Last week Qualys launched its latest VMDR solution, Vulnerability Management Detection and Response, which combines the visualization, management, detection and response capabilities of the world’s hybrid computing environments in a single application. It was presented to the world in an informative webinar (you can find it here).
Recognising that this introduction comes at an unprecedented time, we spoke to Sumad Takar, president and product manager, and Philippe Curto, president and CEO of Qualys, about how VDMR can help organisations improve their safety posture.
Will the VMDR and all associated modules be replaced?
VMDR is not a combination of existing modules, but essentially a single application. In this sense, it will replace the many features we have with various VM solutions, such as threat protection. However, users do not need to switch to VDMR.
Users who choose not to update the VMDR still benefit from certain advantages and features, such as a dynamic toolbar.
Identifies inventory to detect assets coming from outside, and how do you know if unused applications are at higher risk?
The VMDR collects a large amount of data from various sensors and coordinates it at the rear. It effectively enables companies and organisations to scan the entire Internet and identify external assets.
We are currently working on other integrations that will take advantage of this feature. In addition, the inventory of assets also provides insight into internal investments.
There are other optional improvements, such as the ability to know when a software reaches the end of its life. It comes with the product and can be activated very easily for those who want to try it.
One of the most important features of VMDR is the integration of patch detection and distribution in a single interface. What if the organisation has not activated the Qualys module for patch management? Does the dashboard always show that the patch is available to the user?
Absolutely. A major advantage of the integrated interface is the possibility to switch between device detection and patch detection in the VMDR. This means that organizations can detect specific patches on specific devices. The agent allows you to specify the file to be used to fix a specific vulnerability. Although the patch feature is not included in Qualys, the detection feature is included in the VMDR, allowing organizations to decide whether to use this information to implement third-party patches or the Qualys agent itself and reduce the exposure window.
And if an organisation has Qualys, but another team is working on the corrections, how can VMDR help them?
Because we work in the cloud, we have always had very strong role-based access control and user space capabilities. So even if there is another team of proofreaders within an organization, they can have specific access and rights to view part of the patch and integrate it into an approved workflow.
This allows you to divide responsibilities between the vulnerability team and the patch team, who can both view the same platform and the same data, but with different workflows tailored to each user.
Customers are concerned about possible problems when installing patches on production servers. How can Qualys help you?
We have a powerful, highly advanced patch implementation module that is integrated into the patch planning and removal process. Because everything we do on the platform is consistent and needs to be linked to assets and asset labels, automated testing allows customers to simply attach a specific label to the test system first. Once they are convinced that the patch will not cause any problems on the test systems, the patch can be applied to the production servers, knowing that it will not adversely affect the systems.
This can also happen depending on the nature of the assets: For laptops, for example, the organization almost always wants to automatically repair Adobe or the operating system, but when the opportunity arises, we try to provide information about solutions that may cause malfunctions or problems.
We are currently using Qualys’ Cloud Agent for cloud and on-premise virtual machines. Is the VMDR different from what we use now?
They are all part of the same sensors and agents, which means that all functions are integrated into the platform. Whether you use a Qualys agent that collects data from laptops, Microsoft Azure or AWS and sends it back to the platform, you don’t need to manually install or update another agent. Whether cloud-based devices, Android devices, or tablet computers in conference rooms, the same agent can be used to discover, merge, discover potential vulnerabilities, prioritize, and provide a way to fix and respond to them.
Does the VMDR require the use of fogging agents?
VMDR does not require the use of cloud agents because we can already deliver threat information and paradigms based on scanning and authentication. However, by using the Cloud Management Agent, organizations get even more accurate information about devices and the ability to automatically correlate and mark what is needed. Given the speed with which the nature of assets and vulnerabilities change, the great value of VMDR is that agents have more information available in real time.
What are the VDMR API options?
When you activate the VMDR, much more information comes out of the PLC with great accuracy. We have several additional patch-related APIs that provide additional information for integration with other patch management solutions.
The usage level of the basic API is already included in the VMDR. So, if organisations want even more hyperrealism about the API, they can discuss it with account managers, because Qualys can certainly help them.
With many organizations having to adapt quickly to working in remote locations, how can VMDR mitigate security issues?
Remote patching puts IT security teams under great pressure. To bring the community together, Qualys has integrated a stand-alone version of the Qualys Remote Protection VMDR cloud solution, which is available free of charge for 60 days. This gives security teams instant and uninterrupted visibility into remote computers, allowing them to easily identify missing patches for critical vulnerabilities and deploy them from the cloud. Payments are made directly and securely from the providers’ websites and content delivery networks to ensure that they have virtually no impact on the bandwidth of the external virtual private network.