Within the digital transformation period, each group develops its personal software program to run its enterprise. This primary-party, or company-developed, software program typically lacks the disciplined vulnerability and configuration administration practices used for third-party software program. Research have proven that over 90% of first-party software program consists of open supply parts whereas greater than 40% have excessive dangers resembling exploitable vulnerabilities. As we speak, software and safety operations groups depend on handbook checks or siloed scripts to judge the safety of first-party software program, leading to ad-hoc safety evaluation that impedes the power to prioritize and remediate threat successfully. Moreover, conventional vulnerability evaluation or software program composition evaluation instruments don’t detect the presence of embedded open supply packages throughout the manufacturing surroundings. In consequence, safety groups face challenges in comprehending the true threat, notably in safety breaches just like the Log4J incident.
The brand new Qualys resolution allows organizations to carry their very own detection and remediation scripts created utilizing well-liked languages like PowerShell and Python to Qualys Vulnerability Administration, Detection and Response (VMDR) as Qualys ID (QIDs), which the Qualys Cloud Agent executes in a safe and managed method. Qualys TruRisk then detects and prioritizes the findings in the identical workflow and reporting as used for the third-party software program findings. This empowers software and safety groups to leverage their very own detections to establish delicate content material, assess crucial course of and software statuses, tag property primarily based on delicate or PII information presence, and mitigate dangers related to crucial vulnerabilities like Log4J by configuring file parameters or addressing Follina by modifying GPOs/registry settings to effectively handle the chance arising from each first and third-party sources.
“In our complicated enterprise surroundings, we have typically encountered conditions the place our safety wants surpassed the capabilities of off-the-shelf software program,” stated Gabriel Julián Carrera, CISO at OSDE. “Consequently, we have resorted to pulling collectively impartial scripts to realize the assessments our distinctive homegrown options require. Qualys’ new providing eliminates this fragmented method by seamlessly integrating our proprietary assessments and business instruments into one unified Qualys TruRisk Platform saving us time and serving to us keep forward of potential attackers.”
The brand new Qualys platform capabilities permit groups to:
Simply Construct Your Personal Signatures: Create Qualys Detections (QIDs) and remediations primarily based by yourself logic or scripts leveraging main scripting languages resembling Python, PowerShell and others. These detections combine instantly into VMDR workflows and TruRisk scoring, serving to SecOps groups unify and handle threat throughout first and third-party purposes of their surroundings.
Proactively Detect, Handle and Cut back Provide Chain Dangers: Get steady, real-time visibility into deeply embedded open supply software program packages, resembling Log4J, openSSL and business software program parts leveraging the Qualys Cloud Agent. Qualys TruRisk then prioritizes and correlates the knowledge primarily based on information from over 25 risk feeds and the asset’s enterprise criticality. This data permits safety groups to quickly mitigate the chance of high-profile safety points resembling zero-day threats and Log4J outbreaks by crafting customized detection and responses.
Successfully Talk Danger with Unified Reporting and Dashboarding: With native integration to VMDR workflows, successfully talk the unified view of threat in first and third-party software program to the correct stakeholders through real-time dashboards and studies. Integration with ticketing techniques resembling ServiceNow and JIRA allows the automated assigning of detailed remediation tickets to the correct house owners via a typical view to shortly shut tickets and scale back threat.
“First-party purposes, being proprietary, typically lack sufficient threat detection, prioritization and remediation assist from scanning instruments,” stated Sumedh Thakar, president and CEO of Qualys. “Our first-in trade capabilities allow organizations to leverage the Qualys platform’s capabilities, figuring out and analyzing each first-party and third-party software program dangers to develop an general TruRisk rating for a complete view of the group’s general threat.”
Availability – Go to us at Black Hat USA
Enhancements to the Qualys Cloud Platform, together with Customized Assessments and Remediation through VMDR integrations, might be obtainable by the tip of August. To enroll in a free trial, go to www.qualys.com/kinds/vmdr. Be taught extra by studying the First-Social gathering Software program Danger Administration weblog or registering for our webinar.
To see our ground-breaking first-party resolution in motion and discover ways to Get Extra Safety with all our trade main options, go to us at Black Hat USA, sales space 1320.
Further Sources
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and main supplier of disruptive cloud-based safety, compliance and IT options with greater than 10,000 subscription prospects worldwide, together with a majority of the Forbes International 100 and Fortune 100. Qualys helps organizations streamline and automate their safety and compliance options onto a single platform for larger agility, higher enterprise outcomes, and substantial price financial savings.
The Qualys Cloud Platform leverages a single agent to constantly ship crucial safety intelligence whereas enabling enterprises to automate the complete spectrum of vulnerability detection, compliance, and safety for IT techniques, workloads and net purposes throughout on premises, endpoints, servers, private and non-private clouds, containers, and cellular units. Based in 1999 as one of many first SaaS safety corporations, Qualys has strategic partnerships and seamlessly integrates its vulnerability administration capabilities into safety choices from cloud service suppliers, together with Amazon Internet Companies, the Google Cloud Platform and Microsoft Azure, together with various main managed service suppliers and world consulting organizations. For extra data, please go to http://www.qualys.com.
Qualys, Qualys VMDR® and the Qualys emblem are proprietary emblems of Qualys, Inc. All different merchandise or names could also be emblems of their respective corporations.
