A collaboration that will allow companies to eliminate the most critical vulnerabilities in a matter of minutes.
Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, announces that X-Force Red, IBM's team of security professionals and hacker experts, will include Qualys' new Patch Management (PM) App in its X-Force Red Vulnerability Management Services solution to automate vulnerability classification and patching. This collaboration will allow customers to simplify vulnerability remediation and eliminate the most critical vulnerabilities in less time and with fewer resources.
The extension of the partnership already announced in August 2018 to offer a vulnerability management solution for the entire resource lifecycle via the Qualys Cloud Platform, leverages the new Qualys PM App to automate classification and remediation activities by X-Force Red. It also adds Qualys Web Application Scanning (WAS) to X-Force Red's vulnerability management scanning capabilities.
"From numerous discussions with security officers, it has emerged that the classification and elimination of vulnerabilities is the greatest concern in vulnerability management," he said Charles Henderson, Global Head di X-Force Red. “Qualys has released a patch management platform that automates patching tasks with a single click. X-Force Red has created an algorithm that automatically prioritizes vulnerabilities within minutes. The combination of these two solutions allows organizations to carry out remediation activities in a fast, practical and effective way, even when resources and time are limited. "
"IBM X-Force Red offers state-of-the-art services to help the world's largest companies integrate security into digital transformation projects," he pointed out Philippe Courtot, President and CEO of Qualys. “L’ampliamento della partnership mette IBM X-Force Red nella posizione di estendere il proprio servizio di gestione delle vulnerabilità, includendo l’installazione delle patch, ottimizzando i servizi di sicurezza diretti alle applicazioni web.”
Tra i milioni di vulnerabilità rilevate, molte organizzazioni identificano e decifrano manualmente quali correggere per prime, quindi definiscono su chi ricade la responsabilità di applicare le patch e infine tengono traccia dell’andamento della remediation di ogni vulnerabilità partendo da quelle più critiche. Questo processo laborioso sottrae risorse preziose mentre gli asset più sensibili restano esposti alle vulnerabilità. X-Force Red Vulnerability Management Services applica un algoritmo proprietario per definire la priorità di remediation delle vulnerabilità in funzione del valore della risorsa, della possibilità di creare un codice di exploit e di altri fattori legati al contesto. In seguito, il team attiva il processo di remediation utilizzando un modello di concorrenza. Le vulnerabilità in cima alla lista, cioè quelle più critiche, vengono inviate a chi si occupa delle attività di remediation e, non appena una vulnerabilità viene eliminata, la seconda più critica viene inoltrata al team di remediation. Il risultato è che l’organizzazione rimane costantemente concentrata sulle vulnerabilità di livello più elevato.
Automatic patch distribution performed by the Qualys PM App via Qualys cloud agents ensures more effective vulnerability management, enabling IT security teams to centrally manage patching and remediation activities on Windows, macOS and Linux operating systems as well as on hundreds of applications.
Qualys WAS will allow X-Force Red to continuously identify and catalog web applications, including new and unknown ones, by detecting vulnerabilities and configuration errors within web apps and APIs. With thousands of scans, WAS performs incisive, in-depth and accurate testing on browser-based web apps, mobile app backends and IoT services.
