Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Qualys Adds Vulnerability Prediction Capabilities To QualysGuard Platform

Cloud-based security and compliance solutions provider Qualys has updated two of its products to help administrators better manage vulnerabilities and mitigation, the company said Wednesday at its own Qualys Security Conference in Las Vegas.

Qualys IPO

Cloud-based security and compliance solutions provider Qualys has updated two of its products to help administrators better manage vulnerabilities and mitigation, the company said Wednesday at its own Qualys Security Conference in Las Vegas.

Qualys IPO

Qualys added vulnerability prediction capabilities and threat reports for analyzing zero-day vulnerabilities and Microsoft updates in its QualysGuard Vulnerability Management platform, the company said. Along with the Vulnerability Management update, Qualys also released new features in QualysGuard Cloud Platform that will allow organizations to improve vulnerability exception management during reporting and remediation, the company said.

The update to QualysGuard Cloud Platform will allow customers to increase the efficiency of their vulnerability management and policy compliance programs and reduce the cost of securing IT assets, Qualys said. The latest update also supports continuous scanning and allows security teams to configure a scheduled scan task which launches automatically once the previous task is complete, the company said. A scanner calendar offers users a visual layout of scans that have already run as well as future scheduled tasks.

“With this release, we continue to enable customers to further automate their vulnerability management programs and streamline their compliance initiatives,” Phippe Courtot, chairman and CEO of Redwood City, California-based Qualys, said in a statement.

The QualysGuard Cloud Platform includes improved remediation workflow with automatic vulnerability exception handling. Customers would be able to manage expectations for vulnerabilities that cannot be fixed or need to be ignored during remediation. This improves exception management and prioritization of remediation efforts, the company said.

The company also added compliance scanning with non-administrative privileges on Windows systems. QualysGuard Policy Compliance processes data points retrieved during a scan using non-administrator type of accounts to generate a more thorough compliance report. Another compliance report identifies authentication issues during scans by displaying a list of hosts for which the process failed, Qualys said.

The QualysGuard Vulnerability Management reports give security professionals insight into zero-days and include “exposure ratings” for upcoming security patches, Qualys said. With these reports, security teams can plan and prioritize remediation tasks.

Advertisement. Scroll to continue reading.

The new dashboard widget on QualysGuard Vulnerability Management provides easy-to-read views of the latest security bulletins from Microsoft. The widget also displays the percentage of potentially impacted IT assets in the network based on those bulletins, Qualys said. A vulnerability prediction report released for each Microsoft bulletin will list affected hosts broken down by asset groups. Security teams will be able to search, scan, and report on vulnerabilities over specific time periods.

QualysGuard Predictive Analytics Screenshot

The bulletins are linked to detailed descriptions of the threat, impact and solutions, as well as potentially related known-exploits and malware. The threat reports will also provide security teams with the latest information and signatures for exclusive zero-day threats drawn from Verisign’s iDefense along with a list of IT assets within the customer’s network that may be potentially impacted by the zero-day, according to Qualys.

Qualys originally added a patch report in QualysGuard two years ago to help IT staff drive remediation efforts, Courtot said. The new capabilities provide “an innovative vulnerability prediction engine” that predicts potential impact of zero-day and Patch Tuesday vulnerabilities without needing to run additional scans, he said.

“Customers can take action the day of the release to minimize their risk of exposure,” Courtot said.

“Analyzing the impact of Patch Tuesday and zero-day vulnerabilities is a challenging task for IT departments,” said Charles Kolodgy, research vice president, Secure Products for IDC. Customers will be able to better assess their risk exposures and allocate needed resources to eliminate or mitigate threats,” Kolodgy said.

Updates are available immediately to all QualysGuard customers in the US and Europe. Pricing is by annual subscriptions based on the number of QualysGuard solutions and systems deployed.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.