Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

11/25/2019
01:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Qualys Brings its Vulnerability Management Solution to the Next Level

Introducing VMDR: Vulnerability Management, Detection, and Response. VMDR delivers a continuous cycle of protection from a single pane of glass with built-in orchestration workflows and real-time vulnerability detection to prioritize, remediate, and audit across hybrid IT environments.

Qualys Security Conference QSC19 – Las Vegas – November 19, 2019 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced its new Vulnerability Management, Detection and Response (VMDR) app to provide customers with one streamlined workflow to scan, investigate, prioritize and neutralize threats.

VMDR is a giant leap forward, helping organizations of all sizes to strengthen their security posture by offering a complete VM workflow that:

  • Enables Vulnerability Management and IT teams complete and continuous visibility of their global IT assets (known and unknown)
  • Identifies vulnerabilities across those assets in real-time
  • Prioritizes remediation using machine learning and context awareness
  • Provides built-in orchestration workflows
  • Allows one-click remediation with full audit tracking

“With VMDR, Qualys integrates highly valued and much-needed asset visibility with vulnerability management so that IT teams can have full visibility of their global IT assets (known and unknown). This provides the ability to identify the exposure of those assets in real-time, and to prioritize remediation by combining real-time threat indicators with asset context to remediate with one click and then audit the process,” said Scott Crawford, research vice president at 451 Research.

“Game-changing VMDR takes vulnerability management to the next level by providing the power to continuously detect vulnerability and misconfigurations across the entire global hybrid IT environment, and respond in real-time to remediate assets that are vulnerable or already compromised from a single platform with built-in orchestration,” said Philippe Courtot, chairman and CEO of Qualys. “Equally important, the new asset-based pricing and its delivery as a single, self-updating app, makes it easier to procure, deploy and manage, drastically reducing the total cost of ownership.”

VMDR bundles Asset Discovery and Inventory, Vulnerability Assessment including Configuration Controls, Prioritization, Remediation and Audit as a single app. It is effortless to deploy on a global scale, and pricing is on a per asset basis. This pricing makes the app simple to procure as a fully bundled solution, drastically saving deployment, administration and software subscription costs with real-time, light-weight Cloud Agents and Virtual Scanners that are easy to deploy and self-updating.

VMDR brings the vulnerability management category to the next level with a single app and built-in workflows that provide:

Automated Asset Identification and Categorization
Knowing what’s active in a global hybrid-IT environment is fundamental to security. With Qualys VMDR, customers can automatically discover and categorize known and unknown assets, continuously identify unmanaged assets, and create automated workflows to bring them to a managed state. After the data is collected, customers can instantly query assets and their attributes to get deep visibility including hardware, system configuration, installed software, services, and network connections.

Real-Time Vulnerabilities and Misconfiguration Detection
Qualys VMDR allows customers to automatically detect vulnerabilities and critical misconfigurations per CIS benchmarks, broken down by asset. Misconfigurations that do not have CVEs are a major source of breaches and compliance failures, creating vulnerabilities on the assets that do not have CVEs. Critical vulnerabilities and misconfigurations are continuously identified on the widest range of devices, operating systems, and applications in the industry.

Automated Remediation Prioritization
Qualys VMDR uses real-time threat intelligence and machine learning models to automatically prioritize the highest risk vulnerabilities on the most critical assets. Indicators such as Exploitable, Actively Attacked, High Lateral Movement, etc. are used to bubble up vulnerabilities that are currently at risk while machine learning models help to highlight vulnerabilities that will most likely become severe threats based on attributes of the vulnerability, providing multiple levels of prioritization.

Patch and Remediate at your Fingertips
After prioritizing vulnerabilities by risk, Qualys VMDR also enables rapid, targeted remediation of these vulnerabilities across any size environment by deploying the most relevant superseding patch. Additionally, policy-based, automated recurring jobs keep systems up to date, providing proactive patch management for security and non-security patches that reduce the number of vulnerabilities the operations team has to chase down as part of a remediation cycle.

Confirm and Repeat
With Qualys VMDR, users can close the loop and complete the vulnerability management lifecycle from a single pane of glass with real-time customizable dashboards and widgets, built-in trending and per asset pricing, along with no software to update all of which drastically reduce the total cost of ownership.

Availability
Qualys VMDR will be available in January 2020. Pricing starts at $199 per asset (minimum quantity 32).

Additional Resources

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 12,200 customers and active users in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings.

The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance, and protection for IT systems and web applications on-premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading cloud providers like Amazon Web Services, Microsoft Azure and the Google Cloud Platform, and managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contacts:
Tami Casey
Qualys
(650) 801-6196
[email protected]

Mariah Gauthier
HighwirePR
(415) 963 4174
[email protected]

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15526
PUBLISHED: 2020-07-09
In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are...
CVE-2020-10756
PUBLISHED: 2020-07-09
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, re...
CVE-2020-12421
PUBLISHED: 2020-07-09
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 6...
CVE-2020-12422
PUBLISHED: 2020-07-09
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
CVE-2020-12423
PUBLISHED: 2020-07-09
When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating sys...