Groundbreaking EASM engine empowers cybersecurity teams with accurate, real-time view of asset inventory that reduces false positives
Qualys, Inc. (NASDAQ: QLYS), a leading provider of disruptive cloud-based IT, security, and compliance solutions, today announced the launch of CyberSecurity Asset Management 3.0, an expansion of the Enterprise TruRisk Platform. This update integrates its leading vulnerability assessment capability into its External Attack Surface Management (EASM) solution delivering an accurate, real-time view of the external attack surface that eliminates more false positives to mitigate the risk of unknown assets.
Traditionally, cybersecurity teams rely on disparate sources like standalone external scanning tools, IT-centric databases such as configuration management databases (CMDBs), and API-based integrations to piece together asset inventories. EASM tools have relied on banner-grabbing methods that produce stale, incomplete asset data snapshots. As a result of this piecemeal approach to asset discovery, the average enterprise is blind to 38%* of its assets at any given time.
Qualys CyberSecurity Asset Management 3.0 extends its leading asset discovery for all types of environments—including an EASM engine for real-time and accurate assessment of external attack surface risks, built-in passive sensing for IoT and rogue devices using the already-deployed Qualys agent, and third-party API-based connectors to complement Qualys sensors. This unified approach not only consolidates asset discovery to a single, unified solution but also introduces a first-of-its-kind EASM lightweight vulnerability scanner to pinpoint critical vulnerabilities immediately upon discovery.
"With Qualys CyberSecurity Asset Management, we have a consolidated view of asset and cyber risk data without requiring separate solutions to scan different areas of the attack surface," said Mike Orosz, VP Information & Product Security, CISO at Vertiv. "The immediate risk assessment of external assets has fueled a significant increase in our ability to be proactive about the elimination of risk."
This release enhances Qualys' industry-leading attack surface coverage, allowing organizations to:
Gain precise insight into which external assets are attributed to the organization — Discover all assets from subsidiaries, mergers, and acquisitions with patent-pending attribution and confidence scoring.
Reduce false positives to isolate risk on the external attack surface — Quickly and accurately identify the most critical risk with industry-leading vulnerability detections, reducing 60%* of false positives that result from basic banner-grabbing tools.
Eliminate unknowns from the internal network in real time — Uncover 34%* more assets in real time with passive sensing, built into the Qualys agent to identify unmanaged IoT/OT devices. The third-party connectors complement the Qualys sensors delivering a unified inventory, and scan previously unknown assets for vulnerabilities and compliance issues.
"The 'unknown' asset continues to account for a sizeable amount of the cyber risk plaguing the modern enterprise because if you don't know your assets, you don't know your risk," said Sumedh Thakar, president and CEO at Qualys. "With our groundbreaking EASM engine and discovery advancements, CyberSecurity Asset Management 3.0 is the only solution that provides every possible discovery method with the speed and accuracy that the modern organization requires."
Availability
Qualys CyberSecurity Asset Management is immediately available. To learn more, sign up for a free trial, read the blog, Introducing CyberSecurity Asset Management 3.0 or attend the virtual event, Cyber Risk Series: The Art of the Impossible: Navigating the Broken CMDB.
Additional Resources
Register for the virtual Cyber Risk Series on navigating the broken CMDB
Watch the video "Introducing Qualys CyberSecurity Asset Management 3.0 – with expanded discovery and cyber risk assessment"
Learn more about the Qualys Enterprise TruRisk Platform
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Oracle Cloud Infrastructure, Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
*Based on Qualys Threat Research Unit (TRU) analysis of anonymized data from over 1,000 customers