Qualys Launches Free Service to Help Organisations De-Risk their Business to Align with UK NCSC Guidelines


Qualys’ new service empowers organisations to access personalised risk perspectives and remediation plans, aligning with NCSC's 5-day risk mitigation timeline 

Qualys Security Conference (QSC) EMEA - Qualys, Inc. (NASDAQ: QLYS), a leading provider of disruptive cloud-based IT, security, and compliance solutions, announced it is offering free 30-day access to the Qualys Enterprise TruRisk Platform to aid organisations in efficiently discovering and classifying internet-facing and internal-facing assets, and prioritising vulnerabilities for swift and safe remediation, aligning with the UK's National Cyber Security Centre (NCSC) 5-7 days guidance.

NCSC recently released guidance recommending patching vulnerabilities for internet-facing services and software within five days and non-external-facing vulnerabilities within seven days. Many organisations find it challenging to accurately discover all their assets, specifically those that are internet-facing, efficiently measure and prioritise the risk, and then remediate it. Anonymised data from the Qualys Threat Research Unit (TRU) indicates the median time to remediate (MTTR) for the average UK organisation was 17 days for external-facing vulnerabilities and 15 days for internal threats.

“As a longstanding customer, Qualys has helped us build a culture of continuous improvement and awareness, where every identified vulnerability is an opportunity to strengthen our defenses," said Tom Copeland, head of Governance, Risk and Compliance at Associated British Foods. “The Qualys Enterprise TruRisk Platform has enabled us greater efficacy in de-risking the business, further enhancing our focus on risk prioritisation, accelerating our patching and remediation timelines, and making ABF safer overall."

The Qualys NCSC free service allows organisations to remediate issues in as little as 30 minutes and within the recommended 5-7 days for full alignment. Incorporating Vulnerability Management Detection and Response (VMDR), CyberSecurity Asset Management, and Patch Management, the Qualys offering helps organisations to adhere to NCSC by: 

  • Identifying External Assets: Accurately discover both internal and external assets within your environment and flag End of Life (EOL) and End of Support (EOS) software and devices.

  • Efficient Risk-based Prioritisation: Vulnerabilities are prioritised by their TruRisk score and automatically mapped to necessary updates to simplify IT workflows for a customised NCSC risk and remediation view.

  • Patch Automation: The gap between security and IT teams is closed with Qualys Patch Management. Qualys brings these groups together to safely prioritise and deploy patches automatically to help customers update by default, within 5-7 days, as recommended by NCSC.

"Adversaries are weaponising vulnerabilities more quickly than ever, which accounts for the NCSC’s focus on swift remediation of vulnerabilities. For most organisations, with their complex infrastructures and patch workflows, it’s almost impossible to meet the 5-7 day update time," said Sumedh Thakar, president and CEO of Qualys. "To aid organisations in adhering to the NCSC guidelines, we're offering the Qualys Enterprise TruRisk Platform free for 30 days. This allows organisations to streamline asset discovery,  takes the guesswork out of understanding which vulnerabilities are the riskiest and helps with prioritisation, so organisations can mitigate risks quickly and efficiently to safeguard their businesses."

To sign up for this free 30-day service, visit qualys.com/forms/vmdr-ncsc. To learn more, read our blog, “How Qualys Supports the National Cyber Security Centre (NCSC)’s Vulnerability Management Guidance,”  and register for our webinar, “Mastering NCSC Guidelines.”

Additional Resources

###

About Qualys

Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organisations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.

The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organisations. For more information, please visit http://www.qualys.com.