member sign-in
Forgot password? Create new account Close

Security Management


Managing computer and network security programs has become an increasingly difficult and challenging job. Dramatic advances in computing and communications technology during the last years have redirected the focus of data processing from the computing center to the terminals in individual offices and homes. The result is that managers must now monitor security on a more widely dispersed level. These changes are continuing to accelerate, making the security manager’s job increasingly difficult.

The information security manager must establish and maintain a security program that ensures three requirements: the confidentiality, integrity, and availability of the company’s information resources.

Vulnerability Assesment

Vulnerability Assessment tools (also known as Vulnerability Scanners) are batch-level products that scan servers, workstations, other devices, and applications to uncover security vulnerabilities. The scan information is compared with a database of known security holes (vulnerabilities) ...

Web Application Scanning

A Web Application Scanner is an automated security program that searches for software vulnerabilities within Web applications. A Web application scanner first crawls the entire website, analyzing in-depth each file it finds, and displaying the entire website structure. After ...

Penetration testing software

A penetration test is a proactive and authorized attempt to evaluate the security of an IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and even risky end-user behavior. These ...

Patch and Remediation Management

: Patch management is an area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Patch management tasks include: maintaining current knowledge of available patches, deciding what patches ...

Security Event Management / Logging

Security Information and Event Management(SIEM) solutions are a combination of the formerly disparate product categories of: - SEM (security event management) analyzes security event data in real time (for threat management, primarily in network events) - SIM (security ...

Digital Forensics

Digital forensics(sometimes Digital forensics science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.The term was originally used as a synonym for computer forensics but ...

Firewall Assurance and change control

This kind of solution helps prioritize security risks in an organization by automatically collecting and analyzing configuration data about network topology. It provides the possibility of identifying firewall conflicting rules and potential network threats that cause security ...

Risk Management

A Risk Management solution offers the possibility of identifying most critical IT risks in an organization and provides a remediation solution by automatically collecting configuration data from firewalls, routers, load balancers as well as from threat feeds, vulnerability ...

Web Fraud Detection

Web Fraud Detection (WFD) is a set of services or a software product that detects and prevents fraud activities over the web. WFD market vendors use one or both of the following methodologies to detect fraud: •  Rule-based -  based on what is known at ...


  • Apache Struts Jakarta Multipart parser Remote Code Execution ( CVE-2017-5638 )

    Update March 11, 2017: A new update to QID 11771 for detecting Apache Struts vulnerability CVE-2017-5638 has a unique detection method which makes it more reliable and less prone to false negatives. Update March 9, 2017: Via custom security rules, Qualys WAF detects and blocks attacks that try to exploit this vulnerability. A remote code execution vulnerability exists in Apache Jakarta multipart parser, CVE-2017-5638. If exploited, this issue can allow attacker to remotely and without need of any credentials take complete control of the system. Needless ...

    read all
  • It's Time to Align Your Vulnerability Management Priorities With the Biggest Threats

    Take the Threat-Centric Approach to Vulnerability Prioritization IT security leaders should refocus their attention on how vulnerabilities are being managed and should track this metric to provide visibility as to how to reduce the biggest risks of being breached. Download the report to see Gartner analysis and recommendations to overcoming key challenges of vulnerability management including: The exploitation of known, but unmitigated, vulnerabilities is the primary method of compromise for most threats. Meanwhile, "zero days" are only approximately ...

    read all
  • Three Security Lessons after WikiLeaks’ Latest Revelation

    This week, WikiLeaks once again dominated headlines after releasing what they claim are thousands of documents describing tools and strategies used by the CIA to conduct cyber intelligence gathering. WikiLeaks is collectively referring to the documents as “Vault 7.” This latest revelation – while not necessarily surprising to those in the cybersecurity world –highlights three major issues in cybersecurity: Insider threats are, and will continue to be, a major challenge for governments and private companies. High-quality unknown ...

    read all
  • HPE Security Fortify continues to be a leader in Application Security Testing!

    The 2017 Gartner Magic Quadrant for Application Security Testing (AST) was just released. As the first AST vendor to provide capabilities in SAST, DAST, IAST and RASP, HPE Security Fortify continues to lead through innovation--taking a leadership position in Application Security Testing for the 7th year in a row!This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from HPE. According to Gartner, Leaders in the ...

    read all
  • Complying with the General Data Protection Regulation: A Guide for Security Practitioners

    The General Data Protection Regulation or GDPR is the latest amplification of the European Unions data security requirements that articulates measures to protect individuals and holds organizations accountable for data security. When it goes into effect, GDPR can apply widely to various organizations, including many without a physical presence in the European Union. In this webcast, we will explore this lengthy, complex regulation by focusing on the key steps your organization needs to take in order to comply. This includes how to get ready for the regulation; ...

    read all