Share this article on:
Qualys has announced it has added external attack surface management (EASM) capabilities to the Qualys cloud platform.
The new component, integrated into CyberSecurity Asset Management 2.0, is designed to add the external attacker view to identify previously unknown internet-facing assets for a complete and accurate picture of the enterprise attack surface.
Digital transformation, increased adoption of cloud and internet of things (IoT), a growing remote workforce, and a technology talent shortage have led to an exponential rise in organisations' attack surface. This expansion makes it harder for security teams to correlate externally visible and internally managed assets, and govern compromises that occur because of undiscovered, unmanaged, or poorly managed IT assets.
To view vulnerable assets from the outside in, organisations need a new approach and "execute like an attacker" to quickly identify areas of risk.
According to Michelle Abraham, research director, security and trust at IDC, organisations must proactively manage their cyber defences, which should include finding and addressing vulnerabilities to reduce cyber risk.
"Qualys' unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its Vulnerability Management, Detection and Response (VMDR) solution into a single view.
"As a result, organisations can better identify undiscovered assets and immediately access and mitigate the cyber risk within the same workflow," Abraham said.
The Qualys Cyber Security Asset Management 2.0 with EASM is designed to enable organisations to continuously monitor and reduce the entire enterprise attack surface including internal and internet-facing assets and discover previously unidentified exposures.
It also aims to synchronise with configuration management databases (CMDBs); detect security gaps like unauthorised or end-of-support software, open ports, remotely exploitable vulnerabilities, digital certificate issues, unsanctioned apps and domains; and mitigate risk by taking appropriate actions.
Mike Orosz, vice president, information and product security at Vertiv, explained that Qualys CyberSecurity Asset Management provides invaluable attack surface insights from an external attacker's point of view.
"This view allows us to proactively augment our vulnerability management program by discovering risks presented by previously unknown internet-facing devices."
"Additionally, the automated workflows enable us to prioritise security engineering actions that will reduce cyber risk and rapidly improve our company's security," Orosz said.
Achieving full asset visibility, Sumedh Thakar, president and CEO of Qualys adds, is one of cyber security's most elusive goals.
"CyberSecurity Asset Management 2.0 solves this by providing both the holistic, external attacker-level and internal view of the attack surface to address the increased threat landscape comprehensively.
"Taking protection a step further, we've natively integrated the solution with Qualys VMDR so organisations can prioritise vulnerabilities and asset groups based on risk and proactively remediate to quickly reduce exposure," Thakar concluded.
[Related: Global study finds 70% DevOps practitioners value AI-augmented testing]