Qualys upgrades vulnerability management solution

VMDR 2.0 offers better insight into risk posture, faster fix times for critical vulnerabilities.

security protection / defenses / protocols

An upgrade to the Qualys Vulnerability Management, Detection, and Response (VMDR) solution announced Monday promises to give security teams better insights into the risks posed to organizations from vulnerabilities and a more efficient way to fix them. Cloud-based VMDR 2.0 provides a means for cutting through the noise created by an ever-expanding vulnerability landscape so the most critical risks can be identified and remedied.

"Cyber risk is becoming part of the business risk equation," IDC Research Director Michelle Abraham said in a statement. "Even the most advanced organizations can't patch all the threats they uncover, which increasingly includes poorly misconfigured services."

"Organizations must prioritize efforts that result in the maximum reduction of risk," Abraham continued. "Qualys's approach to cyber risk management considers multiple factors like vulnerabilities and misconfigured systems, so organizations can focus on fixes that reduce their overall risk."

Intelligence to identify exploited vulnerabilities

According to Qualys, the new version of VMDR, with its TruRisk capability, allows security and IT teams to:

  • Reduce risk with holistic scoring that quantifies risk across an entire attack surface, including vulnerabilities, misconfigurations, and digital certificates. It can also correlate with critical business and exploit intelligence from hundreds of sources, automatically deprioritize vulnerabilities if compensating controls are in force, track risk reduction trends over time, and help organizations measure and report on the effectiveness of their cybersecurity program across hybrid environments.
  • Quickly remediate at scale by leveraging rule-based integrations between VMDR and information technology service management (ITSM) tools such as ServiceNow and Jira, along with dynamic vulnerability tagging, to automatically assign remediation tickets to prioritized vulnerabilities and bridge the gap between security and IT teams. It also allows remediation to be orchestrated directly from the ITSM tool to help close vulnerabilities faster and reduce the mean time for remediation.
  • Receive preemptive attack alerts based on external threat intelligence from more than 180,000 vulnerabilities and 25-plus threat and exploit intelligence sources. The intelligence is natively correlated with vulnerabilities and misconfigurations to proactively alert teams on vulnerabilities exploited by malware or those used in an active malicious campaign known to target a particular industry.
  • Automate operational workflows to save valuable time and resources. Teams can develop drag-and-drop visual workflows to automate time-consuming and complex vulnerability management tasks, such as vulnerability assessments for ephemeral cloud assets, alerting for high-profile threats or quarantining high-risk assets.

Vulnerability management helps manage risk

"The increase of disclosed vulnerabilities and speed at which they are weaponized, paired with the cyber talent shortage, have left teams struggling to wade through a mountain of issues," Qualys Vice President of Product Management and Engineering for VMDR Mehul Revankar tells CSO. "Any tools or systems that can be used to ease these headaches for security teams are critical. Developing drag-and-drop visual workflows automates time-consuming and complex vulnerability management tasks, such as vulnerability assessments for ephemeral cloud assets, alerting for high-profile threats, or quarantining high-risk assets in the cloud."

Revankar notes that nowadays, no matter the difference in size, geography or industry, a CISO's number one job is to manage cyber risk. "Security teams need vulnerability management solutions that quantify risk across vulnerabilities, assets, and groups of assets, helping organizations proactively reduce risk exposure and track risk reduction over time," he says.

"Qualys VMDR, with TrusRisk, does this by considering multiple factors—exploit code maturity, active exploitation of the vulnerability, the criticality of the asset, its location, and so forth," Revankar says, "so that organizations can gain a holistic view of their environment and focus efforts on fixes that will reduce their overall risk."

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)