Qualys, Inc. Adds External Attack Surface Management to Its Cloud Platform

Highlights

• Qualys CyberSecurity Asset Management provides attack surface insights from an external attacker’s point of view.
• Organizations can continually monitor their entire corporate attack surface with the help of EASM-enabled Qualys CyberSecurity Asset Management 2.0.

Qualys, Inc., a pioneer in innovative cloud-based IT, security, and compliance solutions, recently announced the addition of External Attack Surface Management (EASM) features to the Qualys Cloud Platform. The newly added component, integrated into CyberSecurity Asset Management 2.0, adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface.

Attack surfaces have expanded exponentially due to digital transformation, increased adoption of cloud and Internet of Things (IoT), a growing remote workforce, and a talent shortage in the technology industry. Because of this expansion, security teams find it challenging to control compromises brought on by undetected, poorly managed, or unmanaged IT assets and correlate outwardly visible and internally managed assets. Organizations need a new strategy to view susceptible assets from the outside and execute like an attacker to identify areas of risk quickly.

“Organizations must proactively manage their cyber defenses, which includes finding and addressing vulnerabilities to reduce cyber risk,” said Michelle Abraham, research director, Security and Trust at IDC. “Qualys’ unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its Vulnerability Management, Detection and Response (VMDR) solution into a single view. As a result, organizations can better identify undiscovered assets and immediately access and mitigate the cyber risk within the same workflow.”

“Qualys CyberSecurity Asset Management provides invaluable attack surface insights from an external attacker’s point of view,” said Mike Orosz, vice president of information and product security at Vertiv. “This view allows us to proactively augment our vulnerability management program by discovering risks presented by previously unknown internet-facing devices. Additionally, the automated workflows enable us to prioritize security engineering actions that will reduce cyber risk and rapidly improve our company’s security.”

Organizations can continually monitor and minimize their entire corporate attack surface, including internal and internet-facing assets, with the help of EASM-enabled Qualys CyberSecurity Asset Management 2.0. Additionally, it assists with synchronization with CMDBs, the detection of security flaws such as unauthorized or out-of-support software, open ports, remotely exploitable vulnerabilities, problems with digital certificates, unauthorized apps, and domains, and the risk mitigation process by taking the necessary steps.

Qualys CyberSecurity Asset Management with EASM allows Security and IT teams to:

Uncover Gaps Across the Entire Attack Surface – The solution continuously identifies and precisely categorizes internal and external internet-facing assets from a single cloud platform. It automatically locates your subsidiaries, enumerates horizontally and vertically, correlates WHOIS and DNS information, and assigns assets to your company.

Reliable, Accurate View of IT Operations and Security Alignment – Through automated synchronization with business CMDBs and vulnerability management, teams can capture unmanaged assets and obtain a single source of truth for internet-facing assets, along with location and context, to streamline ongoing attack surface monitoring and response.

Rapid Risk Remediation with Native VMDR 2.0 Integration – Qualys VMDR 2.0 and CyberSecurity Asset Management 2.0 enhance the cybersecurity program posture with TruRisk scoring and automated, and one-click orchestration of vulnerability and remediation workflows to transform internet-facing assets into fully managed and patched assets.

“Achieving full asset visibility remains one of cybersecurity’s most elusive goals,” said Sumedh Thakar, president and CEO of Qualys. “CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to comprehensively address the increased threat landscape. Taking protection a step further, we’ve natively integrated the solution with Qualys VMDR so organizations can prioritize vulnerabilities and asset groups based on risk and proactively remediate to quickly reduce exposure.”