Qualys launches industry-first cloud-based risk platform

Qualys has announced the launch of the Risk Operations Center (ROC), claimed to be the industry's first cloud-based platform designed to unify cybersecurity risk data in real-time for better management and decision-making.

The new application is said to consolidate security risk data from both Qualys and non-Qualys sources, including technology alliances like Forescout, Microsoft, and Oracle, across cloud, on-premises, and hybrid environments. This integration aims to provide a unified platform that manages cybersecurity risk by transforming siloed data into actionable insights aligned with business priorities.

Michelle Abraham, Research Director at IDC, commented on the offering: "With IT environments growing more complex and potential risk exposures more numerous, organisations need a holistic and proactive cybersecurity management platform that brings all cyber-risk exposures to one place, unifies scoring and simplifies prioritisation and reporting."

"Qualys' approach with the Risk Operations Center delivers this ideal in a cohesive way. With the ability to analyse all risk factors at a glance – such as exploitability, unique organisational context, threat intelligence, and financial impact – Qualys Enterprise TruRisk Management empowers CISOs and business leaders to create actionable, enterprise-wide strategies to reduce risk to levels that align with the business's objectives."

The ROC application seeks to address the challenges faced by organisations dealing with fragmented risk findings that result in duplicated efforts and missed threats.

By combining data from various asset management tools and cybersecurity solutions, the ROC is designed to help organisations achieve a comprehensive understanding of their risk landscape and enable informed remediation decisions.

Enterprises using Qualys Enterprise TruRisk Management can ingest and unify diverse security data to measure their TruRisk score. This score reflects aggregated risk factors across cloud, on-premises, or third-party applications, juxtaposed with business context to highlight key risk exposure indicators. This proactive risk management enables businesses to align their cybersecurity strategies with overarching business aims.

In addition to data aggregation, the platform aims to quantify cyber risks in financial terms, assisting Chief Information Security Officers (CISOs) in communicating the business impact of cybersecurity measures.

This involves assessing risk factors from individual cybersecurity tools and aligning these with business goals to justify investment and improve prioritisation.

The ROC also features automated remediation workflows, which are designed to aid Security and Risk Operations teams in addressing critical vulnerabilities efficiently. This involves deploying Qualys TruRisk Eliminate to prioritise and mitigate exposure indicators while considering business continuity.

Scott Woodgate, General Manager of Microsoft Security, noted the integration aspect of Qualys Enterprise TruRisk Management: "Organisations need an accurate diagnosis of their risk, including both IT and security data, in a unified view."

"Qualys Enterprise TruRisk now integrates with Microsoft Defender for Endpoint vulnerability and device data to make this possible."

Sumedh Thakar, President and CEO of Qualys, emphasised the innovation behind the launch: "On its 25th anniversary, Qualys continues its never-ending innovation journey by again disrupting the cybersecurity market with the introduction of the Risk Operations Center (ROC)."

"The ROC delivered by Qualys ETM transforms proactive cybersecurity, empowering organisations to operationalise their risk management process in a single platform, and revolutionising the way customers measure, communicate and eliminate risk, irrespective of which cyber tools they employ."