VMDR 2.0 offers better insight into risk posture, faster fix times for critical vulnerabilities. Credit: Thinkstock An upgrade to the Qualys Vulnerability Management, Detection, and Response (VMDR) solution announced Monday promises to give security teams better insights into the risks posed to organizations from vulnerabilities and a more efficient way to fix them. Cloud-based VMDR 2.0 provides a means for cutting through the noise created by an ever-expanding vulnerability landscape so the most critical risks can be identified and remedied.“Cyber risk is becoming part of the business risk equation,” IDC Research Director Michelle Abraham said in a statement. “Even the most advanced organizations can’t patch all the threats they uncover, which increasingly includes poorly misconfigured services.”“Organizations must prioritize efforts that result in the maximum reduction of risk,” Abraham continued. “Qualys’s approach to cyber risk management considers multiple factors like vulnerabilities and misconfigured systems, so organizations can focus on fixes that reduce their overall risk.” Intelligence to identify exploited vulnerabilitiesAccording to Qualys, the new version of VMDR, with its TruRisk capability, allows security and IT teams to: Reduce risk with holistic scoring that quantifies risk across an entire attack surface, including vulnerabilities, misconfigurations, and digital certificates. It can also correlate with critical business and exploit intelligence from hundreds of sources, automatically deprioritize vulnerabilities if compensating controls are in force, track risk reduction trends over time, and help organizations measure and report on the effectiveness of their cybersecurity program across hybrid environments.Quickly remediate at scale by leveraging rule-based integrations between VMDR and information technology service management (ITSM) tools such as ServiceNow and Jira, along with dynamic vulnerability tagging, to automatically assign remediation tickets to prioritized vulnerabilities and bridge the gap between security and IT teams. It also allows remediation to be orchestrated directly from the ITSM tool to help close vulnerabilities faster and reduce the mean time for remediation.Receive preemptive attack alerts based on external threat intelligence from more than 180,000 vulnerabilities and 25-plus threat and exploit intelligence sources. The intelligence is natively correlated with vulnerabilities and misconfigurations to proactively alert teams on vulnerabilities exploited by malware or those used in an active malicious campaign known to target a particular industry.Automate operational workflows to save valuable time and resources. Teams can develop drag-and-drop visual workflows to automate time-consuming and complex vulnerability management tasks, such as vulnerability assessments for ephemeral cloud assets, alerting for high-profile threats or quarantining high-risk assets.Vulnerability management helps manage risk“The increase of disclosed vulnerabilities and speed at which they are weaponized, paired with the cyber talent shortage, have left teams struggling to wade through a mountain of issues,” Qualys Vice President of Product Management and Engineering for VMDR Mehul Revankar tells CSO. “Any tools or systems that can be used to ease these headaches for security teams are critical. Developing drag-and-drop visual workflows automates time-consuming and complex vulnerability management tasks, such as vulnerability assessments for ephemeral cloud assets, alerting for high-profile threats, or quarantining high-risk assets in the cloud.”Revankar notes that nowadays, no matter the difference in size, geography or industry, a CISO’s number one job is to manage cyber risk. “Security teams need vulnerability management solutions that quantify risk across vulnerabilities, assets, and groups of assets, helping organizations proactively reduce risk exposure and track risk reduction over time,” he says. “Qualys VMDR, with TrusRisk, does this by considering multiple factors—exploit code maturity, active exploitation of the vulnerability, the criticality of the asset, its location, and so forth,” Revankar says, “so that organizations can gain a holistic view of their environment and focus efforts on fixes that will reduce their overall risk.” Related content interview Strong CIO-CISO relations fuel success at Ally CIO Sathish Muthukrishnan and CISO Donna Hart have forged a partnership steeped in Ally’s culture of radical candor that keeps the financial services firm secure and innovative. By Dan Roberts May 09, 2024 9 mins CIO CSO and CISO IT Leadership news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe