Qualys Unveils TotalAppSec: New Comprehensive Application Risk Management Solution
Qualys (NASDAQ: QLYS) has announced TotalAppSec, a new AI-powered application risk management solution launching in Q1 2025. The platform integrates API security, web application scanning, and AI-driven malware detection into a unified solution for monitoring and mitigating cyber risks across on-premises, hybrid, and multi-cloud environments.
TotalAppSec leverages the Qualys Enterprise TruRisk™ Platform to discover known, unknown, and shadow web applications and APIs, detect critical vulnerabilities including OWASP Top 10, and utilize deep learning algorithms for malware detection. The solution addresses the growing security challenges highlighted in the 2024 Verizon DBIR Report, which indicates web applications as the primary entry point for breaches, with 68% involving human elements and 32% utilizing ransomware attacks.
Key features include auto-discovery of applications and APIs, risk-based prioritization using Qualys TruRisk™, AI-powered scanning, and seamless integration with CI/CD pipelines and ITSM systems like ServiceNow and JIRA.
Qualys (NASDAQ: QLYS) ha annunciato TotalAppSec, una nuova soluzione di gestione del rischio delle applicazioni alimentata dall'IA, che sarà lanciata nel primo trimestre del 2025. La piattaforma integra la sicurezza delle API, la scansione delle applicazioni web e la rilevazione di malware guidata dall'IA in un'unica soluzione per monitorare e mitigare i rischi informatici in ambienti on-premises, ibridi e multi-cloud.
TotalAppSec sfrutta la Qualys Enterprise TruRisk™ Platform per scoprire applicazioni e API note, sconosciute e shadow web, rilevare vulnerabilità critiche comprese nella OWASP Top 10 e utilizzare algoritmi di deep learning per la rilevazione di malware. La soluzione affronta le crescenti sfide di sicurezza evidenziate nel Rapporto DBIR 2024 di Verizon, che indica le applicazioni web come il principale punto d'ingresso per le violazioni, con il 68% che coinvolge elementi umani e il 32% che utilizza attacchi ransomware.
Le caratteristiche principali includono la scoperta automatica di applicazioni e API, la prioritizzazione basata sul rischio utilizzando Qualys TruRisk™, la scansione alimentata dall'IA e l'integrazione fluida con pipeline CI/CD e sistemi ITSM come ServiceNow e JIRA.
Qualys (NASDAQ: QLYS) ha anunciado TotalAppSec, una nueva solución de gestión de riesgos de aplicaciones impulsada por IA que se lanzará en el primer trimestre de 2025. La plataforma integra la seguridad de APIs, el escaneo de aplicaciones web y la detección de malware impulsada por IA en una solución unificada para monitorear y mitigar los riesgos cibernéticos en entornos on-premises, híbridos y multi-nube.
TotalAppSec aprovecha la Qualys Enterprise TruRisk™ Platform para descubrir aplicaciones y APIs conocidas, desconocidas y de la web oscura, detectar vulnerabilidades críticas, incluyendo las 10 principales de OWASP, y utilizar algoritmos de aprendizaje profundo para la detección de malware. La solución aborda los crecientes desafíos de seguridad resaltados en el Informe DBIR 2024 de Verizon, que indica que las aplicaciones web son el principal punto de entrada para las violaciones, con un 68% involucrando elementos humanos y un 32% utilizando ataques de ransomware.
Las características clave incluyen el descubrimiento automático de aplicaciones y APIs, la priorización basada en riesgos utilizando Qualys TruRisk™, escaneo impulsado por IA y una integración fluida con pipelines de CI/CD y sistemas ITSM como ServiceNow y JIRA.
Qualys (NASDAQ: QLYS)는 2025년 1분기에 출시될 새로운 AI 기반 애플리케이션 위험 관리 솔루션인 TotalAppSec를 발표했습니다. 이 플랫폼은 API 보안, 웹 애플리케이션 스캐닝, AI 기반 악성코드 탐지를 통합하여 온프레미스, 하이브리드 및 다중 클라우드 환경 전반에서 사이버 위험을 모니터링하고 완화하기 위한 통합 솔루션을 제공합니다.
TotalAppSec는 Qualys Enterprise TruRisk™ Platform을 활용하여 알려진, 미지의 및 그림자 웹 애플리케이션과 API를 발견하고, OWASP Top 10을 포함한 심각한 취약점을 탐지하며, 악성코드 탐지를 위한 딥 러닝 알고리즘을 사용합니다. 이 솔루션은 Verizon의 2024년 DBIR 보고서에서 강조된 증가하는 보안 문제를 해결하며, 웹 애플리케이션이 침해의 주요 진입점으로 지목되고 있습니다. 이 중 68%는 인간 요소와 관련이 있고, 32%는 랜섬웨어 공격을 이용하고 있습니다.
주요 기능으로는 애플리케이션 및 API의 자동 발견, Qualys TruRisk™를 이용한 위험 기반 우선 순위 지정, AI 기반 스캐닝 및 ServiceNow 및 JIRA와 같은 ITSM 시스템과의 원활한 통합이 포함됩니다.
