Many companies operate multiple security tools at the same time. Evaluating data from different sources to classify cyber risks and eliminate vulnerabilities is a challenge.
At the Qualys Security Conference (QSC) 2023, Qualys introduced its new Enterprise TruRisk platform. The Qualys Enterprise TruRisk platform aggregates cyber risk evidence from a variety of disparate data sources and correlates them using the holistic TruRisk risk scoring framework to provide measurable risk intelligence. This gives users a central tool to measure, communicate and eliminate their cyber risks with precise remedial measures.
Identify and eliminate weak points
The platform not only offers powerful security solutions for attack surface management, vulnerability management and vulnerability remediation, but also enables better orchestration of all of these solutions. It offers the opportunity to identify, prioritize and actively eliminate cyber risks more effectively.
Enterprise security leaders understand the negative impact that inconsistent cyber risk assessment methods and siled, point-based security solutions have on the organizations they are tasked with protecting. Companies lack a reliable means to aggregate, correlate, and translate the cyber signals from a growing security stack into meaningful strategies to minimize and remediate cyber risks.
Companies have over 60 security tools
Since launching Qualys Vulnerability Detection Management and Response (VMDR) in 2019, Qualys has brought a number of innovative cybersecurity solutions to market. These include CyberSecurity Asset Management (CSAM) with External Attack Surface Management, Custom Assessment and Remediation (CAR), VMDR 2.0 with TruRisk and TotalCloud with TruRisk Insights. As a comprehensive platform, the software enables end-to-end asset management and comprehensive coverage of all security needs, thanks to a holistic view of risk using a single agent and a single, scalable solution.
Today, security leaders must also measure and communicate cyber risks in the form of key performance indicators (KPIs) that show the business impact of vulnerabilities, threats and risk posture in real time. But that is easier said than done. With an average inventory of more than 60 security tools per organization, security leaders must navigate a maze of risk data managed by different teams to calculate, describe and remediate cyber risks across their extended infrastructure.
Incorrect risk classification of vulnerabilities
Last year, the Qualys Threat Research Unit conducted more than 2,6 billion vulnerability scans on 60 million assets, with 2,1 billion receiving CVSS critical or high ratings. However, contextual analysis using the Qualys TruRisk Engine showed that only 603 million of these “critical” or “high” CVSS results were truly high risk – less than a third. Conversely, security researchers at Qualys found that these scans classified 87 million vulnerabilities as “low” or “medium” risk issues according to CVSS, while TruRisk showed that the risk was “high” or “critical.” This clearly shows how imprecise and dangerous it is to rely solely on the CVSS to measure and prioritize cyber risks.
The Qualys Enterprise TruRisk platform enables:
- Measure cyber risk – The platform aggregates all cyber risk and risk factor data provided by Qualys and third-party solutions.
- Communicate cyber risk – The platform translates disparate cyber risk data into consistent, actionable insights and business impact metrics for key security and business risk stakeholders.
- Eliminate cyber risks – The platform reduces cyber risks across the extended enterprise with precise actions to contain and remediate existing problems.
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of breakthrough cloud-based security, compliance and IT solutions with more than 10.000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys empowers enterprises help streamline and automate their security and compliance solutions on a single platform to deliver greater flexibility, better business outcomes and significant cost savings.