Qualys Inc., provider of cloud-based security and compliance solutions, announced Tuesday that X-Force Red, IBM Security’s team of veteran hackers, will leverage Qualys’ new Patch Management (PM) solution as part of its X-Force Red Vulnerability Management Services to automate vulnerability prioritization and patching.
The Patch Management (PM) is a cloud app that provides automated patch deployment capabilities, enabling customers to transparently orchestrate full-lifecycle vulnerability management of operating systems and third-party software across global hybrid environments.
With Qualys PM, the Qualys Cloud Platform now consolidates vulnerability assessment, threat prioritization and remediation, allowing IT and SecOps teams to centralize remediation of vulnerabilities across Windows, macOS, and Linux operating systems, as well as over 300 third-party applications.
Users can target critical Common Vulnerability and Exposure IDs (CVEs) without researching knowledge base articles, then deploy the patch to endpoints, on-premises or cloud assets and verify remediation, all from one console.
The collaboration enables clients to simplify vulnerability remediation and fix their most critical vulnerabilities using less resources and time.
Many organizations identify and manually decipher which of millions of vulnerabilities to fix first, then assign patching responsibilities and track remediation progress for each one, beginning with the most critical. This lengthy process drains resources, all while exploitable vulnerabilities are exposing sensitive assets.
X-Force Red Vulnerability Management Services uses a proprietary algorithm to prioritize vulnerability remediation based on asset value, weaponization, and other contextual factors. The team then facilitates the remediation process using a concurrency model. The top, most critical vulnerabilities are sent to the individuals in charge of remediation. As each is fixed, the next most critical vulnerability is then sent out, keeping the organization focused on the highest risk vulnerabilities at all times.
Building on a collaboration announced in August 2018 to deliver a full-lifecycle vulnerability management solution using the Qualys Cloud Platform, this extension of that relationship leverages the recently unveiled Qualys PM specifically to help automate X-Force Red’s prioritization and remediation management capabilities. It also adds Qualys Web Application Scanning (WAS) to X-Force Red’s vulnerability management scanning capabilities.
The Qualys Cloud Platform is a quantum leap in enterprise and cloud security, offering customers a unified view of IT, security and compliance across on- and off-premises assets, endpoints, clouds, containers and web applications, drastically reducing the cost and complexity of managing multiple security vendors.
The Qualys platform delivers nearly 20 fully integrated, centrally managed and self-updating best-of-breed security and compliance solutions. By automatically gathering and analyzing security and compliance data from IT assets anywhere in one single-pane view, the Qualys Cloud Platform gives customers scalability, visibility, accuracy and breadth of capabilities to fight cyber-attacks and build security into their digital transformation initiatives.
Qualys PM automates these patch deployments using Qualys Cloud Agents, enabling more efficient full-lifecycle vulnerability management. It allows IT and SecOps teams to centralize their patching and remediation of Windows, macOS and Linux operating systems, and hundreds of applications.
Leveraging the Qualys PM solution, X-Force Red will be able to target critical Common Vulnerability and Exposure IDs (CVEs) without researching knowledge base articles, then deploy the patch to endpoints, on-premises or cloud assets and verify remediation, all in less time.
Qualys WAS will allow X-Force Red to continuously discover and catalog web applications – including new and unknown ones – and detect vulnerabilities and misconfigurations in web apps and APIs. Scaling to thousands of scans, WAS conducts incisive, thorough, and precise testing of browser-based web apps, mobile app backends, and Internet of Things (IoT) services.
“Based on our many conversations with security leaders, prioritizing and remediating vulnerabilities seems to be the biggest vulnerability management headache,” said Charles Henderson, Global Head of X-Force Red. “Qualys has released a patch management platform that automates patching with a click of a button. X-Force Red has created an algorithm that automatically prioritizes vulnerabilities within minutes. By bringing our solutions together, we can offer organizations fast, effective and manageable remediation no matter how limited their resources and time.”
“IBM X-Force Red is at the forefront of helping the world’s largest companies build security into their digital transformation,” said Philippe Courtot, chairman and CEO, Qualys Inc. “This expansion of our partnership equips IBM X-Force Red to broaden their Vulnerability Management Services to include patch management and streamline their web application security services.”
