Using analysis from Qualys researchers, the new service develops a targeted and comprehensive intervention plan for patching, allowing companies to reduce exposure to ransomware
Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of highly innovative cloud-based IT security and compliance solutions, today released the new Ransomware Risk Assessment Service, which provides organizations with visibility into their ransomware exposure and automates the patching and configuration changes needed to directly reduce risk. As part of “Cybersecurity Awareness Month” and to help businesses proactively combat ransomware, Qualys is making the solution available at no cost for 60 days.
Ransomware is growing: last July 31, the FBI reported that the proliferation of ransomware had increased by 62% compared to 2020 and President Biden, in a meeting with world leaders, highlighted the need to protect economic and national security. Unresolved vulnerabilities, device configuration errors, assets exposed to the Internet and unauthorized software remain among the main attack vectors. Authoritative bodies such as CISA e NIST recommend that companies strengthen their defensive strategy by proactively assessing the risk of ransomware and acting quickly to resolve existing vulnerabilities.
“While there is no surefire way to prevent ransomware, businesses can take proactive steps to establish robust cybersecurity, patch known vulnerabilities, correct configurations, and fine-tune security policies,” he said. Jim Reavis, co-founder and CEO of Cloud Security Alliance. “Qualys Ransomware Risk Assessment allows cybersecurity managers to implement useful guidelines to combat ransomware to eliminate risk areas and reduce their attack surface.”
By analyzing data from ransomware attacks over the past five years, Qualys researchers have identified approximately 100 known vulnerabilities and security flaws (CVEs) that are commonly exploited by hackers. Experts have created a correlation between these CVEs, ransomware families such as Locky, Ryuk/Conti, and WannaCry, and specific misconfigurations typically exploited by cybercriminals.
Based on research and the VMDR platform, Qualys developed the Ransomware Risk Assessment Service to help companies proactively identify, classify, track and remediate assets vulnerable to ransomware. Once identified, vulnerabilities are linked to available patches that can be deployed directly from the service without requiring additional tools and VPNs, reducing exposure to ransomware.
Qualys Ransomware Risk Assessment Service uses a single dynamic dashboard to provide a complete picture of ransomware risk exposure including:
Identification of assets exposed to the Internet
The solution includes a sophisticated asset and software inventory search and compilation service that highlights Internet-exposed devices and rogue software to eliminate security weaknesses.
Insights on exposure to ransomware
Expert research into ransomware vulnerabilities and misconfigurations provides actionable insights that security managers can use to prioritize processes and take immediate action to reduce exposure to ransomware. Teams can track remediation progress through dynamic dashboards that display clear metrics.
Integrated patching
Fully automatic or one-click processes initiate remote patching regardless of the physical location of the asset. Since the solution is cloud-based, there is no need for on-premise VPN-based patching tools.
"Ransomware prevention is among the priorities of CISOs, who are no longer satisfied with reactive tools and generic guidelines. They want to have information of practical value to reduce risk and intervene in a preventive manner," he declared Sumedh Thakar, President and CEO of Qualys. "The Qualys security team has conducted extensive research into past ransomware attacks, as well as guidance from agencies such as CISA, MS-ISAC and NIST. The result is a proactive response and remediation plan that organizations can implement to stay ahead of ransomware and reduce overall risk."
Availability
Qualys Ransomware Risk Assessment Service is available immediately. To sign up for the free service for 60 days, visit qualys.com/forms/ransomware/.
For more information, join the webinar by Qualys, Combating the Risk of Ransomware Attacks Expected on October 21, or consult the results of the research on the blog Combating Risk from Ransomware Attacks.
