SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Qualys adds zero-touch patching to Patch Management app
Wed, 29th Dec 2021
FYI, this story is more than a year old

Qualys has announced it is integrating zero-touch patching capabilities into Qualys Patch Management.

Zero-Touch Patch ensures that companies' endpoints and servers are proactively updated as soon as patches are available, reducing their overall attack surface, the company states.

Most vulnerability remediation involves multiple teams and processes - first, a scanning tool identifies vulnerabilities, and then they are passed to the patching team for remediation.

This can lead to extra resources, costs and longer exposure times. A lack of alignment between vulnerability and patch processes and the manual efforts required for vulnerability remediation are among the key causes of delayed patching, Qualys states.

IDC research director security and trust products group Chris Kissel says, “Endpoint security needs to concentrate on taking intelligence from detection and response workflows for better prevention, and Qualys is uniquely positioned to leverage both vulnerability and threat intelligence insights in its patching solution.

"Cleverly, Qualys' approach of taking patch remediation a step further with the addition of zero-touch automation eliminates non-caustic threats like always patching Chrome or iTunes.

"It is a welcome addition that helps companies reduce their attack surface while also freeing up IT and Security resources to focus on more strategic areas.

According to the company, Qualys Patch Management leverages the Qualys Cloud Platform and Cloud Agents to help IT and security teams quickly and efficiently remediate vulnerabilities and patch systems.

Intelligent automation allows prioritisation of vulnerabilities based on threat indicators such as ransomware, matching of prioritised vulnerabilities with known patches, and a zero-touch 'set and forget' feature to proactively patch devices and applications per predefined policies.

For example, an organisation can create a policy to keep Adobe Reader software always patched on all employee laptops.

The new capabilities enable organisations to: reduce the risk from threats such as ransomware, accelerate vulnerability SLA compliance, and lower cost and complexity.

Qualys Zero-Touch Patch intelligently identifies and automatically deploys the proper patches and configuration changes required for remediating vulnerabilities.

Next, it leverages Qualys VMDR (Vulnerability Management, Detection and Response) to prioritise them based on real-time threat indicators such as ransomware, active attacks, exploitability or lateral movement to help organisations reduce cyber risk.

When it comes to SLA compliance, the application of patches is automated to help security teams align with regulatory and internal security policies.

By identifying the riskiest products in the environment, organisations can focus automation efforts on those that introduce the most vulnerabilities, Qualys states.

In addition, the application of low operational risk patches also reduces the overall time to remediation improving vulnerability SLAs.

On cost savings, the updates ensure endpoints are quickly and consistently patched, via the cloud, without the need for manual intervention and regardless of their location or connection to a corporate network reducing the cost of securing a prominent vector of attack.

This eliminates the need to go over VPN for patching can be a significant cost saving.

Qualys CEO and president Sumedh Thakar says, “With cyber attack volume growing exponentially, integrating automation into your cybersecurity arsenal has moved from a nice to have to a must have.

"As organisations implement zero-trust security frameworks, the ability to automate patching so they can better trust assets becomes a foundational aspect of their cyber defence strategy.

Qualys Zero-Touch Patch will be available in October as part of Qualys Patch Management app.