Qualys Announces Ground-Breaking First-Party Software Risk Management Solution
- The new Qualys solution empowers application and security teams to leverage their own detections and remediation scripts, allowing for a more unified and efficient approach to managing risk across first and third-party applications.
- The new platform capabilities enable teams to proactively detect, manage, and reduce supply chain risks, such as Log4J and OpenSSL, and effectively communicate risk with unified reporting and dashboarding.
- Qualys' first-in industry capabilities enable organizations to develop an overall TruRisk score for a comprehensive view of the organization's overall risk, providing a unique and comprehensive solution for application security teams.
- None.
New solution enables application security teams to detect, prioritize and remediate vulnerabilities within company developed software and embedded open source components
In the digital transformation era, every organization develops its own software to run its business. This first-party, or company-developed, software often lacks the disciplined vulnerability and configuration management practices used for third-party software. Studies have shown that over
The new Qualys solution enables organizations to bring their own detection and remediation scripts created using popular languages like PowerShell and Python to Qualys Vulnerability Management, Detection and Response (VMDR) as Qualys ID (QIDs), which the Qualys Cloud Agent executes in a secure and controlled manner. Qualys TruRisk then detects and prioritizes the findings in the same workflow and reporting as used for the third-party software findings. This empowers application and security teams to leverage their own detections to identify sensitive content, assess critical process and application statuses, tag assets based on sensitive or PII data presence, and mitigate risks associated with critical vulnerabilities like Log4J by configuring file parameters or addressing Follina by modifying GPOs/registry settings to efficiently manage the risk arising from both first and third-party sources.
"In our complex enterprise environment, we've often encountered situations where our security needs surpassed the capabilities of off-the-shelf software," said Gabriel Julián Carrera, CISO at OSED. "Consequently, we've resorted to pulling together independent scripts to achieve the assessments our unique homegrown solutions require. Qualys' new offering eliminates this fragmented approach by seamlessly integrating our proprietary assessments and commercial tools into one unified Qualys TruRisk Platform saving us time and helping us stay ahead of potential attackers."
The new Qualys platform capabilities allow teams to:
Easily Build Your Own Signatures: Create Qualys Detections (QIDs) and remediations based on your own logic or scripts leveraging major scripting languages such as Python, PowerShell and others. These detections integrate directly into VMDR workflows and TruRisk scoring, helping SecOps teams unify and manage risk across first and third-party applications in their environment.
Proactively Detect, Manage and Reduce Supply Chain Risks: Get continuous, real-time visibility into deeply embedded open source software packages, such as Log4J, openSSL and commercial software components leveraging the Qualys Cloud Agent. Qualys TruRisk then prioritizes and correlates the information based on data from over 25 threat feeds and the asset's business criticality. This information allows security teams to rapidly mitigate the risk of high-profile security issues such as zero-day threats and Log4J outbreaks by crafting custom detection and responses.
Effectively Communicate Risk with Unified Reporting and Dashboarding: With native integration to VMDR workflows, effectively communicate the unified view of risk in first and third-party software to the right stakeholders via real-time dashboards and reports. Integration with ticketing systems such as ServiceNow and JIRA enables the automatic assigning of detailed remediation tickets to the right owners through a common view to quickly close tickets and reduce risk.
"First-party applications, being proprietary, often lack adequate risk detection, prioritization and remediation support from scanning tools," said Sumedh Thakar, president and CEO of Qualys. "Our first-in industry capabilities enable organizations to leverage the Qualys platform's capabilities, identifying and analyzing both first-party and third-party software risks to develop an overall TruRisk score for a comprehensive view of the organization's overall risk."
Availability – Visit us at Black Hat
Enhancements to the Qualys Cloud Platform, including Custom Assessments and Remediation via VMDR integrations, will be available by the end of August. To sign up for a free trial, visit www.qualys.com/forms/vmdr. Learn more by reading the First-Party Software Risk Management blog or registering for our webinar.
To see our ground-breaking first-party solution in action and learn how to Get More Security with all our industry leading solutions, visit us at Black Hat
Additional Resources
- Learn more about the Qualys First-Party Software Risk Management solution
- Read the First-Party Software Risk Management blog
- Learn more about the Qualys Cloud Platform
- Follow Qualys on LinkedIn and Twitter
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
Qualys, Qualys VMDR® and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Media Contact:
Tami Casey
Qualys
media@qualys.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/qualys-announces-ground-breaking-first-party-software-risk-management-solution-301892409.html
SOURCE Qualys, Inc.
FAQ
What solution did Qualys announce for application security teams?
What languages can be used to create detections and remediation scripts with the new Qualys solution?
When will the enhancements to the Qualys Cloud Platform be available?