Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  Equities  >  Nasdaq  >  Qualys Inc    QLYS

QUALYS INC

(QLYS)
My previous session
Most popular
  Report  
Delayed Quote. Delayed Nasdaq - 02/15 04:00:00 pm
80.69 USD   -0.70%
02/14QUALYS : Know What's on Your Network at All Times with Qualys Asset Inventory
PU
02/14QUALYS : to Speak at Upcoming Investor Conferences
PR
02/12QUALYS : 4Q Earnings Snapshot
AQ
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
News SummaryMost relevantAll newsOfficial PublicationsSector newsAnalyst Recommendations

Qualys : RunC Container Breakout Vulnerability

share with twitter share with LinkedIn share with facebook
share via e-mail
0
02/12/2019 | 11:05am EST

Despite the huge advantages that containers offer in application portability, acceleration of CI/CD pipelines and agility of deployment environments, the biggest concern has always been about isolation. Since all the containers running on a host share the same underlying kernel, any malicious code breaking out of a container can compromise the entire host, and hence all the applications running on the host and potentially in the cluster.

That fear of container isolation failing to hold up turned out to be true yesterday when a vulnerability in runC was announced. runC is the key and most popular software component that most container engines rely on for spinning up containers on a host. The announced vulnerability allows an attacker to break out of the container isolation through a well-crafted attack (technical details of the vulnerability and the exploit are at https://seclists.org/oss-sec/2019/q1/119) and compromise the entire host. The vulnerability is particularly nasty because it can't be covered by the default AppArmor or SELinux kernel-enforced sandboxing policies.

What can you do to protect your containerized applications?

Even though the exploit is tricky to execute, the exploit code will be released publicly on February 18, so it's best to protect your container environment by doing the following:

  1. Know which nodes (Docker hosts) you are running the containers, and if you are running a vulnerable version of Docker Engine. If you are a Qualys customer, you can use AssetView to get that information. Docker has released the patch in version 18.09.2.
  2. Upgrade your Docker hosts to version 18.09.2.
  3. For hosts managed by public cloud service providers, please keep a close watch on how they are addressing the issue.
    GCP - https://cloud.google.com/kubernetes-engine/docs/security-bulletins
    AWS - https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
  4. Qualys is working on releasing the following detections (QIDs), and more vendor-specific QIDs will be launched in the coming days.
    371641: RunC Container Breakout Vulnerability
    237118: Red Hat Update for runc (RHSA-2019:0303)
    237119: Red Hat Update for docker (RHSA-2019:0304)
    You can get more details at Qualys Threat Protection.

What to do in the future?

It's good to be concerned about any new technology while it matures, but it's equally important to harden the application build and deployment workflows in order to prevent the attacker from getting an easy lead into exploiting the deployed containers.

  1. Ensure that only those container images that have gone through the defined compliance checks (related to vulnerabilities, packages, etc.) are deployed in production. As an example, you can use the Qualys Container Security solution to promote only those built images that pass the compliance checks on the build nodes.
  2. Privileged containers, if compromised, can bring down the entire container cluster. Hence, keep a close watch on all privileged containers running in your environment.

Disclaimer

Qualys Inc. published this content on 12 February 2019 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 12 February 2019 16:04:03 UTC

share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news on QUALYS INC
02/14QUALYS : Know What's on Your Network at All Times with Qualys Asset Inventory
PU
02/14QUALYS : to Speak at Upcoming Investor Conferences
PR
02/12QUALYS : 4Q Earnings Snapshot
AQ
02/12QUALYS, INC. : Results of Operations and Financial Condition, Financial Statemen..
AQ
02/12QUALYS : Announces Fourth Quarter and Full Year 2018 Financial Results
PR
02/12QUALYS : Acquires Software Assets of Cloud Application Management Company Adya
PR
02/12QUALYS : February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-d..
PU
02/12QUALYS : RunC Container Breakout Vulnerability
PU
02/12QUALYS : Teams with IBM X-Force Red to Automate Vulnerability Prioritization and..
PR
02/12QUALYS : Introduces Patch Management App to Help IT and Security Teams Streamlin..
PR
More news
Financials ($)
Sales 2019 322 M
EBIT 2019 96,5 M
Net income 2019 38,2 M
Finance 2019 247 M
Yield 2019 -
P/E ratio 2019 86,14
P/E ratio 2020 67,06
EV / Sales 2019 9,12x
EV / Sales 2020 7,54x
Capitalization 3 178 M
Chart QUALYS INC
Duration : Period :
Qualys Inc Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends QUALYS INC
Short TermMid-TermLong Term
TrendsNeutralBullishNeutral
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 16
Average target price 91,4 $
Spread / Average Target 13%
EPS Revisions
Managers
NameTitle
Philippe F. Courtot Chairman, President & Chief Executive Officer
Melissa B. Fisher Chief Financial Officer
Sandra England Bergeron Independent Director
Peter Pace Independent Director
Jeffrey P. Hank Independent Director
Sector and Competitors
1st jan.Capitalization (M$)
QUALYS INC7.96%3 178
SALESFORCE.COM16.12%121 673
NUTANIX INC28.95%9 607
CORNERSTONE ONDEMAND, INC.13.72%3 361
SOPHOS GROUP PLC-10.46%2 087
GTT COMMUNICATIONS INC27.30%1 648