Qualys has unveiled Qualys Vulnerability Management, Detection, and Response (VMDR) 2.0. The company said that the new cloud-based solution provides insights into an organization’s risk attitude, along with the ability to use drag-and-drop workflows to orchestrate responses.
With the number of vulnerabilities disclosed doubling in the past five years, the speed at which vulnerabilities are deployed, and the shortage of cyber talent, teams are struggling to navigate the vulnerabilities without being able to fix them all.
According to Qualys, security and IT teams need a new systematic approach to cut through the noise and prioritize fixing the most critical vulnerabilities that reduce risk in their environment.
Qualys VMDR 2.0 is designed to provide visibility to security and IT teams who need to focus on the vulnerabilities that truly mitigate risk.
Qualys beta customers with the TruRisk capability prioritized an average of 28% fewer critical vulnerabilities across a sample size of 2.6 million assets and 74 million detections, the company said. At the same time, the company says they were able to reduce risk by an average of 23% and, in some cases, by 50%.
IDC Research Director Michelle Abraham says, “Cyber risk is becoming part of the business risk equation. Even the most sophisticated organizations cannot resolve all the threats they discover, including increasingly poorly configured services.
“Organizations should prioritize efforts that result in maximum risk reduction. Qualys’ approach to cyber risk management considers multiple factors, such as vulnerabilities and misconfigured systems, so organizations can focus on solutions that reduce their overall risk.”
Qualys VMDR with TruRisk solution helps security and IT teams increase efficiency and save time by providing shared context and the ability to create drag-and-drop workflows to automate time-consuming operational vulnerability management processes, including vulnerability assessment of ephemeral cloud assets, alerts, and prioritization.
Qualys VMDR with TruRisk enables security and IT teams to:
Reduce risk with holistic scoring: Quantify risk across the entire attack surface, including vulnerabilities, misconfigurations, and digital certificates, correlate with business criticality, and exploit intelligence from hundreds of sources, including Shodan’s attack surface exposure data. Qualys VMDR with TruRisk automatically deprioritizes vulnerabilities when compensating controls are in place, tracks risk reduction trends over time, and helps organizations measure and report on the effectiveness of their cybersecurity program in hybrid environments. Rapid remediation at scale: Leverage rules-based integrations between VMDR and ITSM tools such as ServiceNow and JIRA and emotional vulnerability tagging to automatically assign remediation tickets to prioritize vulnerabilities and bridge the gap between security and IT bridge teams. Organize remediation directly from the ITSM tool to close vulnerabilities faster and reduce the mean time to remediation. Receive Preemptive Attack Alerts: External threat intelligence, from over 180,000 exposures and 25 plus threat and exploit intelligence sources, is correlated by default with vulnerabilities and misconfigurations to proactively alert teams to vulnerabilities exploited by malware or used in an active malicious campaign known to target Your Industry. Automate operational workflows: Teams save time and resources with Qualys Qflow technology. They can develop drag-and-drop visual workflows to automate time-consuming and complex vulnerability management tasks, such as vulnerability assessments for ephemeral cloud assets, alerts for high-profile threats, or quarantining high-risk investments.
Sumedh Thakar, president and CEO of Qualys said: “In this era of increasing attacks and executive attention to cyber resilience, managing cyber risk efficiently is more important than ever.
“With VMDR 1.0, we innovated by bringing the four core elements of vulnerability management into a seamless workflow to help organizations respond efficiently to threats.
“We are changing the game again with VMDR 2.0, enabling organizations to initiate remediation workflows for vulnerability management tasks, prioritize remediation on the critical issues that mitigate risk, and streamline responses and integrations with ITSM solutions such as ServiceNow.”