A collaboration that will allow companies to eliminate the most critical vulnerabilities in a matter of minutes.
Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, announces that X-Force Red, IBM's team of security professionals and hacker experts, will include Qualys' new Patch Management (PM) App in its X-Force Red Vulnerability Management Services solution to automate vulnerability classification and patching. This collaboration will allow customers to simplify vulnerability remediation and eliminate the most critical vulnerabilities in less time and with fewer resources.
The extension of the partnership already announced in August 2018 to offer a vulnerability management solution for the entire resource lifecycle via the Qualys Cloud Platform, leverages the new Qualys PM App to automate classification and remediation activities by X-Force Red. It also adds Qualys Web Application Scanning (WAS) to X-Force Red's vulnerability management scanning capabilities.
"From numerous discussions with security officers, it has emerged that the classification and elimination of vulnerabilities is the greatest concern in vulnerability management," he said Charles Henderson, Global Head di X-Force Red. “Qualys has released a patch management platform that automates patching tasks with a single click. X-Force Red has created an algorithm that automatically prioritizes vulnerabilities within minutes. The combination of these two solutions allows organizations to carry out remediation activities in a fast, practical and effective way, even when resources and time are limited. "
"IBM X-Force Red offers state-of-the-art services to help the world's largest companies integrate security into digital transformation projects," he pointed out Philippe Courtot, President and CEO of Qualys. “The expanded partnership puts IBM X-Force Red in a position to extend its vulnerability management service, including patch installation, optimizing security services directed at web applications.”
Among the millions of vulnerabilities detected, many organizations manually identify and decipher which ones to fix first, then define who is responsible for applying the patches and finally track the progress of remediation of each vulnerability starting from the most critical ones. This laborious process takes away valuable resources while the most sensitive assets remain exposed to vulnerabilities. X-Force Red Vulnerability Management Services applies a proprietary algorithm to prioritize vulnerability remediation based on asset value, ability to create exploit code, and other context-related factors. Next, the team activates the remediation process using a concurrency model. The vulnerabilities at the top of the list, i.e. the most critical ones, are sent to the remediation team and, as soon as one vulnerability is eliminated, the second most critical one is forwarded to the remediation team. The result is that the organization remains constantly focused on the highest level vulnerabilities.
Automatic patch distribution performed by the Qualys PM App via Qualys cloud agents ensures more effective vulnerability management, enabling IT security teams to centrally manage patching and remediation activities on Windows, macOS and Linux operating systems as well as on hundreds of applications.
Qualys WAS will allow X-Force Red to continuously identify and catalog web applications, including new and unknown ones, by detecting vulnerabilities and configuration errors within web apps and APIs. With thousands of scans, WAS performs incisive, in-depth and accurate testing on browser-based web apps, mobile app backends and IoT services.
