Qualys, a provider of disruptive cloud-based IT, security and compliance solutions, has announced it is adding advanced remediation to the Qualys Cloud Platform. The new update enables organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software. The result is improved efficiency by eliminating the need to use multiple products and agents and a more comprehensive approach to remediation.
Timely and comprehensive remediation of vulnerabilities is critical for maintaining good security hygiene and proactive risk management. Yet, organisations struggle to remediate quickly due to multiple factors including ambiguity between IT and Security on process ownership, especially when the action requires sophistication beyond the deployment of a simple patch. For example, to remediate the Spectre/Meltdown vulnerability, a configuration change is required in addition to deploying the patch. Further, some vulnerabilities need a registry key change without a patch, while others need a proprietary patch or an update to custom software to remediate. The lack of clarity between vulnerability detection logic and potential remediation complexity due to the need for multiple tools increases the struggle IT and security teams face.
“Fully remediating vulnerabilities goes beyond applying patches and can often require multiple tools and approaches based on the type of vulnerability,” said Richard Hallade, IT Security Officer of Red Cross Luxembourg. “The new advanced remediation feature allows us to expedite remediation as we can rectify configuration issues and execute advanced patch jobs such as identifying various Windows 10 versions throughout our global environment, all with a single app and agent.”
Qualys Patch Management seamlessly integrates with Qualys Vulnerability Management, Detection and Response (VMDR) to remediate vulnerabilities by deploying patches or applying configuration changes on any device regardless of its location. The new remediation feature allows teams to use one application to detect, prioritise and fix vulnerabilities regardless of the remediation method required.
“In this Log4Shell and Pwnkit era, organisations must be extra vigilant and patch weaponised vulnerabilities without delay, which requires efficiency and rapid remediation,” said Sumedh Thakar, president and CEO of Qualys. “Qualys Advanced Remediation increases efficiency by using one application to comprehensively remediate vulnerabilities. Regardless of whether they need configuration changes or deployment of scripts and proprietary software patches – eliminating the need to use multiple products and agents to improve response times is a critical success factor in strengthening enterprises’ cyber defenses.”