Free Qualys Security Scan Available for the New SANS Top 20 in 2006
New Zero-Day and Client-Side Application Vulnerabilities Scan Available at sans20.qualys.com
London - 15 November, 2006 - Qualys, provider of on demand vulnerability management and policy compliance solutions, announced today the availability of a free network scanning service to help companies find and eliminate vulnerabilities listed in the annual SANS Top 20 update for 2006 that is being announced today at a press conference in Central Hall Westminster, London . The SANS Top 20 is designed by the SANS Institute and security experts from industry and government to provide organizations with a prioritized list of newly discovered exposures to their networks. Qualys' free scan for the 2006 SANS Top 20 is available at sans20.qualys.com.
"Our list of the top 20 vulnerabilities does no good at all unless companies discover whether their computers can be compromised and fix the ones that have the vulnerabilities," said Alan Paller, Director of Research, SANS. "I have been enormously appreciative of Qualys, both for helping to research the Top 20, and for making a free testing tool available that tells businesses and government agencies whether their systems are vulnerable to the Top 20."
In addition to identifying vulnerabilities in Windows and UNIX categories, this year's Top 20 demonstrated a shift from server-side to client-side vulnerabilities and includes categories for zero-day vulnerabilities and highlights the most important Microsoft Office and Web application exploitable vulnerabilities. These changes further reflect the increase in exploits for malicious or personal gain, such as targeting military and government contractor sites using phishing attacks. The full SANS report can be found at http://sans.org/top20.
"The SANS Top 20 list is an important tool in helping businesses prioritize their efforts to address security vulnerabilities," said Amol Sarwate, manager of the Vulnerability Lab at Qualys and a contributing member to the SANS Top 20. "As a service to our customers and the security community as a whole, Qualys supports the SANS Institute and we are glad to share our research invulnerability management to help organizations address the increasing threats in client-side and application vulnerabilities and criminal-based attacks."
Sarwate, along with other experts in the community, provided contributions to the development of the SANS Top 20 list and presented on the topics of client-side vulnerabilities and zero-day threats at the SANS Top 20 event in London on Wednesday.
According to the Top 20 list, the shift from server-side to client-side vulnerabilities continues to be an increasing trend, as are attacks by cyber criminals for financial gain. And, according to the SANS Institute, there has been a significant surge in the number of online criminals in Asian countries, as well as Eastern European initiated attacks. As a result, several banks have reported 400 to 500 percent increases in losses to cyber fraud from 2005 to 2006.
Qualys' on demand model provides customers with immediate vulnerability updates, such as the Top-20 listing, without the need for installing software or building out additional infrastructure. In addition to the free scan, the QualysGuard® service detects new exposures in the SANS Top-20.
About Qualys
Qualys, Inc., the leader in on demand vulnerability management and policy compliance, serves more than 2,400 enterprise subscribers around the world including 200 of the Forbes Global 2000. Qualys global customers include AXA, DuPont, eBay, ICI Ltd., Kaiser Permanente, Novartis and Oracle. Qualys' on demand platform is delivered and supported by strategic partners and managed security service providers around the world, including IBM Global Services, Symantec, BT and Fujitsu. Qualys is headquartered in Redwood Shores, California, with business units in Europe and Asia. For more information, please visit www.qualys.com.
Contact:
Jane Folwell
Folwell PR
Tel: 01344 845132
Mob tel: 07950 033370
Email: jane@folwellpr.co.uk
