Qualys Expands TruRisk Eliminate Platform, Empowering Organizations to Mitigate Cyber Risk Without Patching
Qualys (NASDAQ: QLYS) is expanding its TruRisk Eliminate platform with new solutions: TruRisk Mitigate and Isolate. These complement patch management, helping organizations reduce security risks without always needing to patch. The platform addresses the challenge of 5 million instances of CISA Known At-risk assets that can't be patched.
Key features include:
- Mitigating risks without patching or rebooting
- Isolating risky assets proactively
- Integrating with IT operations and ticketing workflows
- Offering rule-based workflow orchestration
TruRisk Eliminate aims to provide comprehensive risk reduction capabilities, enabling teams to mitigate nearly 100% of CISA Known Exploited Vulnerabilities (KEV) and ransomware vulnerabilities. The solution will be available in September 2024.
Qualys (NASDAQ: QLYS) sta ampliando la sua piattaforma TruRisk Eliminate con nuove soluzioni: TruRisk Mitigate e Isolate. Queste soluzioni completano la gestione delle patch, aiutando le organizzazioni a ridurre i rischi di sicurezza senza dover sempre applicare aggiornamenti. La piattaforma affronta la sfida di 5 milioni di istanze di asset a rischio conosciuti da CISA che non possono essere aggiornati.
Le caratteristiche principali includono:
- Mitigazione dei rischi senza necessità di patch o riavvio
- Isolamento proattivo degli asset rischiosi
- Integrazione con le operazioni IT e flussi di lavoro per la gestione dei ticket
- Offerta di orchestrazione dei flussi di lavoro basata su regole
TruRisk Eliminate mira a fornire capacità complete di riduzione del rischio, consentendo ai team di mitigare quasi il 100% delle vulnerabilità sfruttate conosciute da CISA (KEV) e delle vulnerabilità da ransomware. La soluzione sarà disponibile a settembre 2024.
Qualys (NASDAQ: QLYS) está ampliando su plataforma TruRisk Eliminate con nuevas soluciones: TruRisk Mitigate e Isolate. Estas complementan la gestión de parches, ayudando a las organizaciones a reducir los riesgos de seguridad sin tener que aplicar parches necesariamente. La plataforma enfrenta el desafío de 5 millones de instancias de activos en riesgo conocidos por CISA que no se pueden parchar.
Las características clave incluyen:
- Mitigación de riesgos sin necesidad de parches o reinicios
- Aislamiento proactivo de activos riesgosos
- Integración con operaciones de TI y flujos de trabajo de gestión de tickets
- Ofrecimiento de orquestación de flujos de trabajo basada en reglas
TruRisk Eliminate tiene como objetivo proporcionar capacidades integrales de reducción de riesgos, permitiendo a los equipos mitigar casi el 100% de las vulnerabilidades explotadas conocidas por CISA (KEV) y vulnerabilidades por ransomware. La solución estará disponible en septiembre de 2024.
Qualys (NASDAQ: QLYS)는 새로운 솔루션인 TruRisk Mitigate 및 Isolate로 TruRisk Eliminate 플랫폼을 확장하고 있습니다. 이들은 패치 관리 기능을 보완하여 조직이 항상 패치를 적용하지 않고도 보안 위험을 줄이는 데 도움을 줍니다. 이 플랫폼은 패치할 수 없는 CISA에서 알고 있는 500만 개의 위험 자산 문제를 다룹니다.
주요 기능은 다음과 같습니다:
- 패치나 재부팅 없이 위험을 완화
- 위험 자산을 능동적으로 격리
- IT 운영 및 티켓 관리 워크플로와 통합
- 규칙 기반의 워크플로 오케스트레이션 제공
TruRisk Eliminate는 포괄적인 위험 감소 능력을 제공하여 팀이 CISA에서 알려진 거의 100%의 이용된 취약점(KEV) 및 랜섬웨어 취약점을 완화할 수 있도록 합니다. 이 솔루션은 2024년 9월에 사용할 수 있습니다.
Qualys (NASDAQ: QLYS) élargit sa plateforme TruRisk Eliminate avec de nouvelles solutions : TruRisk Mitigate et Isolate. Celles-ci complètent la gestion des correctifs, aidant les organisations à réduire les risques de sécurité sans avoir à appliquer systématiquement des patchs. La plateforme s'attaque au défi de 5 millions d'instances d'actifs à risque connus par CISA qui ne peuvent pas être patchés.
