Qualys has announced the launch of CyberSecurity Asset Management 3.0, an expansion of the Enterprise TruRisk Platform. This update integrates its leading vulnerability assessment capability into its External Attack Surface Management (EASM) solution delivering an accurate, real-time view of the external attack surface that eliminates more false positives to mitigate the risk of unknown assets.
Traditionally, cybersecurity teams rely on disparate sources like standalone external scanning tools, IT-centric databases such as configuration management databases (CMDBs), and API-based integrations to piece together asset inventories. EASM tools have relied on banner-grabbing methods that produce stale, incomplete asset data snapshots. As a result of this piecemeal approach to asset discovery, the average enterprise is blind to 38%* of its assets at any given time.
Qualys CyberSecurity Asset Management 3.0 extends its leading asset discovery for all types of environments—including an EASM engine for real-time and accurate assessment of external attack surface risks, built-in passive sensing for IoT and rogue devices using the already-deployed Qualys agent, and third-party API-based connectors to complement Qualys sensors. This unified approach not only consolidates asset discovery to a single, unified solution but also introduces a first-of-its-kind EASM lightweight vulnerability scanner to pinpoint critical vulnerabilities immediately upon discovery.
“With Qualys CyberSecurity Asset Management, we have a consolidated view of asset and cyber risk data without requiring separate solutions to scan different areas of the attack surface,” said Mike Orosz, VP Information & Product Security, CISO at Vertiv. “The immediate risk assessment of external assets has fueled a significant increase in our ability to be proactive about the elimination of risk.”
This release enhances Qualys’ industry-leading attack surface coverage, allowing organisations to:
- Gain precise insight into which external assets are attributed to the organisation — Discover all assets from subsidiaries, mergers, and acquisitions with patent-pending attribution and confidence scoring.
- Reduce false positives to isolate risk on the external attack surface — Quickly and accurately identify the most critical risk with industry-leading vulnerability detections, reducing 60%* of false positives that result from basic banner-grabbing tools.
- Eliminate unknowns from the internal network in real-time — Uncover 34% more assets in real-time with passive sensing, built into the Qualys agent to identify unmanaged IoT/OT devices. The third-party connectors complement the Qualys sensors delivering a unified inventory, and scan previously unknown assets for vulnerabilities and compliance issues.
“The ‘unknown’ asset continues to account for a sizeable amount of the cyber risk plaguing the modern enterprise because if you don’t know your assets, you don’t know your risk,” said Sumedh Thakar, president and CEO at Qualys. “With our groundbreaking EASM engine and discovery advancements, CyberSecurity Asset Management 3.0 is the only solution that provides every possible discovery method with the speed and accuracy that the modern organisation requires.”