Qualys Expands TruRisk Eliminate Platform, Empowering Organisations to Mitigate Cyber Risk Without Patching


New solutions – TruRisk Mitigate and Isolate - compliment patch management helping customers reduce security risk while lowering operational risk with extensive coverage for recent CISA KEV 

Qualys, Inc. (NASDAQ: QLYS), a leading provider of disruptive cloud-based IT, security and compliance solutions, is unveiling TruRisk Eliminate at Black Hat 2024. Qualys TruRisk Eliminate is a comprehensive remediation solution that extends beyond patching to help organisations further reduce risk. It provides additional innovative remediation methods when patching isn't feasible. This approach uses patchless patching, targeted isolation, and other mitigation strategies to ensure robust protection.

Patch management is a core capability for remediating vulnerabilities, but it is not always the most viable or only option. Addressing all vulnerabilities is increasingly difficult due to potential business disruptions from patching, the unavailability of patches for zero days, and the limitations of traditional patch management tools that rely solely on agents. At-risk assets that can't be patched present vulnerabilities exploitable by hackers, leading to ransomware and data breaches. Cybersecurity and IT teams need effective mechanisms to mitigate the risks of unpatched vulnerabilities while maintaining business operations.

“Although patching is an essential part of vulnerability management to mitigate risk, there are some use cases where it isn’t possible, or doing so requires outages or downtime that can impact operations. In some cases, such as new exploits or zero-day vulnerabilities, a patch may not even be available,” said Melinda Marks, practice director, cybersecurity, at Enterprise Strategy Group. “Now with TruRisk Eliminate, Qualys augments its vulnerability management capabilities with an innovative solution to efficiently mitigate risk with patchless approaches to remediating vulnerabilities, helping security teams better align with and support business operations.”

Qualys TruRisk Eliminate equips security and IT teams with powerful tools to enhance cybersecurity resilience by addressing critical vulnerabilities with or without deploying a patch. This solution reduces friction in current processes, enabling CISOs and CIOs to effectively reduce risk through patch management, configuration changes, mitigation, and targeted isolation. As a result, organisations can significantly lower their vulnerability exposure and streamline their response to cyber threats. TruRisk Eliminate provides more flexibility and options tailored to an organisation's unique operational needs, remediation timelines, and business objectives.

Qualys TruRisk Eliminate

Qualys TruRisk Eliminate offers the industry's most comprehensive risk reduction capabilities, enabling teams to proactively mitigate nearly 100% of CISA Known Exploited Vulnerabilities (KEV) and ransomware vulnerabilities, both with and without patching. This approach balances business continuity with risk reduction by:

  • Mitigating and Isolating the Risk Without Patching or Rebooting

o   TruRisk Mitigate - Deploys advanced risk mitigation controls based on the recommendations of vendors, CISA, and the Qualys Threat Research Unit. It empowers businesses to swiftly implement configuration changes via advanced scripting for Linux and Windows, ensuring robust protection even when patches are unavailable.

o   TruRisk Isolate - Empowers teams to proactively quarantine risky assets to prevent security incidents from spreading within the network. It helps security and IT teams manage risk proactively instead of relying on the reactionary EDR approach of quarantining assets post-incidents.

  • Integrating with IT Operations and Ticketing Workflows

Reduces risk and mean time to remediate by leveraging out-of-the-box integrations with ITSM tools like ServiceNow and JIRA along with dynamic vulnerability and asset tagging. This approach drives patching, mitigation, and isolation directly through IT operations processes and solutions in a controlled manner that is fully integrated with Qualys Vulnerability Management, Detection and Response (VMDR) and Patch Management.

  • Offering Rule-based Workflow Orchestration

With the integrated Qualys Qflow capability, teams save valuable time and resources. This feature automates complex, multi-decision risk remediation tasks, such as executing mitigations for CISA KEVs when patches are unavailable and only un-quarantining high-risk assets upon closing of vulnerabilities.

“Five years ago, Qualys disrupted the vulnerability management space with integrated patch management to help organisations streamline and accelerate threat remediation. Now, we're taking the next step with TruRisk Eliminate, offering businesses innovative ways to mitigate risk even when patching isn't an option," said Sumedh Thakar, president and CEO of Qualys. "With TruRisk Eliminate, we provide enterprises with peace of mind through powerful solutions that address their most pressing threats and ultimately de-risk their businesses."

Availability

TruRisk Eliminate will be available in September. To see Qualys TruRisk Eliminate in action, visit Qualys at Black Hat (Booth #1320). Learn more at the Cyber Risk Series: To Be or Not to Be, Patch is the Question on July 31. Sign up to be notified when TruRisk Eliminate is available at qualys.com/forms/trurisk-eliminate.

Additional Resources  

### 

About Qualys   

Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organisations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.

The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Oracle Cloud Infrastructure, Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organisations. For more information, please visit http://www.qualys.com.

Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.