Qualys (NASDAQ: QLYS) a annoncé TotalAppSec, une nouvelle solution de gestion des risques d'application alimentée par l'IA, qui sera lancée au premier trimestre 2025. La plateforme intègre la sécurité des API, la numérisation des applications web et la détection de logiciels malveillants pilotée par IA dans une solution unifiée pour surveiller et atténuer les risques cybernétiques dans des environnements sur site, hybrides et multi-cloud.
TotalAppSec exploite la Qualys Enterprise TruRisk™ Platform pour découvrir des applications et des API connues, inconnues et du web caché, détecter des vulnérabilités critiques, y compris celles des 10 principales d'OWASP, et utiliser des algorithmes d'apprentissage profond pour la détection des logiciels malveillants. La solution répond aux défis de sécurité croissants soulignés dans le rapport DBIR 2024 de Verizon, qui indique que les applications web sont le principal point d'entrée des violations, 68 % impliquant des éléments humains et 32 % utilisant des attaques par ransomware.
Les caractéristiques principales incluent la découverte automatique des applications et des API, la priorisation basée sur le risque à l'aide de Qualys TruRisk™, la numérisation pilotée par l'IA et l'intégration fluide avec les pipelines CI/CD et les systèmes ITSM tels que ServiceNow et JIRA.
Qualys (NASDAQ: QLYS) hat TotalAppSec angekündigt, eine neue KI-gestützte Lösung zur Verwaltung von Anwendungsrisiken, die im ersten Quartal 2025 auf den Markt kommt. Die Plattform integriert API-Sicherheit, das Scannen von Webanwendungen und KI-gesteuerte Malware-Erkennung in eine einheitliche Lösung zur Überwachung und Minderung von Cyber-Risiken in On-Premises-, Hybrid- und Multi-Cloud-Umgebungen.
TotalAppSec nutzt die Qualys Enterprise TruRisk™ Platform, um bekannte, unbekannte und Schattenweb-Anwendungen sowie APIs zu entdecken, kritische Schwachstellen einschließlich der OWASP Top 10 zu erkennen und Deep-Learning-Algorithmen zur Malware-Erkennung anzuwenden. Die Lösung geht auf die wachsenden Sicherheitsherausforderungen ein, die im 2024 Verizon DBIR Bericht hervorgehoben wurden, der angibt, dass Webanwendungen der primäre Einstiegspunkt für Sicherheitsverletzungen darstellen, wobei 68% menschliche Elemente und 32% Ransomware-Angriffe umfassen.
Zu den wichtigsten Funktionen gehören die automatische Entdeckung von Anwendungen und APIs, risikobasierte Priorisierung mit Qualys TruRisk™, KI-gestütztes Scannen und nahtlose Integration in CI/CD-Pipelines und ITSM-Systeme wie ServiceNow und JIRA.
- Launch of comprehensive AI-powered security solution addressing critical market needs
- Integration with existing enterprise systems (ServiceNow, JIRA) for streamlined workflow
- Addresses growing security threats identified in 2024 Verizon DBIR Report
- Unified platform approach reducing operational complexity
- Product not available until Q1 2025
- Requires existing customers to upgrade systems
Insights
The launch of TotalAppSec marks a strategically significant product expansion for Qualys, directly addressing the $4.4 billion application security market. The solution's unified approach to application security represents a potential game-changer in three key aspects:
1. Market Positioning & Revenue Potential: By consolidating multiple security functions into a single platform, Qualys is positioning itself to capture a larger share of enterprise security budgets. The solution's integration with existing Qualys products (VMDR, EASM, TotalCloud) creates strong cross-selling opportunities and potential for increased customer retention.
2. Technological Moat: The integration of AI-powered scanning and deep learning-based malware detection, combined with Qualys's existing cloud infrastructure, creates significant barriers to entry. The proprietary TruRisk scoring system adds another layer of differentiation that competitors will find challenging to replicate.
3. Enterprise Value Proposition: The solution addresses critical pain points in enterprise security: fragmented toolsets, visibility gaps and resource-intensive manual processes. The automation capabilities and integration with popular enterprise tools (ServiceNow, JIRA) significantly enhance operational efficiency.
From an investment perspective, this launch could drive meaningful revenue growth through:
- Expansion of average contract value with existing customers
- Attraction of new enterprise customers seeking consolidated security solutions
- Recurring revenue streams from subscription-based pricing
However, success will depend on execution, particularly in terms of customer adoption rates and the effectiveness of the AI/ML capabilities in real-world scenarios. The Q1 2025 availability provides a near-term catalyst for potential revenue impact.
