Qualys announced the addition of External Attack Surface Management (EASM) capabilities to the Qualys Cloud Platform.
Integrated with CyberSecurity Asset Management 2.0, the new component adds the external attacker view to identify previously unknown internet assets to get a complete and accurate picture of the enterprise attack surface.
Digital transformation, increased cloud and Internet of Things (IoT) adoption, a growing remote workforce, and a shortage of technology talent have resulted in an exponential increase in the attack surface for organizations. This expansion makes it harder for security teams to correlate externally visible and internally managed assets and manage compromises that occur due to undiscovered, unmanaged, or mismanaged IT assets. Organizations need a new approach to see vulnerable assets from the outside in and act like an attacker to quickly identify areas at risk.
“Organizations should proactively manage their cyber defenses, which includes finding and resolving vulnerabilities to reduce cyber risk,” said Michelle Abraham, research director, Security and Trust at IDC. “Qualys’ unique approach to EASM is to integrate CyberSecurity Attack Management’s internal and external asset data with its Vulnerability Management, Detection and Response (VMDR) solution into a single view. As a result, organizations can better identify undiscovered assets and immediately access and mitigate cyber risk within the same workflow. »
Qualys CyberSecurity Asset Management provides invaluable insight into the attack surface from an external attacker’s perspective,” said Mike Orosz, vice president of product and information security at Vertiv. “This view allows us to proactively augment our vulnerability management program by uncovering risks presented by previously unknown internet-connected devices. Additionally, automated workflows allow us to prioritize security engineering actions that will reduce cyber risk and rapidly improve the security of our business.
Qualys CyberSecurity Asset Management 2.0 with EASM enables enterprises to continuously monitor and mitigate the entire enterprise attack surface, including internal and internet-connected assets, and uncover previously unidentified exposures. It also helps to sync with CMDBs, detect security vulnerabilities such as rogue or end-of-support software, open ports, remotely exploitable vulnerabilities, digital certificate issues, unauthorized applications and domains. authorized, and to mitigate the risks by taking the appropriate measures.
Qualys CyberSecurity Asset Management with EASM enables security and IT teams to:
Discover gaps across the entire attack surface – From a single cloud platform, the solution continuously discovers and accurately classifies internal and external resources accessible on the Internet. It automatically finds your affiliates, performs horizontal and vertical enumeration of domains and subdomains, correlates WHOIS and DNS records, and assigns assets to your organization.
Get a reliable and accurate view aligning security and IT operations – Augment uncertain and stale data in your CMDB with CyberSecurity Asset Management. Teams can capture unmanaged assets and get a single source of truth for internet-accessible assets, along with location and context, with automatic synchronization with enterprise CMDBs and vulnerability management to streamline continuous attack surface monitoring and response.
Quickly Remediate Risks with Native VMDR 2.0 Integration – CyberSecurity Asset Management 2.0 and Qualys VMDR 2.0 improve cybersecurity program posture with TruRisk scoring and automated, one-click orchestration of vulnerability and remediation workflows to convert Internet-connected assets into fully managed and remediated assets.
“Achieving complete asset visibility remains one of the toughest goals in cybersecurity,” said Sumedh Thakar, president and CEO of Qualys. “CyberSecurity Asset Management 2.0 solves this problem by providing both a holistic, external attacker-level and internal view of the attack surface to comprehensively respond to the growing threat landscape. protection, we have natively integrated the solution with Qualys VMDR so enterprises can prioritize vulnerabilities and asset groups based on risk and proactively remediate them to quickly reduce exposure.
Qualys CyberSecurity Asset Management 2.0 with EASM is currently in preview and available to existing customers. It will generally be available in mid-September.