Qualys has announced the immediate availability of its game-changing solution, VMDR — Vulnerability Management, Detection and Response. VMDR provides an all-in-one, cloud-based app that automates the entire vulnerability management cycle, significantly accelerating the ability for companies to respond to threats, and prevent breaches while drastically reducing licensing and operating cost.
“For many organisations, today’s vulnerability management programs involve different teams, using multiple point solutions that often create more problems than they solve, including integration challenges, false positives, and most importantly, critical delays in the patching or mitigation process,” said Philippe Courtot, chairman and CEO of Qualys. “We are proud to bring our VMDR offering to market to address these challenges. It is the culmination of many years of effort to make vulnerability management an end-to-end solution that cuts across the entire hybrid environment and one that is real-time, accurate, easy to deploy and operate.”
What sets VMDR apart from other offerings on the market is that it unifies the entire IT and security workflow into a single cloud application to identify any device that connects to the network in real-time. From there, it allows users to create and easily maintain an always up-to-date global IT asset inventory and asset groups, detect vulnerabilities in real-time, prioritize these — with a state-of-the-art prioritisation engine that also takes into account misconfigurations and digital certificate security exposures — and finally mitigate and remediate vulnerabilities across the entire global hybrid IT environment, which includes on-premises devices, endpoints, cloud, mobile, containers, web apps, and APIs.
As such, Qualys VDMR provides the foundation for a comprehensive risk-based vulnerability management program that does not solely rely on CVE-based vulnerabilities and arbitrary risk scores, which can give a false sense of security.
“In a world where cloud concepts increasingly dominate, with multiple hosted services providing functionality previously owned and operated by on-premises IT, many existing approaches to solving these problems predicated on deployment within a traditional enterprise network are now showing their age. Dragging traffic back to a VPN concentration point will likely not be the preferred method indefinitely, if only for availability and capacity considerations alone. If an outcome of the current crisis is a more enduring entrenchment of remote work for the indefinite future, the changes in enterprise security architecture they precipitate may come to stay. The performance of these services will have to meet or exceed that expected from direct connection to the target — which makes it seem likely that cloud providers in the best position to meet this demand may either embrace these trends directly or become key enablers of new approaches,” said Scott Crawford, research vice president, security at 451 Research, part of S&P Global Market Intelligence.