Qualys unveils CyberSecurity Asset Management 3.0 for real-time vulnerability insights

Qualys has announced the launch of CyberSecurity Asset Management 3.0. This new update expands on the features provided by their Enterprise TruRisk Platform, by integrating an advanced vulnerability assessment capability into their External Attack Surface Management (EASM) solution. This integration allows Qualys to offer an accurate, real-time view of external attack surfaces, reducing false positives and helping to mitigate the risk presented by unknown assets.

The conventional approach taken by cybersecurity teams when developing an asset inventory incorporates disparate sources such as external scanning tools, IT-centric databases (for instance, configuration management databases or CMDBs), and API-based integrations. Due to this fragmented approach, almost 38% of an average enterprise's assets are invisible at any given moment. EASM tools have generally relied on banner-grabbing methods that, while effective to a degree, ultimately produce out-of-date and incomplete snapshots of asset data.

CyberSecurity Asset Management 3.0 by Qualys offers an innovative solution to these challenges. It extends the company's leading asset discovery to all types of environments, incorporating an EASM engine for real-time and accurate assessment of external attack surface risks, as well as built-in passive sensing for IoT and rogue devices. The system comes complete with a first-of-its-kind EASM lightweight vulnerability scanner, designed to highlight critical vulnerabilities immediately after discovery.

One key end-user, Mike Orosz, VP Information & Product Security, CISO at Vertiv, stated: "With Qualys CyberSecurity Asset Management, we have a consolidated view of asset and cyber risk data without requiring separate solutions to scan different areas of the attack surface. The immediate risk assessment of external assets has fuelled a significant increase in our ability to be proactive about the elimination of risk."

The introduction of this system enhances Qualys' attack surface coverage, allowing organisations to gain precise insight into which external assets are attributed to the organisation, including assets from subsidiaries, mergers, and acquisitions. By identifying the most critical risk with industry-leading vulnerability detections, the system reduces 60% of false positives. It also manages to uncover 34% more assets in real time, thanks to passive sensing built into the Qualys agent. This allows it to identify unmanaged IoT/OT devices and pair this with third-party connectors to complete the Qualys sensor's unified inventory, scanning previously unknown assets for vulnerabilities and compliance issues.

Commenting on the launch of CyberSecurity Asset Management 3.0, Sumedh Thakar, president and CEO at Qualys, said, "The 'unknown' asset continues to account for a sizeable amount of the cyber risk plaguing the modern enterprise because if you don't know your assets, you don't know your risk. With our groundbreaking EASM engine and discovery advancements, CyberSecurity Asset Management 3.0 is the only solution that provides every possible discovery method with the speed and accuracy that the modern organisation requires."