Cloud-based security specialists Qualys, has announced its latest solution, VMDR (Vulnerability Management, Detection and Response). The announcement came at the Qualys Security Conference QSC19 in Las Vegas. VMDR is designed to give customers: “streamlined workflow to scan, investigate, prioritize and neutralize threats.”
Philippe Courtot, chairman and CEO of Qualys said: “Game-changing VMDR takes vulnerability management to the next level by providing the power to continuously detect vulnerability and misconfigurations across the entire global hybrid IT environment, and respond in real time to remediate assets that are vulnerable or already compromised from a single platform with built-in orchestration.
“Equally important, the new asset-based pricing and its delivery as a single, self-updating app, makes it easier to procure, deploy and manage, drastically reducing the total cost of ownership.”
What does VMDR do?
Qualys describes VMDR saying: “VMDR bundles Asset Discovery and Inventory, Vulnerability Assessment including Configuration Controls, Prioritization, Remediation and Audit as a single app.”
Pricing for VMDR is per asset with Qualys setting the starting price at $199 per asset (minimum quantity 32). With asset identification and management at the core of what Qualys is offering, this makes sense.
There are five key capabilities that Qualys is offering with VMDR:
Automated Asset Identification and Categorization: This allows organisations to identify and categorise all assets. It will scan on-premises and all cloud environments that the business knows about. Categorisation ensures that OT and IoT components can also be identified and grouped to ensure they are secured.
Real-Time Vulnerabilities and Misconfiguration Detection: This provides automatic vulnerability detection and misconfiguration by asset. For cloud-based environments where misconfiguration has been a major breach issue, this helps organisations identify risk.
Automated Remediation Prioritization: Effective remediation of vulnerabilities is more than patch management. VMDR uses Qualys real-time threat intelligence and machine learning models to identify vulnerabilities, which assets are at risk and which assets need to be remediated first.
Patch and Remediate at your Fingertips: Taking the workflow data from the previous step, VMDR remediates those assets at greatest risk. It also tracks the patch level of each asset. This allows it to deploy the right patch at the right time. This speeds up patch management and reduces vulnerabilities.
Confirm and Repeat: Repeatable and automated security ensures that all assets are patched. IT teams can see all assets from a single dashboard and create customised dashboards.
Taking VMDR to a wider audience
A few weeks ago, Qualys signed an agreement with Microsoft. That agreement sees Microsoft embedding some of the Qualys technology into Microsoft Azure. It gives Azure users access to the Qualys Vulnerability Management and Container Security solutions. How many of those customers will upgrade to VMDR will depend on the initial uptake in Azure. With Microsoft only just signing the agreement with Qualys, it will be 2020 before any figures begin to appear.
For customers using Qualys on other cloud platforms, VMDR offers significantly improved features to make it interesting. Detecting misconfigurations with cloud products is a serious benefit. 2019 has seen several AWS EC2 breaches due to poorly configured environments. Qualys believes it is the solution that will prevent customers being the next headline.
Qualys also works with Google and several other cloud providers. In all those cases it works with other security products on those platforms. With VMDR the question is can it become the centre of security on those platforms? Its ability to detect and categorise assets across multiple clouds is a major benefit. Another is the detection of misconfigurations, as already mentioned. Is this enough to convince customers to make Qualys their primary security platform?
Enterprise Times: What does this mean?
This is a big announcement from Qualys. Although it is firmly based on its existing technology, it is the way it is creating a new platform with VMDR that is of interest. There is increasing demand for simplicity of security in a multi-cloud world. At present, most enterprises are having to combine multiple solutions into a single platform themselves. This is costly, time consuming and runs the risk of integration failures creating security breaches.
What is also interesting, when looking at the detail of VMDR, is that this is not just about automation. Courtot is well aware of the need for machine learning to be a tool for security teams not a replacement. For all the automation in VMDR, there is still much that demands that human touch in order to remediate attacks. That said, the level of automation promised is significant and it will be interesting to see how many MSSPs use this as the base for their own services going forward.