New solutions – TruRisk Mitigate and Isolate -
compliment patch management helping customers reduce security risk
while lowering operational risk with extensive coverage for recent
CISA KEV
FOSTER
CITY, Calif., July 30,
2024 /PRNewswire/ -- Qualys, Inc. (NASDAQ:
QLYS), a leading provider of disruptive cloud-based IT, security
and compliance solutions, is unveiling TruRisk Eliminate at Black
Hat 2024. Qualys TruRisk Eliminate is a comprehensive remediation
solution that extends beyond patching to help organizations further
reduce risk. It provides additional innovative remediation methods
when patching isn't feasible. This approach uses patchless
patching, targeted isolation, and other mitigation strategies to
ensure robust protection.
Patch management is a core capability for remediating
vulnerabilities, but it is not always the most viable or only
option. Addressing all vulnerabilities is increasingly difficult
due to potential business disruptions from patching, the
unavailability of patches for zero days, and the limitations of
traditional patch management tools that rely solely on agents. The
Qualys Threat Research Unit (TRU) identified five million instances
of CISA Known At-risk assets that can't be patched present
vulnerabilities exploitable by hackers, leading to ransomware and
data breaches. Cybersecurity and IT teams need effective
mechanisms to mitigate the risks of unpatched vulnerabilities while
maintaining business operations.
"Although patching is an essential part of vulnerability
management to mitigate risk, there are some use cases where it
isn't possible, or doing so requires outages or downtime that can
impact operations. In some cases, such as new exploits or zero-day
vulnerabilities, a patch may not even be available," said
Melinda Marks, practice director,
cybersecurity, at Enterprise Strategy Group. "Now with TruRisk
Eliminate, Qualys augments its vulnerability management
capabilities with an innovative solution to efficiently mitigate
risk with patchless approaches to remediating vulnerabilities,
helping security teams better align with and support business
operations."
Qualys TruRisk Eliminate equips security and IT teams with
powerful tools to enhance cybersecurity resilience by addressing
critical vulnerabilities with or without deploying a patch. This
solution reduces friction in current processes, enabling CISOs and
CIOs to effectively reduce risk through patch management,
configuration changes, mitigation, and targeted isolation. As a
result, organizations can significantly lower their vulnerability
exposure and streamline their response to cyber threats. TruRisk
Eliminate provides more flexibility and options tailored to an
organization's unique operational needs, remediation timelines, and
business objectives.
Qualys TruRisk Eliminate offers the industry's most
comprehensive risk reduction capabilities, enabling teams to
proactively mitigate nearly 100% of CISA Known Exploited
Vulnerabilities (KEV) and ransomware vulnerabilities, both with and
without patching. This approach balances business continuity with
risk reduction by:
- Mitigating and Isolating the Risk Without Patching or
Rebooting
- TruRisk Mitigate - Deploys advanced risk mitigation
controls based on the recommendations of vendors, CISA, and the
Qualys Threat Research Unit. It empowers businesses to swiftly
implement configuration changes via advanced scripting for Linux
and Windows, ensuring robust protection even when patches are
unavailable.
- TruRisk Isolate - Empowers teams to proactively
quarantine risky assets to prevent security incidents from
spreading within the network. It helps security and IT teams manage
risk proactively instead of relying on the reactionary EDR approach
of quarantining assets post-incidents.
- Integrating with IT Operations and Ticketing
Workflows
Reduces risk and mean time to remediate by
leveraging out-of-the-box integrations with ITSM tools like
ServiceNow and JIRA along with dynamic vulnerability and asset
tagging. This approach drives patching, mitigation, and isolation
directly through IT operations processes and solutions in a
controlled manner that is fully integrated with Qualys
Vulnerability Management, Detection and Response (VMDR) and Patch
Management.
- Offering Rule-based Workflow Orchestration
With the
integrated Qualys Qflow capability, teams save valuable time and
resources. This feature automates complex, multi-decision risk
remediation tasks, such as executing mitigations for CISA KEVs when
patches are unavailable and only un-quarantining high-risk assets
upon closing of vulnerabilities.
"Five years ago, Qualys disrupted the vulnerability management
space with integrated patch management to help organizations
streamline and accelerate threat remediation. Now, we're taking the
next step with TruRisk Eliminate, offering businesses innovative
ways to mitigate risk even when patching isn't an option," said
Sumedh Thakar, president and CEO of
Qualys. "With TruRisk Eliminate, we provide enterprises with peace
of mind through powerful solutions that address their most pressing
threats and ultimately de-risk their businesses."
Availability
TruRisk Eliminate will be available in
September. To see Qualys TruRisk Eliminate in action, visit Qualys
at Black Hat (Booth #1320). Learn more at the Cyber Risk Series: To
Be or Not to Be, Patch is the Question on July 31. Sign up to be notified when TruRisk
Eliminate is available at qualys.com/forms/trurisk-eliminate.
Additional Resources
- Read our blog post, Qualys Announces TruRisk Eliminate to
Augment Patching
- Register for the July 31 Qualys
Cyber Risk Series virtual conference on patch management
- Be among the first to be notified when TruRisk Eliminate is
available by registering here
- Follow Qualys on LinkedIn and X
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive
cloud-based security, compliance and IT solutions with more than
10,000 subscription customers worldwide, including a majority of
the Forbes Global 100 and Fortune 100. Qualys helps organizations
streamline and automate their security and compliance solutions
onto a single platform for greater agility, better business
outcomes, and substantial cost savings.
The Qualys Enterprise TruRisk Platform leverages a single agent
to continuously deliver critical security intelligence while
enabling enterprises to automate the full spectrum of vulnerability
detection, compliance, and protection for IT systems, workloads and
web applications across on premises, endpoints, servers, public and
private clouds, containers, and mobile devices. Founded in 1999 as
one of the first SaaS security companies, Qualys has strategic
partnerships and seamlessly integrates its vulnerability management
capabilities into security offerings from cloud service providers,
including Oracle Cloud Infrastructure, Amazon Web Services, the
Google Cloud Platform and Microsoft Azure, along with a number of
leading managed service providers and global consulting
organizations. For more information, please visit
http://www.qualys.com.
Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are
proprietary trademarks of Qualys, Inc. All other products or names
may be trademarks of their respective companies.
Media Contact:
Tami Casey
Qualys
Media@Qualys.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/qualys-expands-trurisk-eliminate-platform-empowering-organizations-to-mitigate-cyber-risk-without-patching-302209903.html
SOURCE Qualys, Inc.