Qualys researchers have analyzed a large base of anonymous vulnerabilities and the company, with the VMDR suite, helps organizations quickly identify devices affected by vulnerabilities in SolarWinds Orion, SUNBURST Trojans and FireEye Red Team Tools, to correct and monitor results via dynamic dashboards
Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of highly innovative cloud-based IT security and compliance solutions, announced that its research team, using the Qualys Cloud Platform, has identified 7.54 million vulnerabilities related to security tools. FireEye Red Team evaluation and compromised versions of SolarWinds Orion, tracked as Solorigate or SUNBURST, analyzing the entire database of 15,700 customers.
The researchers noted that, among the vulnerabilities identified, out of 5.29 million unique assets, the majority are related to FireEye's Red Team tools. These findings highlight the scale of the potential attack surface if these tools are misused. The research team also identified that 99.84% of the more than 7 million vulnerability instances came from eight Microsoft software vulnerabilities that already have patches available.
To mitigate risk and exposure to this breach, Qualys is providing IT and security teams with free 60-day access to its integrated vulnerability management, detection and response service, leveraging the power of the Qualys Cloud Platform.
More information is available on the blog qualys.com/solarwinds-fireeye-advisory-blog-post.
“Qualys' free solution delivers the visibility and response many need, within a single application, at a time when IT and security teams around the world are working to harden their systems ", he has declared Frank Dickson, Program Vice President, Security and Trust di IDC. “Qualys' solution leverages its native security and compliance platform to deliver vulnerability management, detection, responsiveness and the ability to detect malware while maintaining file integrity. It is an excellent solution, easy to use, to implement and absolutely competitive, as it is free."
“The scale of this nationwide attack is enormous, as overnight, trusted and widely used software turned into quite notorious malware,” he said Sumedh Thakar, President and Chief Product Officer di Qualys. “Since it first appeared, Qualys teams have been actively researching the issue and helping customers evaluate their systems. The good news is that almost all security flaws (CVE – Common Vulnerabilities and Exposures) are patchable, and we offer our solution to companies, so they can work immediately to protect themselves from these vulnerabilities.”
Qualys offers a full, free 60-day license to seamlessly manage your situation from detection to remediation, reducing your risk and exposure to SolarWinds and FireEye breaches. The license includes:
- Inventory updated in real time, automated organization of all assets, applications and services running across the hybrid-IT environment
- Continuous visualization of all critical vulnerabilities and their priority based on threat indicators and attack surface in real time
- Automatic correlation of applicable patches for identified vulnerabilities
- Patch implementation via Qualys Cloud Agent with zero impact on VPN bandwidth
- Evaluation of the state of the security configuration to be applied as a compensating check to reduce the risk of vulnerability
- Unified dashboards that consolidate all information for management visualization through a centralized panel
“As our teams analyzed the highly sophisticated SolarWinds/FireEye attack, we realized we could help the industry with our powerful, unified Cloud Platform. The integrated security solution provides real-time visibility across your global and hybrid IT environment, allowing you to detect and prioritize critical vulnerabilities, identify malware and respond effectively all from a single pane of glass,” he said Philippe Courtot, President and CEO of Qualys.
To request your free 60-day service, go to www.qualys.com/solarhack/.
