An upgrade to Qulys Vulnerability Management, Detection, and Response (VMDR) solution was announced Monday that promises to give security teams better insight into the risks posed by organizations from vulnerabilities. and a better way to fix them. Cloud-based VMDR 2.0 provides a way to cut down on the noise created by an ever-expanding vulnerability landscape so that the most important risks can be identified and resolved.
“Cyber risk is becoming part of the business risk equation,” IDC Research Director Michelle Abraham said in a statement. “Even the most advanced organizations can’t patch all the threats they discover, which increasingly includes poorly configured services.”
“Organizations should prioritize efforts that result in maximum risk reduction,” Abraham continues. “Qualys’s approach to cyber risk management takes into account many factors such as vulnerabilities and misconfigures of systems, so that organizations can focus on fixes that lower their overall risk.”
Intelligence to identify exploited vulnerabilities
According to Qualys, the new version of VMDR, along with its TruRisk capability, enables security and IT teams to:
- Reduce risk through holistic scoring that counts risk throughout the attack, including vulnerabilities, incorrect configurations, and digital certificates. It can also link to critical business and exploit intelligence from hundreds of sources, automatically deprioritize vulnerabilities when compensation controls are implemented, monitor risk reduction trends over time, and assist organizations that measure and report the effectiveness of their cybersecurity program in hybrid environments.
- Quickly remediate significantly by using rule-based integrations between VMDR and information technology service management (ITSM) tools such as ServiceNow and Jira, along with dynamic vulnerability tagging, to automatically assign remediation tickets to vulnerability priorities and bridge the gap between security and IT teams. It also allows remediation to be orchestrated directly from the ITSM tool to help close vulnerabilities more quickly and reduce the mean time for remediation.
- Receive preemptive attack alerts based on external threat intelligence from over 180,000 vulnerabilities and 25-plus threat and exploit intelligence sources. Intelligence is natively associated with vulnerabilities and misconfigures to promptly alert teams to vulnerabilities exploited by malware or those used in an active malicious campaign known to target a particular industry.
- Automate operational workflows to save valuable time and resources. Teams can develop drag-and-drop visual workflows to automate time-consuming and complex vulnerability management tasks, such as vulnerability assessments for ephemeral cloud assets, alerting for high-profile ones threat or quarantine on high-risk assets.
Vulnerability management helps with risk management
“The increase in revealed vulnerabilities and the speed with which they are armed, paired with the lack of cyber talent, has left teams struggling to cross a mountain of issues,” Qualys Vice President said. of Product Management and Engineering for VMDR Mehul Revankar at CSO. “Any tools or systems that can be used to alleviate these headaches for security teams are critical. The development of drag-and-drop visual workflows automates the process. time-consuming and complex vulnerability management tasks, such as vulnerability analyzes for ephemeral cloud assets, alerting for high-profile threats, or quarantining high-risk assets. cloud. “
Revankar said that right now, regardless of size, geography or industry, the number one job of the CISO is to manage cyber risk. “Security teams need vulnerability management solutions that measure risk across vulnerabilities, assets, and asset groups, helping organizations actively reduce risk exposure and monitor risk reduction in over time, ”he said.
“Qualys VMDR, along with TrusRisk, does this by taking into account many factors — taking advantage of code maturity, active vulnerability exploitation, the criticality of the asset, its location, and more,” Revankar said, “so that organizations can gain a holistic view of their environment and focus efforts on repairs that will reduce their overall risk.”
Copyright © 2022 IDG Communications, Inc.