Les caractéristiques clés incluent :
- Atténuation des risques sans patch ni redémarrage
- Isolation proactive des actifs à risque
- Intégration avec les opérations informatiques et les flux de travail de gestion des tickets
- Offre d'orchestration de flux de travail basée sur des règles
TruRisk Eliminate vise à fournir des capacités complètes de réduction des risques, permettant aux équipes de réduire presque 100 % des vulnérabilités exploitées connues par CISA (KEV) et des vulnérabilités liées aux ransomwares. La solution sera disponible en septembre 2024.
Qualys (NASDAQ: QLYS) erweitert seine TruRisk Eliminate Plattform um neue Lösungen: TruRisk Mitigate und Isolate. Diese ergänzen das Patch-Management und helfen Organisationen, Sicherheitsrisiken zu reduzieren, ohne immer patchen zu müssen. Die Plattform geht der Herausforderung von 5 Millionen Instanzen von CISA-bekannten Risiko-Assets nach, die nicht gepatcht werden können.
Wichtige Funktionen sind:
- Risikominderung ohne Patching oder Neustart
- Proaktives Isolieren riskanter Assets
- Integration mit IT-Operationen und Ticket-Workflows
- Angebot von regelbasiertem Workflow-Orchestrierung
TruRisk Eliminate zielt darauf ab, umfassende Risikominderungsfähigkeiten bereitzustellen, die es Teams ermöglichen, nahezu 100 % der von CISA bekannten ausgenutzten Schwachstellen (KEV) und Ransomware-Schwachstellen zu mindern. Die Lösung wird im September 2024 verfügbar sein.
- Expansion of TruRisk Eliminate platform with new solutions TruRisk Mitigate and Isolate
- Ability to mitigate nearly 100% of CISA Known Exploited Vulnerabilities (KEV) and ransomware vulnerabilities
- Integration with ITSM tools like ServiceNow and JIRA for streamlined operations
- Automated risk remediation tasks through Qualys Qflow capability
- None.
Qualys' introduction of TruRisk Eliminate marks a significant advancement in vulnerability management, addressing a critical gap in cybersecurity practices. The platform's ability to mitigate risks without patching is particularly noteworthy, as it tackles the persistent challenge of unpatched vulnerabilities that often plague organizations.
The solution's focus on the CISA Known Exploited Vulnerabilities (KEV) catalog is crucial, given the five million instances of at-risk assets identified by Qualys' Threat Research Unit. This emphasis aligns with current cybersecurity best practices and regulatory guidance.
TruRisk Eliminate's dual approach of TruRisk Mitigate and TruRisk Isolate offers a comprehensive strategy for risk reduction. The ability to implement configuration changes and quarantine risky assets without patching provides much-needed flexibility for IT teams struggling with operational constraints.
The integration with ITSM tools and the Qflow automation capability are standout features that could significantly reduce mean time to remediate. This streamlined workflow addresses the often-overlooked operational challenges in vulnerability management.
However, while the solution appears promising, its effectiveness will ultimately depend on real-world performance and the ability of organizations to implement it effectively within their existing security frameworks. The September release will be closely watched by the cybersecurity community.
Qualys' TruRisk Eliminate platform represents a paradigm shift in how organizations approach vulnerability management and patch operations. The introduction of "patchless patching" techniques addresses a long-standing pain point for IT teams: the conflict between security needs and operational stability.
The platform's ability to mitigate risks without requiring system reboots is particularly valuable. This feature can significantly reduce downtime and minimize disruptions to critical business operations, which is often a major hurdle in implementing traditional patch management strategies.
The integration with popular ITSM tools like ServiceNow and JIRA is a smart move. It allows for seamless incorporation into existing IT workflows, potentially improving adoption rates and effectiveness. The automated orchestration through Qflow could be a game-changer for resource-strapped IT departments, enabling them to handle complex remediation tasks more efficiently.
However, IT teams should be cautious about over-relying on mitigation strategies as a long-term solution. While these techniques are valuable for immediate risk reduction, they shouldn't completely replace traditional patching where feasible. Organizations will need to strike a balance between these new methods and established patch management practices.
Overall, TruRisk Eliminate appears to offer a promising solution to enhance IT operations' ability to support security initiatives without compromising system stability or business continuity.
New solutions – TruRisk Mitigate and Isolate - compliment patch management helping customers reduce security risk while lowering operational risk with extensive coverage for recent CISA KEV
Patch management is a core capability for remediating vulnerabilities, but it is not always the most viable or only option. Addressing all vulnerabilities is increasingly difficult due to potential business disruptions from patching, the unavailability of patches for zero days, and the limitations of traditional patch management tools that rely solely on agents. The Qualys Threat Research Unit (TRU) identified five million instances of CISA Known At-risk assets that can't be patched present vulnerabilities exploitable by hackers, leading to ransomware and data breaches. Cybersecurity and IT teams need effective mechanisms to mitigate the risks of unpatched vulnerabilities while maintaining business operations.
