Qualys this week announced the availability of a Vulnerability Management, Detection and Response (VMDR) platform based on a single agent that detects endpoint vulnerabilities and automates the patching of those systems.
Sumedh Thakar, president and chief product officer for Qualys, said VMDR is based on a cloud platform that continuously communicates with Qualys agent software, which has been infused with machine learning algorithms to identify what software components need to be patched based on the severity of the vulnerability.
Once Qualys agent makes that determination, it then reaches out to the software vendor’s content delivery network (CDN) to download and install a patch, said Thakar. In some cases, IT organizations will automate that process end to end. In other cases, the IT team may determine what endpoint to patch based on whether that patch may break an application running on that system, he noted.
Regardless of the degree of automation, the ability to automate the patch process is now more critical than ever with the bulk of workforces working from home to help combat the COVID-19 pandemic, he added. Most of the existing platforms employed to install patches assume the device is connected to a local network in the office. Pushing out patches across a highly distributed computing environment can be difficult to manage, especially when the cybersecurity team in charge of installing those patches is also working remotely. The Qualys approach alleviates that issue by enabling the endpoint to download the appropriate patch directly from the provider of the software whenever needed, Thakar said, adding in effect, patch management becomes a real-time process.
Thakar said VMDR represents an ambitious effort to reduce the number of agents that need to be deployed on an agent. The VDMR agent, for example, can detect malware so there is no need for a separate endpoint detection and response (EDR) platform. Over time, Qualys will continue to expand the scope of the functions and tasks its agents can perform, he added.
Qualys also plans to apply additional analytics to the data it collects via a cloud platform built on top of an instance of ElasticSearch, as part of an effort to provide additional security intelligence.
Thakar said it’s increasingly clear that cybersecurity tasks that were once managed in isolation from the rest of IT are going to converge. Rather than having to manually perform each task themselves, cybersecurity teams will find themselves simply validating that those tasks have been performed by the Qualys agent, he said.
Given the increased sensitivity to cost at a time when cybersecurity threats only continue to increase, the need to automate cybersecurity arguably has never been more pressing. The issue cybersecurity teams are contending with now is not such whether they should automate tasks as much as finding the quickest and simplest way possible to achieve it.