotal to societal stability and economic resilience. However, the increasing interconnectivity of these systems exposes them to various cyber threats,...
Qualys TotalCloud Wins “Best Cloud Security Product” at 2025 SC Awards Europe
We’re proud to announce that Qualys TotalCloud has been named “Best Cloud Security Product” at the 2025 SC Awards Europe —a recognition of our relentless drive to unify, simplify, and modernize cloud security for enterprises across the globe. In today’s complex multi-cloud world, securing...
Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)
In today’s cloud-first world, security and innovation go hand-in-hand. Rapid7 is excited to announce our support for Amazon Web Services’ AWS new Resource Control Policies RCPs, a powerful tool designed to bolster security controls for organizations using AWS infrastructure. As a launch partner f...
Unpacking 2024's SaaS Threat Predictions
Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Securit...
Unifying Threat Findings to Elevate Your Runtime Cloud Security
The widespread growth in cloud adoption in recent years has given businesses across all industries the ability to transform and scale in ways never before possible. However, the speed of those changes, combined with the drastically increased volume and complexity of resources in cloud environment...
Join Qualys at Black Hat USA 2022!
Need to get more security? As a Titanium Sponsor of Black Hat USA 2022 Qualys will be located front and center in Booth 1320 on the show floor. Stop by and visit us to learn about our latest techniques, best practices, and solutions for risk-based vulnerability management, external attack surface...
Automated remediation level 3: Governance and hygiene
Mold it, make it, just don’t fake it At a quick glance, it seems like the title of this blog is “government hygiene.” Most likely, that wouldn’t be a particularly exciting read, but we’re hoping you might be engaged enough to gain a few takeaways from this fourth piece in our series on automating...
Automated remediation level 1: Lock down fundamentals
Non-calamitous conclusions When teams work in silos, they often can have different interpretations of the same data. There’s no way to leverage the real benefits of automated remediation if this is your reality. Ensuring visibility across teams is a critical component in a shared data set where...