IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Exclusive: Qualys' risk-based approach to cybersecurity
Mon, 27th Nov 2023

Qualys, a provider of cloud-based security and compliance solutions, has been pivotal in aiding companies through their digital transformation. Established in 1999, the company has grown to serve over 10,000 customers in 130 countries and expanded its operations to Australia in 2011. Notably, Qualys was among the first to offer a vulnerability solution through a software-as-a-service model, leading to the development of the Qualys Cloud Platform. This platform and its integrated applications are designed to streamline IT and security operations, reduce compliance costs, and lower cyber risk. 

In the challenging cybersecurity landscape, companies face increased risks from cyberattacks. These threats are significant for organizations balancing innovation with cybersecurity investments, especially under conditions of staffing shortages in cybersecurity teams. Despite considerable investments in cybersecurity, there is a prevailing lack of confidence in adequately safeguarding sensitive data, with Australian organizations particularly feeling underprepared compared to their global counterparts.

Qualys emphasizes a risk-based approach to cybersecurity. This involves assessing current security measures, identifying critical assets, and prioritizing the protection of these assets to effectively prevent vulnerabilities. The company suggests prioritizing the patching of critical vulnerabilities based on the risks they pose to the business and using tools to measure and reduce asset risks. This method is aimed at aligning security strategies with business objectives and strengthening the overall security posture.

Key recommendations from Qualys for improving security posture include:

1. Reviewing System Images and Templates: Regularly checking gold images and software container libraries for potential issues can prevent problems from entering production.

2. Automating Patching Processes: For less critical or low-risk applications, automating update deployments can lessen the workload on teams, allowing them to focus on more critical applications.

3. Checking Vulnerability Counts for Accuracy: It's essential to ensure that lists of vulnerabilities are accurate. In one case, a review revealed that a team was performing well, contrary to what a misleading vulnerability list suggested.

4. Assessing the Need for Software: Alongside checking for vulnerabilities, organizations should evaluate whether the software deployed is necessary, possibly removing unneeded software to reduce risks.

5. Ensuring Completion of Updates: Completing patch deployment, which may require system reboots, is critical, even for applications critical to business operations.

Qualys' work with Australian Payments Plus (AP+) exemplifies the application of these strategies. AP+ merged three domestic payment organizations, creating a need to secure a large number of assets. Implementing Qualys VMDR with TruRisk and integrated apps enabled AP+ to effectively monitor and secure its assets, demonstrating the effectiveness of Qualys' solutions in practical scenarios.

Qualys distinguishes itself by linking cyber risk with business risk, offering the Enterprise TruRisk Platform that allows organizations to quantify cyber risk in financial terms and support risk elimination. This approach marks Qualys as a significant contributor in the cybersecurity and risk management sector.