Qualys identifies over 7 million vulnerabilities on SolarWinds and FireEye

Qualys identifies over 7 million vulnerabilities on SolarWinds and FireEye
Qualys announced that its research team, using the Qualys Cloud Platform, has identified 7.54 million vulnerabilities related to FireEye Red Team assessment tools and compromised versions of SolarWinds Orion, tracked as Solorigate or SUNBURST, analyzing the entire database of 15,700 customers.

Researchers noted that, of the identified vulnerabilities, out of 5.29 million unique assets, most are related to FireEye's Red Team tools. These findings highlight the extent of the potential attack surface, should these tools be misused. The research team also identified that 99.84% of the more than 7 million instances of vulnerabilities come from eight Microsoft software vulnerabilities that already have patches available.

In order to mitigate risk and exposure to this breach, Qualys provides IT and security teams with free access for 60 days to its integrated vulnerability management, detection and response service, leveraging the power of the Qualys Cloud Platform.

«The free solution from Qualys offers the visibility and response many need, within a single application, at a time when IT and security teams around the world are striving to enhance their systems, ”said Frank Dickson, IDC Program Vice President, Security and Trust.

«Qualys' solution leverages the native security and compliance platform to deliver vulnerability management, detection, prompt response and ability to detect malware while maintaining file integrity. It is an excellent solution, easy to use, to implement and absolutely competitive, as it is free ".

"The scale of this national attack is enormous, as overnight reliable and widely used software turned into quite well-known malware," said Sumedh Thakar, President and Chief Product Officer of Qualys.

«Since its first appearance, Qualys teams have been actively researching, analyzing the problem and helping customers evaluate their systems. The good news is that nearly all Common Vulnerabilities and Exposures (CVE) security holes are patchable, and we offer our solution to companies so they can work immediately to protect themselves from these vulnerabilities. "

Qualys has therefore decided to offer a full and free license for 60 days that allows you to perfectly manage the situation, starting from detection to resolution activities, reducing the risk and exposure to SolarWinds and FireEye breaches.

“As our teams analyzed the highly sophisticated attack on SolarWind and FireEye, we realized that we could help the industry with our powerful unified Cloud Platform. The integrated security solution provides real-time visibility across the global and hybrid IT environment, enabling you to detect and prioritize critical vulnerabilities, identify malware and effectively respond to everything from a single control panel, "said Philippe Courtot , President and CEO of Qualys.