Qualys, a provider of cloud-based IT, security, and compliance solutions, has launched its innovative Enterprise TruRisk Platform, signaling a significant transformation for Qualys as a key player in cyber risk management for Chief Information Security Officers (CISOs) and security practitioners. The platform is designed to assist organizations in measuring, communicating, and proactively addressing cyber risk, with a specific emphasis on understanding the impact of cyber risk on overall business risk.
In the face of expanding attack surfaces and an increasingly complex threat landscape, cyber risk has gained heightened importance across various organizations, particularly within the C-suite. Approximately 50% of CISOs now report directly to CEOs, and more than 90% regularly brief their Board of Directors on their organization’s cyber risk exposure.
Sumedh Thakar, CEO of Qualys, highlighted the challenge of translating cyber signals into meaningful risk mitigation strategies and emphasized the Enterprise TruRisk Platform’s role in providing a centralized solution. The platform enables organizations to measure and mitigate cyber risk while furnishing actionable insights for internal security and business risk stakeholders. Additionally, it offers external executive stakeholders, including the board and cyber risk insurers, the necessary data to make informed decisions.
The Qualys Enterprise TruRisk Platform, conceived 18 months ago, represents a maturation of Qualys’ commitment to delivering robust security solutions for attack surface management, vulnerability management, and remediation. It enhances orchestration between these solutions, allowing security leaders to identify, prioritize, and implement cyber risk remediation effectively.
Key Features of the Qualys Enterprise TruRisk Platform:
1. Measure Cyber Risk: Aggregates cyber risk data from both Qualys and non-Qualys external security and IT tools within an organization’s ecosystem. This includes the incorporation of third-party solution risk factors, providing organizations with a comprehensive assessment of their risk using their existing security stack.
2. Communicate Cyber Risk: Transforms diverse cyber risk data into actionable insights and business impact metrics for key security and business risk stakeholders. The platform measures risk in terms of potential financial impact to the business, and report details are customizable for different leadership audiences.
3. Eliminate Cyber Risk: Implements precise remediation and mitigation actions to eliminate cyber risk throughout the extended enterprise. The platform offers dynamic methods for risk reduction, such as virtual patching, permission adjustments, temporary asset disablement, and port-blocking, ensuring risk reduction without compromising operational efficiency.