Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

11/25/2019
01:05 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Qualys Brings its Vulnerability Management Solution to the Next Level

Introducing VMDR: Vulnerability Management, Detection, and Response. VMDR delivers a continuous cycle of protection from a single pane of glass with built-in orchestration workflows and real-time vulnerability detection to prioritize, remediate, and audit across hybrid IT environments.

Qualys Security Conference QSC19 – Las Vegas – November 19, 2019 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced its new Vulnerability Management, Detection and Response (VMDR) app to provide customers with one streamlined workflow to scan, investigate, prioritize and neutralize threats.

VMDR is a giant leap forward, helping organizations of all sizes to strengthen their security posture by offering a complete VM workflow that:

  • Enables Vulnerability Management and IT teams complete and continuous visibility of their global IT assets (known and unknown)
  • Identifies vulnerabilities across those assets in real-time
  • Prioritizes remediation using machine learning and context awareness
  • Provides built-in orchestration workflows
  • Allows one-click remediation with full audit tracking

“With VMDR, Qualys integrates highly valued and much-needed asset visibility with vulnerability management so that IT teams can have full visibility of their global IT assets (known and unknown). This provides the ability to identify the exposure of those assets in real-time, and to prioritize remediation by combining real-time threat indicators with asset context to remediate with one click and then audit the process,” said Scott Crawford, research vice president at 451 Research.

“Game-changing VMDR takes vulnerability management to the next level by providing the power to continuously detect vulnerability and misconfigurations across the entire global hybrid IT environment, and respond in real-time to remediate assets that are vulnerable or already compromised from a single platform with built-in orchestration,” said Philippe Courtot, chairman and CEO of Qualys. “Equally important, the new asset-based pricing and its delivery as a single, self-updating app, makes it easier to procure, deploy and manage, drastically reducing the total cost of ownership.”

VMDR bundles Asset Discovery and Inventory, Vulnerability Assessment including Configuration Controls, Prioritization, Remediation and Audit as a single app. It is effortless to deploy on a global scale, and pricing is on a per asset basis. This pricing makes the app simple to procure as a fully bundled solution, drastically saving deployment, administration and software subscription costs with real-time, light-weight Cloud Agents and Virtual Scanners that are easy to deploy and self-updating.

VMDR brings the vulnerability management category to the next level with a single app and built-in workflows that provide:

Automated Asset Identification and Categorization
Knowing what’s active in a global hybrid-IT environment is fundamental to security. With Qualys VMDR, customers can automatically discover and categorize known and unknown assets, continuously identify unmanaged assets, and create automated workflows to bring them to a managed state. After the data is collected, customers can instantly query assets and their attributes to get deep visibility including hardware, system configuration, installed software, services, and network connections.

Real-Time Vulnerabilities and Misconfiguration Detection
Qualys VMDR allows customers to automatically detect vulnerabilities and critical misconfigurations per CIS benchmarks, broken down by asset. Misconfigurations that do not have CVEs are a major source of breaches and compliance failures, creating vulnerabilities on the assets that do not have CVEs. Critical vulnerabilities and misconfigurations are continuously identified on the widest range of devices, operating systems, and applications in the industry.

Automated Remediation Prioritization
Qualys VMDR uses real-time threat intelligence and machine learning models to automatically prioritize the highest risk vulnerabilities on the most critical assets. Indicators such as Exploitable, Actively Attacked, High Lateral Movement, etc. are used to bubble up vulnerabilities that are currently at risk while machine learning models help to highlight vulnerabilities that will most likely become severe threats based on attributes of the vulnerability, providing multiple levels of prioritization.

Patch and Remediate at your Fingertips
After prioritizing vulnerabilities by risk, Qualys VMDR also enables rapid, targeted remediation of these vulnerabilities across any size environment by deploying the most relevant superseding patch. Additionally, policy-based, automated recurring jobs keep systems up to date, providing proactive patch management for security and non-security patches that reduce the number of vulnerabilities the operations team has to chase down as part of a remediation cycle.

Confirm and Repeat
With Qualys VMDR, users can close the loop and complete the vulnerability management lifecycle from a single pane of glass with real-time customizable dashboards and widgets, built-in trending and per asset pricing, along with no software to update all of which drastically reduce the total cost of ownership.

Availability
Qualys VMDR will be available in January 2020. Pricing starts at $199 per asset (minimum quantity 32).

Additional Resources

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 12,200 customers and active users in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings.

The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance, and protection for IT systems and web applications on-premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading cloud providers like Amazon Web Services, Microsoft Azure and the Google Cloud Platform, and managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contacts:
Tami Casey
Qualys
(650) 801-6196
[email protected]

Mariah Gauthier
HighwirePR
(415) 963 4174
[email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
CVE-2020-7222
PUBLISHED: 2020-01-18
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (...