Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  Equities  >  Nasdaq  >  Qualys Inc    QLYS

QUALYS INC

(QLYS)
  Report  
Delayed Quote. Delayed Nasdaq - 04/18 04:00:00 pm
81.19 USD   +0.47%
04/18QUALYS : Training Update, April 2019
PU
04/17QUALYS : Monitoring AWS Golden AMI Pipelines with Slack
PU
04/10ANCESTRY : On the Vanguard of DevOps Security
PU
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
News SummaryMost relevantAll newsOfficial PublicationsSector newsAnalyst Recommendations

Qualys : RunC Container Breakout Vulnerability

share with twitter share with LinkedIn share with facebook
share via e-mail
0
02/12/2019 | 11:05am EDT

Despite the huge advantages that containers offer in application portability, acceleration of CI/CD pipelines and agility of deployment environments, the biggest concern has always been about isolation. Since all the containers running on a host share the same underlying kernel, any malicious code breaking out of a container can compromise the entire host, and hence all the applications running on the host and potentially in the cluster.

That fear of container isolation failing to hold up turned out to be true yesterday when a vulnerability in runC was announced. runC is the key and most popular software component that most container engines rely on for spinning up containers on a host. The announced vulnerability allows an attacker to break out of the container isolation through a well-crafted attack (technical details of the vulnerability and the exploit are at https://seclists.org/oss-sec/2019/q1/119) and compromise the entire host. The vulnerability is particularly nasty because it can't be covered by the default AppArmor or SELinux kernel-enforced sandboxing policies.

What can you do to protect your containerized applications?

Even though the exploit is tricky to execute, the exploit code will be released publicly on February 18, so it's best to protect your container environment by doing the following:

  1. Know which nodes (Docker hosts) you are running the containers, and if you are running a vulnerable version of Docker Engine. If you are a Qualys customer, you can use AssetView to get that information. Docker has released the patch in version 18.09.2.
  2. Upgrade your Docker hosts to version 18.09.2.
  3. For hosts managed by public cloud service providers, please keep a close watch on how they are addressing the issue.
    GCP - https://cloud.google.com/kubernetes-engine/docs/security-bulletins
    AWS - https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
  4. Qualys is working on releasing the following detections (QIDs), and more vendor-specific QIDs will be launched in the coming days.
    371641: RunC Container Breakout Vulnerability
    237118: Red Hat Update for runc (RHSA-2019:0303)
    237119: Red Hat Update for docker (RHSA-2019:0304)
    You can get more details at Qualys Threat Protection.

What to do in the future?

It's good to be concerned about any new technology while it matures, but it's equally important to harden the application build and deployment workflows in order to prevent the attacker from getting an easy lead into exploiting the deployed containers.

  1. Ensure that only those container images that have gone through the defined compliance checks (related to vulnerabilities, packages, etc.) are deployed in production. As an example, you can use the Qualys Container Security solution to promote only those built images that pass the compliance checks on the build nodes.
  2. Privileged containers, if compromised, can bring down the entire container cluster. Hence, keep a close watch on all privileged containers running in your environment.

Disclaimer

Qualys Inc. published this content on 12 February 2019 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 12 February 2019 16:04:03 UTC

share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news on QUALYS INC
04/18QUALYS : Training Update, April 2019
PU
04/17QUALYS : Monitoring AWS Golden AMI Pipelines with Slack
PU
04/10ANCESTRY : On the Vanguard of DevOps Security
PU
04/10QUALYS : Cloud Platform 2.38 New Features
PU
04/09QUALYS : April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Atta..
PU
04/09QUALYS : to Report First Quarter 2019 Financial Results on May 1st
PR
04/03QUALYS POLICY COMPLIANCE NOTIFICATIO : Policy Library Update
PU
03/23QUALYS : Cloud Platform (VM, PC) 8.18 New Features
PU
03/18FREE TRAINING : New Certified Learning Paths
PU
03/14QUALYS : PCI & SSL/Early TLS QIDs 38601, 42366
PU
More news
Financials ($)
Sales 2019 322 M
EBIT 2019 95,7 M
Net income 2019 43,4 M
Finance 2019 220 M
Yield 2019 -
P/E ratio 2019 86,68
P/E ratio 2020 67,47
EV / Sales 2019 9,17x
EV / Sales 2020 7,56x
Capitalization 3 170 M
Chart QUALYS INC
Duration : Period :
Qualys Inc Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends QUALYS INC
Short TermMid-TermLong Term
TrendsNeutralNeutralNeutral
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus HOLD
Number of Analysts 16
Average target price 89,2 $
Spread / Average Target 9,9%
EPS Revisions
Managers
NameTitle
Philippe F. Courtot Chairman, President & Chief Executive Officer
Melissa B. Fisher Chief Financial Officer
Sandra England Bergeron Independent Director
Peter Pace Independent Director
Jeffrey P. Hank Independent Director
Sector and Competitors
1st jan.Capitalization (M$)
QUALYS INC8.63%3 170
SALESFORCE.COM13.89%120 268
NUTANIX INC3.01%7 801
ANAPLAN INC32.63%4 399
CORNERSTONE ONDEMAND, INC.3.75%3 092
SOPHOS GROUP PLC-5.07%2 251