Cloud Security, Channel partners

Qualys Introduces Patch Management Cloud App for IT, Security Teams

Qualys, a company that specializes in IT and web application auditing, compliance and protection solutions, has unveiled the Qualys Patch Management (PM) cloud app for IT and security teams.

Qualys PM consolidates vulnerability assessment, threat prioritization and remediation and automates patch deployment, according to the company. By doing so, IT and security teams can use Qualys PM to identify and address vulnerabilities on operating systems and third-party software across global hybrid environments.

How Does Qualys PM Work?

Qualys PM can be activated via a Qualys Cloud Agent that sends change event data to the cloud. Then, IT and security teams can use the Qualys Cloud Agent to perform patching on remote and roaming endpoints outside of an organization's network.

In addition, Qualys PM collects and uploads telemetry about installed software, open vulnerabilities and missing patches to the Qualys Cloud Platform. It provides visibility into an organization's IT assets and security posture and enables IT and security teams to analyze, prioritize, deploy and verify patches.

Qualys PM will be generally available next month with pricing starting at $29.99 per asset. Initial Qualys PM support will include Windows operating systems and more than 55 Windows and third-party applications, and future support will include Mac and Linux operating systems.

ServiceNow Research: 'Timely Patching' Is Key

"Timely patching" is a top attribute among organizations that avoid data breaches, according to a survey of nearly 3,000 security professionals conducted by ServiceNow and Ponemon Institute. Yet some organizations struggle with patching due to manual processes and an inability to establish patching priorities.

Security teams can learn from organizations that use timely patching to minimize data breaches. Furthermore, ServiceNow offers the following recommendations to help security teams quickly detect and resolve vulnerabilities:

  • Analyze your organization's vulnerability response capabilities. Identify problems that prevent your organization from detecting and patching security vulnerabilities.
  • Improve vulnerability response over time. Deploy a vulnerability scanner and perform both internal and external scans regularly. Next, collect and analyze threat intelligence.
  • Promote collaboration between IT and security teams. Ensure IT and security teams can use a single platform to monitor and address vulnerabilities.
  • Develop vulnerability response processes. Establish repeatable vulnerability response processes and workflows.
  • Retain top talent. Create a work environment that empowers IT and security teams to optimize their efficiency and productivity and fosters loyalty.

Unpatched software vulnerabilities are among the top causes of data breaches, ServiceNow indicated. However, automating vulnerability response tasks can help an organization simultaneously accelerate patch management and reduce the risk of data breaches.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.