Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

11/25/2019
01:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Qualys Brings its Vulnerability Management Solution to the Next Level

Introducing VMDR: Vulnerability Management, Detection, and Response. VMDR delivers a continuous cycle of protection from a single pane of glass with built-in orchestration workflows and real-time vulnerability detection to prioritize, remediate, and audit across hybrid IT environments.

Qualys Security Conference QSC19 – Las Vegas – November 19, 2019 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced its new Vulnerability Management, Detection and Response (VMDR) app to provide customers with one streamlined workflow to scan, investigate, prioritize and neutralize threats.

VMDR is a giant leap forward, helping organizations of all sizes to strengthen their security posture by offering a complete VM workflow that:

  • Enables Vulnerability Management and IT teams complete and continuous visibility of their global IT assets (known and unknown)
  • Identifies vulnerabilities across those assets in real-time
  • Prioritizes remediation using machine learning and context awareness
  • Provides built-in orchestration workflows
  • Allows one-click remediation with full audit tracking

“With VMDR, Qualys integrates highly valued and much-needed asset visibility with vulnerability management so that IT teams can have full visibility of their global IT assets (known and unknown). This provides the ability to identify the exposure of those assets in real-time, and to prioritize remediation by combining real-time threat indicators with asset context to remediate with one click and then audit the process,” said Scott Crawford, research vice president at 451 Research.

“Game-changing VMDR takes vulnerability management to the next level by providing the power to continuously detect vulnerability and misconfigurations across the entire global hybrid IT environment, and respond in real-time to remediate assets that are vulnerable or already compromised from a single platform with built-in orchestration,” said Philippe Courtot, chairman and CEO of Qualys. “Equally important, the new asset-based pricing and its delivery as a single, self-updating app, makes it easier to procure, deploy and manage, drastically reducing the total cost of ownership.”

VMDR bundles Asset Discovery and Inventory, Vulnerability Assessment including Configuration Controls, Prioritization, Remediation and Audit as a single app. It is effortless to deploy on a global scale, and pricing is on a per asset basis. This pricing makes the app simple to procure as a fully bundled solution, drastically saving deployment, administration and software subscription costs with real-time, light-weight Cloud Agents and Virtual Scanners that are easy to deploy and self-updating.

VMDR brings the vulnerability management category to the next level with a single app and built-in workflows that provide:

Automated Asset Identification and Categorization
Knowing what’s active in a global hybrid-IT environment is fundamental to security. With Qualys VMDR, customers can automatically discover and categorize known and unknown assets, continuously identify unmanaged assets, and create automated workflows to bring them to a managed state. After the data is collected, customers can instantly query assets and their attributes to get deep visibility including hardware, system configuration, installed software, services, and network connections.

Real-Time Vulnerabilities and Misconfiguration Detection
Qualys VMDR allows customers to automatically detect vulnerabilities and critical misconfigurations per CIS benchmarks, broken down by asset. Misconfigurations that do not have CVEs are a major source of breaches and compliance failures, creating vulnerabilities on the assets that do not have CVEs. Critical vulnerabilities and misconfigurations are continuously identified on the widest range of devices, operating systems, and applications in the industry.

Automated Remediation Prioritization
Qualys VMDR uses real-time threat intelligence and machine learning models to automatically prioritize the highest risk vulnerabilities on the most critical assets. Indicators such as Exploitable, Actively Attacked, High Lateral Movement, etc. are used to bubble up vulnerabilities that are currently at risk while machine learning models help to highlight vulnerabilities that will most likely become severe threats based on attributes of the vulnerability, providing multiple levels of prioritization.

Patch and Remediate at your Fingertips
After prioritizing vulnerabilities by risk, Qualys VMDR also enables rapid, targeted remediation of these vulnerabilities across any size environment by deploying the most relevant superseding patch. Additionally, policy-based, automated recurring jobs keep systems up to date, providing proactive patch management for security and non-security patches that reduce the number of vulnerabilities the operations team has to chase down as part of a remediation cycle.

Confirm and Repeat
With Qualys VMDR, users can close the loop and complete the vulnerability management lifecycle from a single pane of glass with real-time customizable dashboards and widgets, built-in trending and per asset pricing, along with no software to update all of which drastically reduce the total cost of ownership.

Availability
Qualys VMDR will be available in January 2020. Pricing starts at $199 per asset (minimum quantity 32).

Additional Resources

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 12,200 customers and active users in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings.

The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance, and protection for IT systems and web applications on-premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading cloud providers like Amazon Web Services, Microsoft Azure and the Google Cloud Platform, and managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contacts:
Tami Casey
Qualys
(650) 801-6196
[email protected]

Mariah Gauthier
HighwirePR
(415) 963 4174
[email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there�s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...