VMDR 2.0 offers better insight into risk posture, faster fix times for critical vulnerabilities. Credit: Thinkstock An upgrade to the Qualys Vulnerability Management, Detection, and Response (VMDR) solution announced Monday promises to give security teams better insights into the risks posed to organizations from vulnerabilities and a more efficient way to fix them. Cloud-based VMDR 2.0 provides a means for cutting through the noise created by an ever-expanding vulnerability landscape so the most critical risks can be identified and remedied.“Cyber risk is becoming part of the business risk equation,” IDC Research Director Michelle Abraham said in a statement. “Even the most advanced organizations can’t patch all the threats they uncover, which increasingly includes poorly misconfigured services.”“Organizations must prioritize efforts that result in the maximum reduction of risk,” Abraham continued. “Qualys’s approach to cyber risk management considers multiple factors like vulnerabilities and misconfigured systems, so organizations can focus on fixes that reduce their overall risk.” Intelligence to identify exploited vulnerabilitiesAccording to Qualys, the new version of VMDR, with its TruRisk capability, allows security and IT teams to: Reduce risk with holistic scoring that quantifies risk across an entire attack surface, including vulnerabilities, misconfigurations, and digital certificates. It can also correlate with critical business and exploit intelligence from hundreds of sources, automatically deprioritize vulnerabilities if compensating controls are in force, track risk reduction trends over time, and help organizations measure and report on the effectiveness of their cybersecurity program across hybrid environments.Quickly remediate at scale by leveraging rule-based integrations between VMDR and information technology service management (ITSM) tools such as ServiceNow and Jira, along with dynamic vulnerability tagging, to automatically assign remediation tickets to prioritized vulnerabilities and bridge the gap between security and IT teams. It also allows remediation to be orchestrated directly from the ITSM tool to help close vulnerabilities faster and reduce the mean time for remediation.Receive preemptive attack alerts based on external threat intelligence from more than 180,000 vulnerabilities and 25-plus threat and exploit intelligence sources. The intelligence is natively correlated with vulnerabilities and misconfigurations to proactively alert teams on vulnerabilities exploited by malware or those used in an active malicious campaign known to target a particular industry.Automate operational workflows to save valuable time and resources. Teams can develop drag-and-drop visual workflows to automate time-consuming and complex vulnerability management tasks, such as vulnerability assessments for ephemeral cloud assets, alerting for high-profile threats or quarantining high-risk assets.Vulnerability management helps manage risk“The increase of disclosed vulnerabilities and speed at which they are weaponized, paired with the cyber talent shortage, have left teams struggling to wade through a mountain of issues,” Qualys Vice President of Product Management and Engineering for VMDR Mehul Revankar tells CSO. “Any tools or systems that can be used to ease these headaches for security teams are critical. Developing drag-and-drop visual workflows automates time-consuming and complex vulnerability management tasks, such as vulnerability assessments for ephemeral cloud assets, alerting for high-profile threats, or quarantining high-risk assets in the cloud.”Revankar notes that nowadays, no matter the difference in size, geography or industry, a CISO’s number one job is to manage cyber risk. “Security teams need vulnerability management solutions that quantify risk across vulnerabilities, assets, and groups of assets, helping organizations proactively reduce risk exposure and track risk reduction over time,” he says. “Qualys VMDR, with TrusRisk, does this by considering multiple factors—exploit code maturity, active exploitation of the vulnerability, the criticality of the asset, its location, and so forth,” Revankar says, “so that organizations can gain a holistic view of their environment and focus efforts on fixes that will reduce their overall risk.” Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe