If you work in a corporate environment, there’s a chance you see something called the Qualys Cloud Agent running on your computer. And information about this mysterious agent can be hard to come by? What does the Qualys cloud agent do? How does it work? I’m glad you asked.
Unlike its leading competitor, the Qualys Cloud Agent scans automatically. This is good and bad. It means you don’t have to schedule scans, but it also means the Qualys agent essentially has free will. The results wander in whenever they feel like wandering in, and some people want more control than that. Especially at the end of a maintenance window. How to initiate an agent scan was easily the most frequent question I got when I was supporting Qualys for a living. And for a long time, you couldn’t. Then, when Qualys released the feature, they did so about as quietly as can be. Here’s how to force a Qualys Cloud Agent scan.
You can force a Qualys Cloud Agent scan on Windows by toggling a registry key, or from Linux by running the cloudagentctl.sh shell script.
I have a new day job. My new employer is Nucleus Security, a company that ingests, enriches, and distributes vulnerability management data. It’s a fantastic product and I’m happy to be there. This week, Nucleus introduced me to the world with a blog post where I talk about two approaches to patching.
I frequently get data in CSV or Excel format, which I then have to use to deploy a vulnerability management solution like Tenable or Qualys. I use Pandas to process this data. It abuses Pandas. But it works. Yes, it’s a hack. I don’t care.
One of my most frequent topics of discussion in my time as a vulnerability management architect was the question of a Qualys vulnerability vs discovery scan. It’s especially confusing because Qualys is completely silent on the topic. There’s a reason for that. Let’s talk about the types of Qualys scans and what they can do for you.
Officially, Qualys discovery scans don’t exist. That said, you can implement something very close to what Qualys’ competitors call a discovery scan, and reap numerous benefits from it.
The Lockheed Martin Cyber Kill Chain is a popular model in information security. The model illustrates the typical cyber attack. Like the CIA triad, the Cyber Kill Chain is a fundamental concept that helps people understand what motivates security professionals. Understanding it and being able to explain it makes us more effective at our jobs.
Here’s an explanation of the Cyber Kill Chain, along with a couple of examples, one real, and one imagined.
Someone asked me to recommend a VPN service. Since I’m a security professional, I’m supposed to know how to evaluate things like that. But that question makes me very uncomfortable, for reasons I’ll explain in a bit. I’d rather tell you what to look for so you can choose one. So here’s how to choose a VPN service.
I was involved in an interesting discussion about how long it takes to get a security job. But here’s an even more important question. How long does it take to get a security job with no experience? That’s a tougher question. I’ll also argue there’s no such thing as no experience. But to keep the search engines happy, here’s how long it takes to get a security job with no experience (except there’s no such thing as no experience!).
Read More »How long it takes to get a security job with no experience
Just turning on automatic updates is one of those bumper sticker-style solutions to IT problems that won’t go away. It sounds really good, and of course it would be cheap. And since nobody’s doing it, it sounds like a new idea. As someone who’s been working in this space more than 20 years, I can tell you there’s a reason nobody does it. And it’s a good reason. It’s even a reason most proponents of bumper sticker-style solutions love to cite as a reason not to do something: unintended consequences.
While allowing systems to auto update seems like a cheap way to solve a difficult IT problem, the unintended consequences can be devastating. There are reasons to do automatic updates in limited circumstances, but it’s easy to cause bigger problems than you solve.
Alien vulnerabilities are the kiss of death for any vulnerability scanner. There’s no faster way to lose credibility with a sysadmin than to show them a scan of Linux or Mac hosts with Windows vulnerabilities in it. Recently I had to troubleshoot one such issue. Here’s how you can end up with Windows vulnerabilities on Macs in Qualys scans.