Qualys has announced the release of CyberSecurity Asset Management 3.0. This new update extends the functionality provided by the enterprise TruRisk platform by integrating advanced vulnerability assessment capabilities into external attack surface management (EASM) solutions. This integration enables Qualys to provide an accurate, real-time view of the external attack surface, reducing false positives and helping to mitigate the risks posed by unknown assets.
Traditional approaches taken by cybersecurity teams when creating asset inventories incorporate disparate sources such as external scanning tools, IT-centric databases (such as configuration management databases or CMDBs), and API-based integrations. This piecemeal approach leaves almost 38% of the average company's assets invisible at any given time. EASM tools have typically relied on banner capture methods that, while somewhat effective, ultimately produce stale and incomplete snapshots of asset data.
Qualys' CyberSecurity Asset Management 3.0 provides an innovative solution to these challenges. It extends the company's leading asset detection to any type of environment, incorporating the EASM engine for real-time and accurate assessment of external attack surface risk, and built-in passive sensing for IoT and rogue devices. Masu. The system is equipped with his EASM lightweight vulnerability scanner, the first of its kind, designed to highlight critical vulnerabilities as soon as they are discovered.
Mike Orosz, CISO and VP of Information and Product Security at Vertiv, one of our key end users, said: “Qualys CyberSecurity Asset Management provides an integrated view of asset and cyber risk data without the need for separate solutions to scan different areas of attack. Instant risk of external assets. The assessment has greatly improved our ability to proactively eliminate risk.”
The introduction of this system strengthens Qualys' attack surface, allowing organizations to gain precise insight into which external assets belong to them, including assets from subsidiaries, mergers, and acquisitions. By identifying the most critical risks with industry-leading vulnerability detection, the system reduces false positives by 60%. And thanks to passive sensing built into the Qualys agent, 34% more assets can be discovered in real-time. This allows him to identify unmanaged IoT/OT devices and combine this with third-party connectors to complete his unified inventory of Qualys sensors, uncovering previously unknown asset vulnerabilities and compliance issues. can be scanned.
Commenting on the release of CyberSecurity Asset Management 3.0, Sumedh Thakar, President and CEO of Qualys, said, “'Unknown' assets continue to represent a significant portion of the cyber risks plaguing modern enterprises. With our ground-breaking EASM engine and detection advancements, CyberSecurity Asset Management 3.0 is the only solution that provides a full range of detection methods with the speed and accuracy that modern organizations require.
