Parasoft announces the opening of its new office in Northeast Ohio.
Qualys announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).
Qualys GovCloud is a comprehensive offering including - asset inventory with external attack surface visibility, vulnerability risk and remediation management and compliance management - that federal agencies can use as the foundation for their cybersecurity programs. Its integrated platform includes all the critical security and compliance solutions needed to address Executive Orders and aligns with NIST 800-53 v5 standards eliminating the need to stitch together siloed solutions.
The highly scalable GovCloud platform supports federal and commercial organizations cost-effectively, delivering integrated capabilities, 24x7 support and training while maintaining the highest level of protection. Qualys GovCloud includes:
- Cybersecurity Asset Management with External Attack Surface Management – to identify, discover inventory and classify all known and unknown assets with security context. The solution also syncs with your CMDB, helping address CISA BOD 23-01 and comprehensively report against the NIST 800-53 v5 requirement of CM-8.
- Vulnerability Management Detection and Response (VMDR) - assess, prioritize, and remediate vulnerabilities based on TruRisk to meet Executive order 14028, OMB M-21-31 as well as monitor posture against NIST requirement of RA-5.
- Configuration and Policy Compliance - GovCloud's Regulatory Compliance Management with Policy Compliance capability allows government agencies to assess configuration posture against DISA while auditing and reporting their compliance with a wide range of standards, including NIST 800-53/FedRAMP, NIST 800-171, NIST CSF, CMMC, CERT Resiliency, etc.
- File Integrity Monitoring – detects and alerts on unauthorized changes to software firmware and information to align with the NIST SI-7 requirement.
- Container Security - continuously discover, track, and secure containers from build to runtime, aligning with the key federal DevOps initiative while addressing the additional FedRAMP requirement of NIST RA-5 regarding assessing containers for vulnerability risk.
"As the only vulnerability management platform currently with FedRAMP Ready status at the High impact level, we are dedicated to providing federal agencies with a modern alternative to legacy scanners to improve their security posture as they embrace digital transformation." said Sumedh Thakar, President and CEO of Qualys.
Industry News
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.