"Although patching is an essential part of vulnerability management to mitigate risk, there are some use cases where it isn't possible, or doing so requires outages or downtime that can impact operations. In some cases, such as new exploits or zero-day vulnerabilities, a patch may not even be available," said Melinda Marks, practice director, cybersecurity, at Enterprise Strategy Group. "Now with TruRisk Eliminate, Qualys augments its vulnerability management capabilities with an innovative solution to efficiently mitigate risk with patchless approaches to remediating vulnerabilities, helping security teams better align with and support business operations."
Qualys TruRisk Eliminate equips security and IT teams with powerful tools to enhance cybersecurity resilience by addressing critical vulnerabilities with or without deploying a patch. This solution reduces friction in current processes, enabling CISOs and CIOs to effectively reduce risk through patch management, configuration changes, mitigation, and targeted isolation. As a result, organizations can significantly lower their vulnerability exposure and streamline their response to cyber threats. TruRisk Eliminate provides more flexibility and options tailored to an organization's unique operational needs, remediation timelines, and business objectives.
Qualys TruRisk Eliminate offers the industry's most comprehensive risk reduction capabilities, enabling teams to proactively mitigate nearly
- Mitigating and Isolating the Risk Without Patching or Rebooting
- TruRisk Mitigate - Deploys advanced risk mitigation controls based on the recommendations of vendors, CISA, and the Qualys Threat Research Unit. It empowers businesses to swiftly implement configuration changes via advanced scripting for Linux and Windows, ensuring robust protection even when patches are unavailable.
- TruRisk Isolate - Empowers teams to proactively quarantine risky assets to prevent security incidents from spreading within the network. It helps security and IT teams manage risk proactively instead of relying on the reactionary EDR approach of quarantining assets post-incidents.
- Integrating with IT Operations and Ticketing Workflows
Reduces risk and mean time to remediate by leveraging out-of-the-box integrations with ITSM tools like ServiceNow and JIRA along with dynamic vulnerability and asset tagging. This approach drives patching, mitigation, and isolation directly through IT operations processes and solutions in a controlled manner that is fully integrated with Qualys Vulnerability Management, Detection and Response (VMDR) and Patch Management. - Offering Rule-based Workflow Orchestration
With the integrated Qualys Qflow capability, teams save valuable time and resources. This feature automates complex, multi-decision risk remediation tasks, such as executing mitigations for CISA KEVs when patches are unavailable and only un-quarantining high-risk assets upon closing of vulnerabilities.
"Five years ago, Qualys disrupted the vulnerability management space with integrated patch management to help organizations streamline and accelerate threat remediation. Now, we're taking the next step with TruRisk Eliminate, offering businesses innovative ways to mitigate risk even when patching isn't an option," said Sumedh Thakar, president and CEO of Qualys. "With TruRisk Eliminate, we provide enterprises with peace of mind through powerful solutions that address their most pressing threats and ultimately de-risk their businesses."
Availability
TruRisk Eliminate will be available in September. To see Qualys TruRisk Eliminate in action, visit Qualys at Black Hat (Booth #1320). Learn more at the Cyber Risk Series: To Be or Not to Be, Patch is the Question on July 31. Sign up to be notified when TruRisk Eliminate is available at qualys.com/forms/trurisk-eliminate.
Additional Resources
- Read our blog post, Qualys Announces TruRisk Eliminate to Augment Patching
- Register for the July 31 Qualys Cyber Risk Series virtual conference on patch management
- Be among the first to be notified when TruRisk Eliminate is available by registering here
- Follow Qualys on LinkedIn and X
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Oracle Cloud Infrastructure, Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Media Contact:
Tami Casey
Qualys
Media@Qualys.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/qualys-expands-trurisk-eliminate-platform-empowering-organizations-to-mitigate-cyber-risk-without-patching-302209903.html
SOURCE Qualys, Inc.
FAQ
What new solutions is Qualys (QLYS) introducing to its TruRisk Eliminate platform?
When will Qualys (QLYS) TruRisk Eliminate be available?
How many instances of CISA Known At-risk assets did Qualys (QLYS) identify that can't be patched?
What percentage of CISA Known Exploited Vulnerabilities (KEV) can Qualys (QLYS) TruRisk Eliminate mitigate?
