New solution enables application security teams
to detect, prioritize and remediate vulnerabilities within company
developed software and embedded open source components
FOSTER
CITY, Calif., Aug. 3, 2023
/PRNewswire/ -- Qualys, Inc. (NASDAQ: QLYS), a pioneer and
leading provider of disruptive cloud-based IT, security and
compliance solutions, today announced it is opening up its award
winning risk management platform to AppSec teams to bring their own
detections to assess, prioritize and remediate the risk associated
with first-party software and its embedded open source
components.
In the digital transformation era, every organization develops
its own software to run its business. This first-party, or
company-developed, software often lacks the disciplined
vulnerability and configuration management practices used for
third-party software. Studies have shown that over 90% of
first-party software includes open source components while more
than 40% have high risks such as exploitable vulnerabilities.
Today, application and security operations teams rely on manual
checks or siloed scripts to evaluate the security of
first-party software, resulting in ad-hoc security assessment that
impedes the ability to prioritize and remediate risk effectively.
Furthermore, traditional vulnerability assessment or software
composition analysis tools do not detect the presence of embedded
open source packages across the production environment. As a
result, security teams face challenges in comprehending the true
risk, particularly in security breaches like the Log4J
incident.
The new Qualys solution enables organizations to bring their own
detection and remediation scripts created using popular languages
like PowerShell and Python to Qualys Vulnerability Management,
Detection and Response (VMDR) as Qualys ID (QIDs), which the Qualys
Cloud Agent executes in a secure and controlled manner. Qualys
TruRisk then detects and prioritizes the findings in the same
workflow and reporting as used for the third-party software
findings. This empowers application and security teams to leverage
their own detections to identify sensitive content, assess critical
process and application statuses, tag assets based on sensitive or
PII data presence, and mitigate risks associated with critical
vulnerabilities like Log4J by configuring file parameters or
addressing Follina by modifying GPOs/registry settings to
efficiently manage the risk arising from both first and third-party
sources.
"In our complex enterprise environment, we've often encountered
situations where our security needs surpassed the capabilities of
off-the-shelf software," said Gabriel Julián Carrera, CISO at OSED.
"Consequently, we've resorted to pulling together independent
scripts to achieve the assessments our unique homegrown solutions
require. Qualys' new offering eliminates this fragmented approach
by seamlessly integrating our proprietary assessments and
commercial tools into one unified Qualys TruRisk Platform saving us
time and helping us stay ahead of potential attackers."
The new Qualys platform capabilities allow teams to:
Easily Build Your Own Signatures: Create Qualys
Detections (QIDs) and remediations based on your own logic or
scripts leveraging major scripting languages such as Python,
PowerShell and others. These detections integrate directly into
VMDR workflows and TruRisk scoring, helping SecOps teams unify and
manage risk across first and third-party applications in their
environment.
Proactively Detect, Manage and Reduce Supply Chain
Risks: Get continuous, real-time visibility into deeply
embedded open source software packages, such as Log4J, openSSL
and commercial software components leveraging the Qualys Cloud
Agent. Qualys TruRisk then prioritizes and correlates the
information based on data from over 25 threat feeds and the asset's
business criticality. This information allows security teams to
rapidly mitigate the risk of high-profile security issues such as
zero-day threats and Log4J outbreaks by crafting custom detection
and responses.
Effectively Communicate Risk with Unified Reporting and
Dashboarding: With native integration to VMDR workflows,
effectively communicate the unified view of risk in first and
third-party software to the right stakeholders via real-time
dashboards and reports. Integration with ticketing systems such as
ServiceNow and JIRA enables the automatic assigning of detailed
remediation tickets to the right owners through a common view to
quickly close tickets and reduce risk.
"First-party applications, being proprietary, often lack
adequate risk detection, prioritization and remediation support
from scanning tools," said Sumedh
Thakar, president and CEO of Qualys. "Our first-in industry
capabilities enable organizations to leverage the Qualys platform's
capabilities, identifying and analyzing both first-party and
third-party software risks to develop an overall TruRisk score for
a comprehensive view of the organization's overall risk."
Availability – Visit us at Black Hat USA
Enhancements to the Qualys Cloud
Platform, including Custom Assessments and Remediation via VMDR
integrations, will be available by the end of August. To sign up
for a free trial, visit www.qualys.com/forms/vmdr. Learn more by
reading the First-Party Software Risk Management blog or
registering for our webinar.
To see our ground-breaking first-party solution in action and
learn how to Get More Security with all our industry leading
solutions, visit us at Black Hat USA, booth 1320.
Additional Resources
- Learn more about the Qualys First-Party Software Risk
Management solution
- Read the First-Party Software Risk Management blog
- Learn more about the Qualys Cloud Platform
- Follow Qualys on LinkedIn and Twitter
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is
a pioneer and leading provider of disruptive cloud-based security,
compliance and IT solutions with more than 10,000 subscription
customers worldwide, including a majority of the Forbes Global 100
and Fortune 100. Qualys helps organizations streamline and automate
their security and compliance solutions onto a single platform for
greater agility, better business outcomes, and substantial cost
savings.
The Qualys Cloud Platform leverages a single agent to
continuously deliver critical security intelligence while enabling
enterprises to automate the full spectrum of vulnerability
detection, compliance, and protection for IT systems, workloads and
web applications across on premises, endpoints, servers, public and
private clouds, containers, and mobile devices. Founded in 1999 as
one of the first SaaS security companies, Qualys has strategic
partnerships and seamlessly integrates its vulnerability management
capabilities into security offerings from cloud service providers,
including Amazon Web Services, the Google Cloud Platform and
Microsoft Azure, along with a number of leading managed service
providers and global consulting organizations. For more
information, please visit http://www.qualys.com.
Qualys, Qualys VMDR® and the Qualys logo are
proprietary trademarks of Qualys, Inc. All other products or names
may be trademarks of their respective companies.
Media Contact:
Tami Casey
Qualys
media@qualys.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/qualys-announces-ground-breaking-first-party-software-risk-management-solution-301892409.html
SOURCE Qualys, Inc.