NCSC recently released guidance recommending patching vulnerabilities for internet-facing services and software within five days and non-external-facing vulnerabilities within seven days. Many organizations find it challenging to accurately discover all their assets, specifically those that are internet-facing, efficiently measure and prioritize the risk, and then remediate it. Anonymized data from the Qualys Threat Research Unit (TRU) indicates the median time to remediate (MTTR) for the average UK organization was 17 days for external-facing vulnerabilities and 15 days for internal threats.
"As a longstanding customer, Qualys has helped us build a culture of continuous improvement and awareness, where every identified vulnerability is an opportunity to strengthen our defenses," said Tom Copeland, head of Governance, Risk and Compliance at Associated British Foods. "The Qualys Enterprise TruRisk Platform has enabled us greater efficacy in de-risking the business, further enhancing our focus on risk prioritization, accelerating our patching and remediation timelines, and making ABF safer overall."
The Qualys NCSC free service allows organizations to remediate issues in as little as 30 minutes and within the recommended 5-7 days for full alignment. Incorporating Vulnerability Management Detection and Response (VMDR), CyberSecurity Asset Management, and Patch Management, the Qualys offering helps organizations to adhere to NCSC by:
- Identifying External Assets: Accurately discover both internal and external assets within your environment and flag End of Life (EOL) and End of Support (EOS) software and devices.
- Efficient Risk-based Prioritization: Vulnerabilities are prioritized by their TruRisk score and automatically mapped to necessary updates to simplify IT workflows for a customized NCSC risk and remediation view.
- Patch Automation: The gap between security and IT teams is closed with Qualys Patch Management. Qualys brings these groups together to safely prioritize and deploy patches automatically to help customers update by default policies, within 5-7 days, as recommended by NCSC.
"Adversaries are weaponizing vulnerabilities more quickly than ever, which accounts for the NCSC's focus on swift remediation of vulnerabilities. For most organizations, with their complex infrastructures and patch workflows, it's almost impossible to meet the 5-7 day update time," said Sumedh Thakar, president and CEO of Qualys. "To aid organizations in adhering to the NCSC guidelines, we're offering the Qualys Enterprise TruRisk Platform free for 30 days. This allows organizations to streamline asset discovery, takes the guesswork out of understanding which vulnerabilities are the riskiest and helps with prioritization, so organizations can mitigate risks quickly and efficiently to safeguard their businesses."
To sign up for this free 30-day service, visit qualys.com/forms/vmdr-ncsc. To learn more, read our blog, "How Qualys Supports the National Cyber Security Centre (NCSC)'s Vulnerability Management Guidance," and register for our webinar, "Mastering NCSC Guidelines."
Additional Resources
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
Media Contact:
Rachel Winship
[email protected]
SOURCE Qualys, Inc.
Share this article