Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

11/25/2019
01:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Qualys Brings its Vulnerability Management Solution to the Next Level

Introducing VMDR: Vulnerability Management, Detection, and Response. VMDR delivers a continuous cycle of protection from a single pane of glass with built-in orchestration workflows and real-time vulnerability detection to prioritize, remediate, and audit across hybrid IT environments.

Qualys Security Conference QSC19 – Las Vegas – November 19, 2019 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced its new Vulnerability Management, Detection and Response (VMDR) app to provide customers with one streamlined workflow to scan, investigate, prioritize and neutralize threats.

VMDR is a giant leap forward, helping organizations of all sizes to strengthen their security posture by offering a complete VM workflow that:

  • Enables Vulnerability Management and IT teams complete and continuous visibility of their global IT assets (known and unknown)
  • Identifies vulnerabilities across those assets in real-time
  • Prioritizes remediation using machine learning and context awareness
  • Provides built-in orchestration workflows
  • Allows one-click remediation with full audit tracking

“With VMDR, Qualys integrates highly valued and much-needed asset visibility with vulnerability management so that IT teams can have full visibility of their global IT assets (known and unknown). This provides the ability to identify the exposure of those assets in real-time, and to prioritize remediation by combining real-time threat indicators with asset context to remediate with one click and then audit the process,” said Scott Crawford, research vice president at 451 Research.

“Game-changing VMDR takes vulnerability management to the next level by providing the power to continuously detect vulnerability and misconfigurations across the entire global hybrid IT environment, and respond in real-time to remediate assets that are vulnerable or already compromised from a single platform with built-in orchestration,” said Philippe Courtot, chairman and CEO of Qualys. “Equally important, the new asset-based pricing and its delivery as a single, self-updating app, makes it easier to procure, deploy and manage, drastically reducing the total cost of ownership.”

VMDR bundles Asset Discovery and Inventory, Vulnerability Assessment including Configuration Controls, Prioritization, Remediation and Audit as a single app. It is effortless to deploy on a global scale, and pricing is on a per asset basis. This pricing makes the app simple to procure as a fully bundled solution, drastically saving deployment, administration and software subscription costs with real-time, light-weight Cloud Agents and Virtual Scanners that are easy to deploy and self-updating.

VMDR brings the vulnerability management category to the next level with a single app and built-in workflows that provide:

Automated Asset Identification and Categorization
Knowing what’s active in a global hybrid-IT environment is fundamental to security. With Qualys VMDR, customers can automatically discover and categorize known and unknown assets, continuously identify unmanaged assets, and create automated workflows to bring them to a managed state. After the data is collected, customers can instantly query assets and their attributes to get deep visibility including hardware, system configuration, installed software, services, and network connections.

Real-Time Vulnerabilities and Misconfiguration Detection
Qualys VMDR allows customers to automatically detect vulnerabilities and critical misconfigurations per CIS benchmarks, broken down by asset. Misconfigurations that do not have CVEs are a major source of breaches and compliance failures, creating vulnerabilities on the assets that do not have CVEs. Critical vulnerabilities and misconfigurations are continuously identified on the widest range of devices, operating systems, and applications in the industry.

Automated Remediation Prioritization
Qualys VMDR uses real-time threat intelligence and machine learning models to automatically prioritize the highest risk vulnerabilities on the most critical assets. Indicators such as Exploitable, Actively Attacked, High Lateral Movement, etc. are used to bubble up vulnerabilities that are currently at risk while machine learning models help to highlight vulnerabilities that will most likely become severe threats based on attributes of the vulnerability, providing multiple levels of prioritization.

Patch and Remediate at your Fingertips
After prioritizing vulnerabilities by risk, Qualys VMDR also enables rapid, targeted remediation of these vulnerabilities across any size environment by deploying the most relevant superseding patch. Additionally, policy-based, automated recurring jobs keep systems up to date, providing proactive patch management for security and non-security patches that reduce the number of vulnerabilities the operations team has to chase down as part of a remediation cycle.

Confirm and Repeat
With Qualys VMDR, users can close the loop and complete the vulnerability management lifecycle from a single pane of glass with real-time customizable dashboards and widgets, built-in trending and per asset pricing, along with no software to update all of which drastically reduce the total cost of ownership.

Availability
Qualys VMDR will be available in January 2020. Pricing starts at $199 per asset (minimum quantity 32).

Additional Resources

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 12,200 customers and active users in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings.

The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance, and protection for IT systems and web applications on-premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading cloud providers like Amazon Web Services, Microsoft Azure and the Google Cloud Platform, and managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contacts:
Tami Casey
Qualys
(650) 801-6196
[email protected]

Mariah Gauthier
HighwirePR
(415) 963 4174
[email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4428
PUBLISHED: 2019-12-09
IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....
CVE-2019-4611
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 168519.
CVE-2019-4612
PUBLISHED: 2019-12-09
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523.
CVE-2019-4621
PUBLISHED: 2019-12-09
IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2018.4.1.5 have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC. IBM X-Force ID: 168883.
CVE-2019-19230
PUBLISHED: 2019-12-09
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.