Qualys Update on Accellion FTA Security Incident

19
Qualys Update on Accellion FTA Security Incident-01

Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based IT, security, and compliance solutions, today issued an update on the security incident regarding the Accellion FTA file transfer solution.

Qualys received new information about a previously identified zero-day exploit in a third-party solution, Accellion FTA that Qualys deployed to transfer files as part of our customer support system.

Qualys confirms today there is no impact on the Qualys production environments, codebase or customer data hosted on the Qualys Cloud Platform. All Qualys platforms continue to be fully functional and at no time was there any operational impact.

Qualys had deployed the Accellion FTA server in a segregated DMZ environment, completely separate from systems that host and support Qualys products to transfer information as part of our customer support system. Qualys chose the Accellion FTA solution for encrypted temporary transfer of manually uploaded files.

Read More: Key Strategies to Securing Distributed Cloud in Enterprise Environments

There was no connectivity between the Accellion FTA server and our production customer data environment (the Qualys Cloud Platform). The Accellion FTA product is a third-party system fully managed by Accellion.

As with any security incident, the investigation is ongoing, and we continue to look for ways to enhance security and provide the strongest protections for our customers. We have engaged FireEye Mandiant, who also worked with Accellion on the wider investigation.

Qualys is strongly committed to the security of its customers and their data, and we will notify them should material information become available.

For more such updates follow us on Google News ITsecuritywire News.