Within the digital transformation period, each group develops its personal software program to run its enterprise. This primary-party, or company-developed, software program typically lacks the disciplined vulnerability and configuration administration practices used for third-party software program. Research have proven that over 90% of first-party software program contains open supply parts whereas greater than 40% have excessive dangers comparable to exploitable vulnerabilities. At this time, software and safety operations groups depend on guide checks or siloed scripts to judge the safety of first-party software program, leading to ad-hoc safety evaluation that impedes the flexibility to prioritize and remediate threat successfully. Moreover, conventional vulnerability evaluation or software program composition evaluation instruments don’t detect the presence of embedded open supply packages throughout the manufacturing surroundings. Because of this, safety groups face challenges in comprehending the true threat, notably in safety breaches just like the Log4J incident.
The brand new Qualys resolution permits organizations to deliver their very own detection and remediation scripts created utilizing fashionable languages like PowerShell and Python to Qualys Vulnerability Administration, Detection and Response (VMDR) as Qualys ID (QIDs), which the Qualys Cloud Agent executes in a safe and managed method. Qualys TruRisk then detects and prioritizes the findings in the identical workflow and reporting as used for the third-party software program findings. This empowers software and safety groups to leverage their very own detections to establish delicate content material, assess crucial course of and software statuses, tag property based mostly on delicate or PII information presence, and mitigate dangers related to crucial vulnerabilities like Log4J by configuring file parameters or addressing Follina by modifying GPOs/registry settings to effectively handle the danger arising from each first and third-party sources.
“In our advanced enterprise surroundings, we have typically encountered conditions the place our safety wants surpassed the capabilities of off-the-shelf software program,” stated Gabriel Julián Carrera, CISO at OSDE. “Consequently, we have resorted to pulling collectively unbiased scripts to realize the assessments our distinctive homegrown options require. Qualys’ new providing eliminates this fragmented method by seamlessly integrating our proprietary assessments and business instruments into one unified Qualys TruRisk Platform saving us time and serving to us keep forward of potential attackers.”
The brand new Qualys platform capabilities permit groups to:
Simply Construct Your Personal Signatures: Create Qualys Detections (QIDs) and remediations based mostly by yourself logic or scripts leveraging main scripting languages comparable to Python, PowerShell and others. These detections combine straight into VMDR workflows and TruRisk scoring, serving to SecOps groups unify and handle threat throughout first and third-party functions of their surroundings.
Proactively Detect, Handle and Scale back Provide Chain Dangers: Get steady, real-time visibility into deeply embedded open supply software program packages, comparable to Log4J, openSSL and business software program parts leveraging the Qualys Cloud Agent. Qualys TruRisk then prioritizes and correlates the data based mostly on information from over 25 risk feeds and the asset’s enterprise criticality. This info permits safety groups to quickly mitigate the danger of high-profile safety points comparable to zero-day threats and Log4J outbreaks by crafting customized detection and responses.
Successfully Talk Danger with Unified Reporting and Dashboarding: With native integration to VMDR workflows, successfully talk the unified view of threat in first and third-party software program to the correct stakeholders through real-time dashboards and experiences. Integration with ticketing programs comparable to ServiceNow and JIRA permits the automated assigning of detailed remediation tickets to the correct house owners by a standard view to rapidly shut tickets and scale back threat.
“First-party functions, being proprietary, typically lack satisfactory threat detection, prioritization and remediation assist from scanning instruments,” stated Sumedh Thakar, president and CEO of Qualys. “Our first-in business capabilities allow organizations to leverage the Qualys platform’s capabilities, figuring out and analyzing each first-party and third-party software program dangers to develop an total TruRisk rating for a complete view of the group’s total threat.”
Availability – Go to us at Black Hat USA
Enhancements to the Qualys Cloud Platform, together with Customized Assessments and Remediation through VMDR integrations, will probably be obtainable by the top of August. To enroll in a free trial, go to www.qualys.com/types/vmdr. Study extra by studying the First-Get together Software program Danger Administration weblog or registering for our webinar.
To see our ground-breaking first-party resolution in motion and learn to Get Extra Safety with all our business main options, go to us at Black Hat USA, sales space 1320.
Further Sources
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and main supplier of disruptive cloud-based safety, compliance and IT options with greater than 10,000 subscription clients worldwide, together with a majority of the Forbes International 100 and Fortune 100. Qualys helps organizations streamline and automate their safety and compliance options onto a single platform for larger agility, higher enterprise outcomes, and substantial value financial savings.
The Qualys Cloud Platform leverages a single agent to constantly ship crucial safety intelligence whereas enabling enterprises to automate the total spectrum of vulnerability detection, compliance, and safety for IT programs, workloads and net functions throughout on premises, endpoints, servers, private and non-private clouds, containers, and cellular gadgets. Based in 1999 as one of many first SaaS safety firms, Qualys has strategic partnerships and seamlessly integrates its vulnerability administration capabilities into safety choices from cloud service suppliers, together with Amazon Internet Companies, the Google Cloud Platform and Microsoft Azure, together with various main managed service suppliers and international consulting organizations. For extra info, please go to http://www.qualys.com.
Qualys, Qualys VMDR® and the Qualys brand are proprietary logos of Qualys, Inc. All different merchandise or names could also be logos of their respective firms.
