Qualys has released a free ransomware risk and remediation tool. It is designed to scan systems, identify vulnerabilities and then automate patching and remediation. As this is Cybersecurity Awareness Month, Qualys is making the patch free. It will remain free for the next 60 days with no details on the company’s website to say what it will cost after that.
On the face of it, this is a good thing for many companies. However, some will baulk at the idea of an automated solution given the change management risks. A misaligned patch has the potential to cause significant problems to an organisations IT services.
Sumedh Thakar, president and CEO of Qualys, said: “Ransomware risk is top of mind for CISOs who are no longer satisfied with reactive tools and generic guidelines. They want actionable information to reduce risk proactively.
“The Qualys security team has extensively researched past ransomware attacks as well as CISA, MS-ISAC and NIST guidance and operationalized it into a prescriptive, actionable plan so companies can proactively remediate to stay ahead of ransomware attacks and reduce their overall risk.”
What is the Qualys Ransomware Risk Assessment Service?
The Qualys Ransomware Risk Assessment Service is based on the analysis of five years of ransomware attacks. Qualys says that its engineers analysed 100 CVEs commonly used by ransomware threat actors. It claims: “Researchers mapped CVEs to ransomware families like Locky, Ryuk/Conti and WannaCry along with specific misconfigurations that are typically leveraged by the threat actors.”
While that provides a solid base, what about new attacks? How often will Qualys update the tool to include data from other CVEs? Threat actors are constantly evolving to include new vulnerabilities.
There are three key results from running the service. Qualys lists them as:
Identification of Internet-Facing Assets: The solution includes comprehensive asset discovery and a global asset software inventory that identifies and highlights internet-facing assets and unauthorized software to eliminate security blind spots.
Clear Insights into Ransomware Exposure: Expertly researched and curated ransomware-specific vulnerabilities and misconfigurations provide actionable insights so security teams can prioritize workflows and take immediate steps to reduce ransomware risk. Teams can also track remediation progress via live dashboards that provide clear metrics.
Integrated Patch Deployment: One-click and zero-touch workflows kickoff remote vulnerability patching regardless of the asset location. Since the solution is cloud-based, the need for on-premises patching tools that require VPNs is eliminated.
Enterprise Times: What does this mean?
The question here is, how many companies will allow the service to run unfettered? There are real and proven concerns over the risk of a patch downing an organisations IT services. It is something we have seen even with very large vendors, most recently Facebook. Organisations with a strong change management process will want a different approach that provides actionable intelligence to operations teams.
That said, anything that improves operational security is to be welcomed. Patching is more complicated than many realise. It is one thing to patch your PC, another when you deal with thousands of servers across the globe running business-critical systems. In the latter case, not every system might need or even get to be patched. What this service will do is, at least, provide a benchmark of risk that operations teams can work with.