Qualys Enterprise TruRisk Management redefines cyber risk operations by unifying diverse security solutions for prioritisation and actionable remediation
Qualys, Inc. (NASDAQ: QLYS), a leading provider of disruptive cloud-based IT, security and compliance solutions, today announced the launch of the industry’s first Risk Operations Center (ROC) with Enterprise TruRisk Management (ETM) at the Qualys Security Conference. The solution enables CISOs and business leaders to manage cybersecurity risks in real time, transforming fragmented, siloed data into actionable insights that align cyber risk operations with business priorities. The application consolidates both Qualys and non-Qualys security risk data, including from technology alliances like Forescout, Identity Threat Protection with Okta AI, Microsoft, Oracle, and Wiz across cloud, on-premises and hybrid environments.
Organisations are facing an ever-growing volume of risk findings spread across multiple, disconnected top 10 dashboards. This fragmented view results in conflicting analyses, duplicate work, missed threats, and strategies that fail to fully protect the organisation. As a result, companies struggle to get a clear understanding of their true, overall risk, hindering their ability to make informed remediation decisions.
To overcome these challenges, businesses need an integrated approach that combines heterogeneous risk factors from various asset management tools and disparate cybersecurity solutions into a single platform with remediation and mitigation capabilities to reduce risk quickly. That is why Qualys is launching the world’s first ROC with Enterprise TruRisk Management designed to unify asset inventory and risk factors, apply threat intelligence, business context, risk prioritisation, and orchestrate remediation, compliance and reporting through a single interface.
“With IT environments growing more complex and potential risk exposures more numerous, organisations need a holistic and proactive cybersecurity management platform that brings all cyber-risk exposures to one place, unifies scoring and simplifies prioritisation and reporting," said Michelle Abraham, research director at IDC. "Qualys’ approach with the Risk Operations Center delivers this ideal in a cohesive way. With the ability to analyse all risk factors at a glance – such as exploitability, unique organisational context, threat intelligence, and financial impact – Qualys Enterprise TruRisk Management empowers CISOs and business leaders to create actionable, enterprise-wide strategies to reduce risk to levels that align with the business’s objectives.”
Qualys Enterprise TruRisk Management enables enterprises to operationalise their ROC –
Ingesting Qualys and Non-Qualys Data for an Accurate Measure of Business Risk: Enterprises are able to measure their TruRisk score, by aggregating and unifying dispersed risk factors – such as vulnerabilities, security postures, asset exposures, and identities – generated by their security toolset across the full stack of cloud, on-premises, or third-party applications. This data is correlated with over 25 threat intel sources and business context to precisely highlight key risk exposure indicators, enabling proactive risk management for business entities, processes or applications.
Aligning Risk to Business Value to Communicate Financial Impact of Cyber Risk: CISOs are expected to communicate the return on investment (ROI) and outcomes of existing and future cybersecurity investments in terms of reduction of business risk. By aligning business value and potential losses from cyber risks, ETM enables cyber risk quantification (CRQ) for CISOs and risk teams to communicate the business impact of TruRisk for critical applications, entities and processes, shifting the focus from technical issues to understanding the financial impact of security threats. ETM also allows teams to recognise the contribution of risk factors produced by individual cybersecurity tools, toward overall enterprise-wide TruRisk scores impacting the business, to justify cybersecurity tool investment and better prioritisation.
Automated Remediation Workflows to Reduce Cyber Risk: Security and Risk Operations teams can leverage personalised risk reduction plans with Qualys TruRisk Eliminate to intelligently patch or mitigate the prioritised exposure indicators, such as vulnerabilities, misconfigurations, asset and software risks, by balancing risk reduction with business continuity. ETM also supports rule-based integrations with ITSM tools, such as ServiceNow and JIRA, to automatically assign prioritised tickets of unified exposures to the right remediation teams and orchestrate active remediation through integrated zero-trust, firewalled solutions to rapidly reduce risk, which helps reduce time to communicate and mean time to remediation.
“Organisations need an accurate diagnosis of their risk, including both IT and security data, in a unified view,” said Scott Woodgate, general manager, Microsoft Security. “Qualys Enterprise TruRisk now integrates with Microsoft Defender for Endpoint vulnerability and device data to make this possible.”
"On its 25th anniversary, Qualys continues its never-ending innovation journey by again disrupting the cybersecurity market with the introduction of the Risk Operations Center (ROC)," said Sumedh Thakar, president and CEO of Qualys. “The ROC delivered by Qualys ETM transforms proactive cybersecurity, empowering organisations to operationalise their risk management process in a single platform, and revolutionising the way customers measure, communicate and eliminate risk, irrespective of which cyber tools they employ."
Availability
Qualys Enterprise TruRisk Management is immediately available. To start your ROC journey, sign up for a free trial, read the blogs, “The Future of Cybersecurity Risk Management: Risk Operations Center (ROC) delivered by Qualys Enterprise TruRisk Management (ETM)” and “Qualys Launches Enterprise TruRisk Management: The Industry’s First Cloud-Based Risk Operations Center” or attend the webinar.
Additional Resources
Watch the video
Read our blog posts, “The Future of Cybersecurity Risk Management: Risk Operations Center (ROC) delivered by Qualys Enterprise TruRisk Management (ETM)" and “Qualys Launches Enterprise TruRisk Management: The Industry’s First Cloud-Based Risk Operations Center”
Sign up for a free trial of Qualys Enterprise TruRisk Management
Download the whitepaper on Risk Operations Center (ROC)
Register for our webinar, “How to Build a Risk Operations Center (ROC) with Qualys Enterprise TruRisk Management (ETM)”
###
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organisations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Oracle Cloud Infrastructure, Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organisations. For more information, please visit http://www.qualys.com.
Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.