Qualys has launched a cloud-based Risk Operations Center (ROC) with Enterprise TruRisk Management (ETM). It will consolidate security risk data from Qualys and its partners, including Microsoft, Forescout and Oracle. Bringing together risk data from multi-partners across cloud, on-premises, and hybrid environments removes the problem of siloed data.
Sumedh Thakar, president and CEO of Qualys, said, “On its 25th anniversary, Qualys continues its never-ending innovation journey by again disrupting the cybersecurity market with the introduction of the Risk Operations Center (ROC).
“The ROC delivered by Qualys ETM transforms proactive cybersecurity, empowering organizations to operationalize their risk management process in a single platform, and revolutionizing the way customers measure, communicate and eliminate risk, irrespective of which cyber tools they employ.”
How will the Qualys ROC work?
The focus of a Risk Operations Center is to gather all possible information and use that to determine what poses the most risk and how to address it. Most organisations, despite decades spent building systems to capture and aggregate log data, often lack coherency in that data. Additionally, other elements, such as patching, compliance, threat intelligence, and risk analysis, are separate systems.
The Qualys ROC seeks to provide an integrated solution that brings everything together. It has outlined seven elements of creating a ROC. Those elements are:
- Unified Asset Inventory
- Risk Factors Aggregation
- Threat Intelligence
- Business Context
- Risk Prioritization
- Rick Response Orchestration
- Compliance and Executive Reporting
The order of these elements is important. It provides a flow of information that builds and is enriched as it passes through the ROC. For some customers, this will appear to require a lot of work. However, as processes are aligned and data gathered at each stage, there will be action points that will strengthen the security posture of organisations.
Enterprise Times: What does this mean?
For Qualys, delivering the ROC is all about adding new functionality to its Enterprise TruRisk Management (ETM) platform. By importing data from Qualys partners, it now becomes the core tool at the heart of an organization’s cybersecurity solution. It gives CISOs and security teams a single view across all their operating environments and applications.
It also delivers controls and actions that will ensure the security of an IT estate. Some of those can be automated using the orchestration tools with the ETM. Others may require manual actions by employees.
Of particular importance to CISOs and regulators is that the ROC will also align an organisation’s security stance with regulators’ requirements. With multiple new pieces of compliance legislation coming online, such as NIS2 and DORA, this will appeal to them.