TotalAppSec integrates API security, web application scanning, and AI-driven malware detection into single risk-based approach
Web applications and APIs have reshaped the digital landscape and significantly contribute to enterprise risk. According to the 2024 Verizon DBIR Report, web applications remain the top entry point for breaches—with
"Enterprises are increasingly prioritizing the security of web applications and APIs as threats grow in complexity. Safeguarding these assets is now a fundamental requirement for maintaining trust and operational resilience," said Katie Norton, research manager, DevSecOps and Software Supply Chain Security at IDC. "Solutions like Qualys TotalAppSec can help break down organizational silos between infrastructure, web applications, and API risk, providing the context and visibility security teams need to collaborate effectively. By delivering a holistic view of application security, teams can prioritize the most critical threats and take decisive action to mitigate risk more efficiently."
Qualys TotalAppSec leverages the power of the Qualys Enterprise TruRisk™ Platform. It enables security teams to discover known, unknown, and shadow web applications and APIs for comprehensive visibility. TotalAppSec detects critical vulnerabilities including the OWASP Top 10 for web applications and OWASP API Top 10. Harnessing advanced deep learning algorithms to detect and mitigate sophisticated malware threats, including zero-day exploits, Qualys TotalAppSec delivers unmatched accuracy and resilience against evolving threats. With risk prioritization using Qualys' proprietary TruRisk™ score, integrated CI/CD pipelines and ITSM workflows with ServiceNow and JIRA, the solution automates vulnerability remediation processes, empowering companies to reduce their attack surface and secure web applications and APIs throughout the development lifecycle.
"Qualys TotalAppSec provides clear visibility into inadvertently exposed web applications and APIs, enabling us to proactively mitigate risks," said Beatrice Sirchis, head of application security at IDB Bank. "Its unified platform allows us to secure critical web applications, assess vulnerabilities against prevailing threats and the OWASP Top 10, and seamlessly manage remediation from detection through to resolution. Additionally, the flexible licensing lets us easily switch resources between pre-production and production web applications and API scanning, ensuring we meet our evolving business needs."
By consolidating these robust capabilities into a single, AI-driven platform, Qualys TotalAppSec delivers comprehensive risk management across the entire application portfolio:
- Auto-Discover Every API and Web Application: Identify known, unknown, forgotten, and shadow web applications and APIs across on-premises, multi-cloud, API gateways and containerized environments with seamless integration into Qualys VMDR, EASM, and TotalCloud. This ensures no asset is left unmonitored or exposed. Leveraging AI-powered scanning, the solution optimizes resources while improving detection accuracy.
- Simplify Remediation with Risk-Based Prioritization: Using Qualys TruRisk™, TotalAppSec allows organizations to rank vulnerabilities based on criticality, exploitability, and business impact, enabling teams to address the most significant risks first and streamline remediation efforts.
- Secure Applications from Unknown Vulnerabilities and Malware: Leverage deep learning-based malware detection to discover and defend against hidden vulnerabilities, advanced malware, and zero-day attacks that traditional methods might miss.
- Stay Audit-Ready: Reduce the risk of non-compliance penalties by ensuring ongoing adherence to regulatory standards like PCI-DSS, GDPR, HIPAA, and OpenAPI Specification via continuous compliance monitoring.
- Fast Track Risk Remediation with Real-time Feedback Loop: Leveraging seamless integrations with CI/CD pipelines and ITSM systems, such as ServiceNow and JIRA, organizations will benefit from consolidating vulnerabilities for faster response times and better tracking, mapping tickets to the appropriate remediation owners, and embedding security directly into DevSecOps workflows.
"APIs are the new attack surface for enterprises, growing exponentially as modern web applications rely on an increasing number of them. As organizations increasingly integrate platforms, they need a solution that provides a unified view of all interfaces to measure, communicate, and eliminate their cyber risk arising from these applications," said Sumedh Thakar, president and CEO of Qualys. "TotalAppSec brings together our latest innovations in API security, deep-learning malware detection, and web application security to help security teams understand the business context with risk prioritization so the greatest risks can be addressed first."
Availability
Qualys TotalAppSec will be available in Q1 2025. To find out more, sign up for a free trial, read the blog, or register for our webinar today. Existing Web Application Security (WAS) customers can contact their respective Technical Account Managers (TAMs) to upgrade to TotalAppSec.
Additional Resources
- Read our blog post, "Qualys TotalAppSec Delivers AI-powered Unified Application Risk Management for Modern Web Apps and APIs"
- Sign up for a free trial
- Register for our webinar, "Redefining Application Risk Management for Modern Apps & APIs with Qualys TotalAppSec"
- Follow Qualys on LinkedIn and X
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Oracle Cloud Infrastructure, Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Media Contact:
Rachel Yap Winship
Qualys
Media@Qualys.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/qualys-unveils-totalappsec-new-comprehensive-application-risk-management-solution-302365969.html
SOURCE Qualys, Inc.
FAQ
When will Qualys (QLYS) TotalAppSec be available to customers?
What security features does Qualys TotalAppSec include?
How does Qualys TotalAppSec address the 2024 Verizon DBIR Report findings?
What integration capabilities does Qualys TotalAppSec offer?
How can existing Qualys WAS customers upgrade to TotalAppSec?
