47 matches found
How Qualys Drives PCI DSS 4.0 Compliance for File Integrity Monitoring
The Payment Card Industry Data Security Standard PCI DSS is a well-known rule for compliance by merchants and entities involved in payment card processing. The new PCI DSS 4.0 standard specifies a broad range of technical and process requirements to ensure the safety of payment cardholder data or...
Protecting your business with Wazuh: The open source security platform
Today, businesses face a variety of security challenges like cyber attacks, compliance requirements, and endpoint security administration. The threat landscape constantly evolves, and it can be overwhelming for businesses to keep up with the latest security trends. Security teams use processes an...
Is your FIM Solution Cost and Time Efficient?
Virtually every security professional and corporate executive is painfully aware of recent escalations in cybersecurity threats. No one wants to be a headline or get hit with the typical $4.5 million price tag to remediate an incident IBM Study. Almost every security team will agree that file...
Threat hunting with MITRE ATT&CK and Wazuh
Threat hunting is the process of looking for malicious activity and its artifacts in a computer system or network. Threat hunting is carried out intermittently in an environment regardless of whether or not threats have been discovered by automated security solutions. Some threat actors may stay...
A Free Solution to Protect Your Business from 6 Biggest Cyber Threats in 2022
For the last few years, the cybersecurity threat landscape has gotten progressively more complex and dangerous. The online world is now rife with data thieves, extortionists, and even state actors looking to exploit vulnerabilities in businesses' digital defenses. And unfortunately — the bad guys...
Has your WordPress site been backdoored by a skimmer?
Skimmers and other threat actors are backdooring websites, and WordPress instances in particular, according to a recently released report. Researchers at Sucuri say attackers have developed methods to make sure that their grip on the infected site is not easily removed by applying the next update...
SANS Experts: 4 Emerging Enterprise Attack Techniques
In a recent report, a panel of SANS Institute experts broke down key takeaways and emerging attack techniques from this year’s RSA Security Conference. The long and short of it? This next wave of malicious methodologies isn’t on the horizon — it’s here. When it comes to supply-chain and ransomwar...
Reinforce Defense with File Reputation and Trusted Source Intelligence in Qualys FIM
Monitoring change events in the file system is both a crucial aspect of security and a critical compliance requirement. A file integrity monitoring tool functions as an essential layer of defense to identify illicit activities across critical system files and registries, diagnose changes, and sen...
Solorigate/Sunburst : FireEye Breach Leveraged SolarWinds Orion Software
Update Dec 23, 2020: Added new section describing how to reduce risk with File Integrity Monitoring. Update Dec 22, 2020: FireEye Red Team tools & Solorigate/SUNBURST On December 13, SolarWinds released a security advisory regarding a successful supply-chain attack on the Orion management platfor...
Qualys Adds Cloud Agent Linux Support for AWS ARM-Based EC2 Instances
Releasing this week May 26, 2020, Qualys adds Cloud Agent Linux support for Amazon Web Services EC2 instances powered by ARM processors including the new Graviton2 processor. AWS Graviton2 processors power Amazon EC2 M6g, C6g, and R6g instances that provide up to 40% better price performance over...
Real-Time Alerting and Incident Management for Unauthorized Changes
The security landscape is constantly changing, and you need to adopt proactive measures to stay ahead of security breaches by being extremely vigilant about every little change in your environment. In our previous blog, we discussed how you can leverage the ready-to-use monitoring profiles in you...
Intuitive and Ready-to-Use Monitoring Profiles for Compliance Regulations
Detecting changes from a baseline established for files and file paths and receiving instant alerts about them is crucial to ensure security within a monitored environment. File tampering is an indicator of illicit activity, and authorized users must be alerted whenever changes in a critical file...
Detect Unauthorized Processes Making Changes in Your Environment with Qualys File Integrity Monitoring
With the average cost of a data breach exceeding $3.5 million as per Cost of a Data Breach Report, almost all organizations these days adopt stringent policies in order to safeguard their confidential business and customer information. Strong RBAC-driven systems have certainly made it difficult f...
Streamlining and Automating Compliance
There are seemingly countless regulatory and industry frameworks out there that organizations have to navigate and comply with. SOX Sarbanes-Oxley, PCI-DSS Payment Card Industry Data Security Standard, GDPR General Data Protection Regulation, HIPAA Health Insurance Portability and Accountability...
Gain the Trust of Your Business Customers With SOC 2 Compliance
In today's business environment, data is what matters most. It matters to organizations that monetize it into operational insights and optimisations, and it matters the threat actors that relentlessly seek to achieve similar monetisation by compromising it. In the very common scenario in which...
Proper File Integrity Monitoring Critical in Light of Big Breaches & Regulatory Pressure
In light of the recent mega data breaches that have plagued our market over the last year, and the continued escalation of attempted cyberattacks against critical systems during peak periods i.e. the retail sector POS and payment systems, reported in the Carbon Black Threat Analysis Unit TAU...
GDPR Is Here: Put File Integrity Monitoring in Your Toolbox
In this latest post of our series on the EU’s General Data Protection Regulation, we’ll explain how file integrity monitoring FIM can be crucial in helping organizations comply with this severe regulation. GDPR, which went into effect in May and applies to organizations worldwide that handle EU...
Put FIM in Your GDPR Toolbox
File integrity monitoring, like other foundational security practices such as vulnerability management, helps organizations comply with the EU’s General Data Protection Regulation GDPR. FIM specifically provides security controls in three key areas for GDPR: Ensuring integrity of data stored in...
Qualys Cloud Platform 2.32 New Features
This release of the Qualys Cloud Platform version 2.32 includes updates and new features for AssetView, EC2 Connector, File Integrity Monitoring, Indication of Compromise, Security Assessment Questionnaire, Web Application Scanning, and Web Application Firewall, highlights as follows. Post update...
If You Think File Integrity Monitoring is Boring, Think Again
You’ll be hard pressed to find file integrity monitoring on any list of cool, emerging, cutting-edge cybersecurity technologies. But if you choose to ignore this mature, foundational technology, it’ll be at great risk. File integrity monitoring, or FIM, plays a key role in critical security and...