Qualys Adds Advanced Remediation Capabilities to Minimise Vulnerability Risk


Update to Qualys Cloud Platform enables organisations to fix asset misconfigurations in addition to patching to achieve comprehensive remediation

Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced it is adding advanced remediation to the Qualys Cloud Platform. The new update enables organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software. The result is improved efficiency by eliminating the need to use multiple products and agents and a more comprehensive approach to remediation.  

Timely and comprehensive remediation of vulnerabilities is critical for maintaining good security hygiene and proactive risk management. Yet, organisations struggle to remediate quickly due to multiple factors including ambiguity between IT and Security on process ownership, especially when the action requires sophistication beyond the deployment of a simple patch. For example, to remediate the Spectre/Meltdown vulnerability, a configuration change is required in addition to deploying the patch. Further, some vulnerabilities need a registry key change without a patch, while others need a proprietary patch or an update to custom software to remediate. The lack of clarity between vulnerability detection logic and potential remediation complexity due to the need for multiple tools increases the struggle IT and security teams face.

“Fully remediating vulnerabilities goes beyond applying patches and can often require multiple tools and approaches based on the type of vulnerability," said Richard Hallade, IT Security Officer of Red Cross Luxembourg. "The new advanced remediation feature allows us to expedite remediation as we can rectify configuration issues and execute advanced patch jobs such as identifying various Windows 10 versions throughout our global environment, all with a single app and agent."

Qualys Patch Management seamlessly integrates with Qualys Vulnerability Management, Detection and Response (VMDR) to remediate vulnerabilities by deploying patches or applying configuration changes on any device regardless of its location. The new remediation feature allows teams to use one application to detect, prioritise and fix vulnerabilities regardless of the remediation method required.

"In this Log4Shell and Pwnkit era, organisations must be extra vigilant and patch weaponised vulnerabilities without delay, which requires efficiency and rapid remediation," said Sumedh Thakar, president and CEO of Qualys. "Qualys Advanced Remediation increases efficiency by using one application to comprehensively remediate vulnerabilities. Regardless of whether they need configuration changes or deployment of scripts and proprietary software patches – eliminating the need to use multiple products and agents to improve response times is a critical success factor in strengthening enterprises’ cyber defenses."

The new capabilities enable organisations to:

Remediate Vulnerabilities Related to Configuration Changes

Teams can patch and update configurations to remediate all Windows-based vulnerabilities from one console and workflow. For example, they can use Qualys to deploy the relevant patches and make the required registry changes to remediate the Spectre/Meltdown vulnerability.

Deploy and Patch Any Windows OS-based Software to Any Device

Qualys Patch Management can deploy or patch any windows-based application no matter if it is on-premises, in the cloud or a remote location. The Qualys Cloud Agent can push any software to all target devices, such as deploying proprietary patches to all WFH users.

Support Complex Patch Deployments and Environments

Allows the deployment of patches and configuration changes in complex environments with elaborate workflows and dependencies. For example, Qualys leveraged this feature to create a script for customers that removes the JndiLookup class related to Log4Shell, which quickly eliminates the vulnerability libraries from all systems.

Qualys Patch Management with Advanced Remediation

Availability

Qualys Patch Management with new remediation features is available immediately. To sign up for the free Patch Management trial, visit qualys.com/patch-management-free-trial. To learn more, read the Advanced Remediation blog, or join our webinar on February 8.

Additional Resources 

About Qualys 
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions with over 19,000 active customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organisations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings. 

The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance, and protection for IT systems and web applications across on premises, endpoints, cloud, containers, and mobile environments. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading cloud providers like Amazon Web Services, Microsoft Azure and the Google Cloud Platform, and managed service providers and consulting organisations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, DXC Technology, Fujitsu, HCL Technologies, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.