Qualys, Inc., a provider of disruptive cloud-based IT, security, and compliance solutions, has announced the addition of External Attack Surface Management (EASM) capabilities to the Qualys Cloud Platform. The new component, which is integrated into CyberSecurity Asset Management 2.0, adds the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface.
Digital transformation, increased cloud and Internet of Things (IoT) adoption, a growing remote workforce, and a technology talent shortage have resulted in an exponential increase in the attack surface of organizations. This growth makes it more difficult for security teams to correlate externally visible and internally managed assets and manage compromises caused by undiscovered, unmanaged, or poorly managed IT assets. To quickly identify areas of risk, organizations must adopt a new approach that looks at vulnerable assets from the outside in and executes like an attacker.
“Organizations must proactively manage their cyber defenses, which includes finding and addressing vulnerabilities to reduce cyber risk,” said Michelle Abraham, research director, Security and Trust at IDC. “Qualys’ unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its Vulnerability Management, Detection and Response (VMDR) solution into a single view. As a result, organizations can better identify undiscovered assets and immediately access and mitigate the cyber risk within the same workflow.”
“Qualys CyberSecurity Asset Management provides invaluable attack surface insights from an external attacker’s point of view,” said Mike Orosz, vice president information and product security at Vertiv. “This view allows us to proactively augment our vulnerability management program by discovering risks presented by previously unknown internet-facing devices. Additionally, the automated workflows enable us to prioritize security engineering actions that will reduce cyber risk and rapidly improve our company’s security.”
Organizations can use Qualys CyberSecurity Asset Management 2.0 with EASM to continuously monitor and reduce the entire enterprise attack surface, including internal and internet-facing assets, and discover previously unknown exposures. It also aids in the synchronization of CMDBs, the detection of security gaps such as unauthorized or end-of-support software, open ports, remotely exploitable vulnerabilities, digital certificate issues, unsanctioned apps and domains, and the mitigation of risk through appropriate actions.
Qualys CyberSecurity Asset Management with EASM allows Security and IT teams to:
Uncover Gaps Across the Entire Attack Surface — The solution continuously discovers and accurately classifies internal and external internet-facing assets from a single cloud platform. It discovers your subsidiaries automatically, performs horizontal and vertical domain and subdomain enumeration, correlates WHOIS and DNS records, and assigns assets to your organization.
Get a Reliable, Accurate View Aligning Security and IT Ops — With CyberSecurity Asset Management, you can supplement uncertain, out-of-date data in your CMDB. Through automatic synchronization with enterprise CMDBs and vulnerability management, teams can capture unmanaged assets and gain a single source of truth for internet-facing assets, as well as location and context, to streamline ongoing attack surface monitoring and response.
Rapidly Remediate Risk with Native VMDR 2.0 Integration — With TruRisk scoring and automated and one-click orchestration of vulnerability and remediation workflows to convert internet-facing assets into fully managed and patched assets, CyberSecurity Asset Management 2.0 and Qualys VMDR 2.0 improve the cybersecurity program posture.
“Achieving full asset visibility remains one of cybersecurity’s most elusive goals,” said Sumedh Thakar, president and CEO of Qualys. “CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to comprehensively address the increased threat landscape. Taking protection a step further, we’ve natively integrated the solution with Qualys VMDR so organizations can prioritize vulnerabilities and asset groups based on risk and proactively remediate to quickly reduce exposure.”
Availability
Existing customers can now access Qualys CyberSecurity Asset Management 2.0 with EASM in preview. It will be widely available beginning in mid-September. Visit qualys.com/csam-trial to request a free trial.