Within the digital transformation period, each group develops its personal software program to run its enterprise. This primary-party, or company-developed, software program typically lacks the disciplined vulnerability and configuration administration practices used for third-party software program. Research have proven that over 90% of first-party software program contains open supply parts whereas greater than 40% have excessive dangers corresponding to exploitable vulnerabilities. In the present day, utility and safety operations groups depend on handbook checks or siloed scripts to guage the safety of first-party software program, leading to ad-hoc safety evaluation that impedes the power to prioritize and remediate threat successfully. Moreover, conventional vulnerability evaluation or software program composition evaluation instruments don’t detect the presence of embedded open supply packages throughout the manufacturing setting. Consequently, safety groups face challenges in comprehending the true threat, notably in safety breaches just like the Log4J incident.
The brand new Qualys answer allows organizations to deliver their very own detection and remediation scripts created utilizing well-liked languages like PowerShell and Python to Qualys Vulnerability Administration, Detection and Response (VMDR) as Qualys ID (QIDs), which the Qualys Cloud Agent executes in a safe and managed method. Qualys TruRisk then detects and prioritizes the findings in the identical workflow and reporting as used for the third-party software program findings. This empowers utility and safety groups to leverage their very own detections to determine delicate content material, assess vital course of and utility statuses, tag belongings primarily based on delicate or PII information presence, and mitigate dangers related to vital vulnerabilities like Log4J by configuring file parameters or addressing Follina by modifying GPOs/registry settings to effectively handle the danger arising from each first and third-party sources.
“In our complicated enterprise setting, we have typically encountered conditions the place our safety wants surpassed the capabilities of off-the-shelf software program,” mentioned Gabriel Julián Carrera, CISO at OSDE. “Consequently, we have resorted to pulling collectively impartial scripts to attain the assessments our distinctive homegrown options require. Qualys’ new providing eliminates this fragmented strategy by seamlessly integrating our proprietary assessments and business instruments into one unified Qualys TruRisk Platform saving us time and serving to us keep forward of potential attackers.”
The brand new Qualys platform capabilities enable groups to:
Simply Construct Your Personal Signatures: Create Qualys Detections (QIDs) and remediations primarily based by yourself logic or scripts leveraging main scripting languages corresponding to Python, PowerShell and others. These detections combine immediately into VMDR workflows and TruRisk scoring, serving to SecOps groups unify and handle threat throughout first and third-party functions of their setting.
Proactively Detect, Handle and Scale back Provide Chain Dangers: Get steady, real-time visibility into deeply embedded open supply software program packages, corresponding to Log4J, openSSL and business software program parts leveraging the Qualys Cloud Agent. Qualys TruRisk then prioritizes and correlates the data primarily based on information from over 25 risk feeds and the asset’s enterprise criticality. This info permits safety groups to quickly mitigate the danger of high-profile safety points corresponding to zero-day threats and Log4J outbreaks by crafting customized detection and responses.
Successfully Talk Danger with Unified Reporting and Dashboarding: With native integration to VMDR workflows, successfully talk the unified view of threat in first and third-party software program to the fitting stakeholders through real-time dashboards and experiences. Integration with ticketing programs corresponding to ServiceNow and JIRA allows the automated assigning of detailed remediation tickets to the fitting homeowners by means of a standard view to rapidly shut tickets and cut back threat.
“First-party functions, being proprietary, typically lack sufficient threat detection, prioritization and remediation assist from scanning instruments,” mentioned Sumedh Thakar, president and CEO of Qualys. “Our first-in business capabilities allow organizations to leverage the Qualys platform’s capabilities, figuring out and analyzing each first-party and third-party software program dangers to develop an general TruRisk rating for a complete view of the group’s general threat.”
Availability – Go to us at Black Hat USA
Enhancements to the Qualys Cloud Platform, together with Customized Assessments and Remediation through VMDR integrations, might be out there by the top of August. To enroll in a free trial, go to www.qualys.com/varieties/vmdr. Study extra by studying the First-Social gathering Software program Danger Administration weblog or registering for our webinar.
To see our ground-breaking first-party answer in motion and discover ways to Get Extra Safety with all our business main options, go to us at Black Hat USA, sales space 1320.
Further Sources
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and main supplier of disruptive cloud-based safety, compliance and IT options with greater than 10,000 subscription clients worldwide, together with a majority of the Forbes International 100 and Fortune 100. Qualys helps organizations streamline and automate their safety and compliance options onto a single platform for better agility, higher enterprise outcomes, and substantial price financial savings.
The Qualys Cloud Platform leverages a single agent to repeatedly ship vital safety intelligence whereas enabling enterprises to automate the total spectrum of vulnerability detection, compliance, and safety for IT programs, workloads and net functions throughout on premises, endpoints, servers, private and non-private clouds, containers, and cell gadgets. Based in 1999 as one of many first SaaS safety firms, Qualys has strategic partnerships and seamlessly integrates its vulnerability administration capabilities into safety choices from cloud service suppliers, together with Amazon Net Companies, the Google Cloud Platform and Microsoft Azure, together with quite a few main managed service suppliers and world consulting organizations. For extra info, please go to http://www.qualys.com.
Qualys, Qualys VMDR® and the Qualys brand are proprietary logos of Qualys, Inc. All different merchandise or names could also be logos of their respective firms.
