Get ready for market discovery and response – there’s a new acronym coming into the fray. Joining NDR, EDR, MDR and XDR is VMDR: vulnerability management, detection and response.
So far, Qualys is the only vendor that specifically uses the phrase to describe its product, but a few others have similarly named offers. Let’s examine this new acronym and what features and benefits it provides to organizations that many current vulnerability management tools may not have.
What is VMDR?
VMDR aims to take traditional vulnerability management products to the next level. It helps companies manage the entire lifecycle of vulnerability management – from asset management and vulnerability identification to threat -level assignment and remediation.
“The key part in the whole process is determining what is internally or externally exposed and classifying those assets and determining the level of criticality in the larger organization,” said Ken Smith, analyst at RSM US. “In that area, you get to the true heart of vulnerability management, which is finding your own shortcomings before anyone can take advantage.”
Qualys first released its SaaS-based VMDR in 2020. It doesn’t require any on-site hardware or software, which reduces setup time for IT teams creating custom rules. Customers also don’t need to deploy new servers; instead, they install Qualys Cloud Agent from the product console.
Mitchell Schneider, analyst at Gartner, said he could not confirm with Qualys how simple VMDR deployment is but said the vendor does not charge for professional services, making it easier-and cheaper-for companies get help if they need help.
The SaaS product provides seamless vulnerability scanning-from periodic scanning to real time-to provide an enhanced picture of asset management and vulnerabilities. Qualys VMDR consists of the following:
VMDR 2.0 with TruRisk was released in June 2022, with upgrades that automate the entire lifecycle and speed up how quickly an organization responds to vulnerabilities. The new cyber-risk content measurement feature allows customers to determine what their high-risk assets and vulnerabilities are. The updated dashboard now indicates if a particular vulnerability is being actively exploited or if only a proof of concept exists.
The release also has IT service management connections to ServiceNow, so tickets are sent to the right in-house teams to remedy vulnerabilities. The ServiceNow app is free to VMDR customers, said Mehul Revankar, vice president of product management at Qualys. These apps add automation designed to assist short-handed IT teams in knowing which vulnerabilities to focus on and fix, reducing wasted time.
VMDR 2.0 also offers optional add-ons, including endpoint detection and response (EDR) and cybersecurity asset management. While VMDR is designed to work with Qualys EDR, it has an open API to allow other vendor products to connect to and use Qualys vulnerability and threat data.
Other vulnerability management options in the next generation
Although Qualys is the only one calling its product VMDR, it is not alone in releasing products to address vulnerability management. In May 2022, Microsoft announced Microsoft Defender Vulnerability Management, which will feature asset visibility, intelligent analysis and remediation capabilities in the overall release. The product is available for public preview.
Secureworks currently offers Taegis VDR, a vulnerability detection and response product that scans for vulnerabilities, automates manual tasks, and integrates with third-party monitoring products. scanning and ticketing. Schneider listed Tenable and Rapid7 as other competitors. Tenable.ep packages separate vendor products in a vulnerability management license. Rapid7 InsightVM scans a company’s network and monitors the vulnerability mitigation process, while providing instructions on how to efficiently fix detected vulnerabilities.
The growing market of vulnerability management
The vulnerability management marketplace is evolving as more companies begin to provide additional and modified services. With nearly 180,000 CVEs reported at the end of June 2022 and more than 8,000 published in the first quarter of 2022 alone, vulnerability management vendors need to find a way to be unique.
“There are many angles where you start to see vulnerability management vendors as more technology and security companies offer their own products,” said Erik Nost, analyst at Forrester Research. “For example, we’re seeing convergence in management over attack and application security.”