Qualys unveils AI-powered app risk management solution

Qualys has introduced TotalAppSec, a new AI-powered application risk management solution aimed at helping organisations monitor and address cyber risks from crucial web applications and APIs.

TotalAppSec integrates API security, web application scanning, and malware detection into a unified risk-based approach, offering companies a comprehensive understanding of their application security risk and posture.

This integration allows firms to prioritise and assess critical application risks efficiently and streamline remediation efforts to mitigate risks swiftly.

The significance of web applications and APIs in the digital landscape is evident as they are often the primary entry points for data breaches. The 2024 Verizon DBIR Report highlights that web applications account for a significant portion of breaches, with a notable percentage involving ransomware attacks. Traditional approaches to application security can result in fragmented risk assessments, which fail to provide a holistic view of potential vulnerabilities like API misconfigurations and sensitive data exposures.

Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, stated, "Enterprises are increasingly prioritising the security of web applications and APIs as threats grow in complexity. Safeguarding these assets is now a fundamental requirement for maintaining trust and operational resilience. Solutions like Qualys TotalAppSec can help break down organisational silos between infrastructure, web applications, and API risk, providing the context and visibility security teams need to collaborate effectively. By delivering a holistic view of application security, teams can prioritise the most critical threats and take decisive action to mitigate risk more efficiently."

TotalAppSec utilises the Qualys Enterprise TruRisk Platform to enable security teams to discover and monitor known, unknown, and shadow web applications and APIs.

The solution targets critical vulnerabilities, including those listed in the OWASP Top 10 for web applications and APIs. By leveraging advanced deep learning algorithms, it aims to detect and counter sophisticated malware threats, delivering resilience against evolving threats.

"Qualys TotalAppSec provides clear visibility into inadvertently exposed web applications and APIs, enabling us to proactively mitigate risks," remarked Beatrice Sirchis, Head of Application Security at IDB Bank. "Its unified platform allows us to secure critical web applications, assess vulnerabilities against prevailing threats and the OWASP Top 10, and seamlessly manage remediation from detection through to resolution. Additionally, the flexible licensing lets us easily switch resources between pre-production and production web applications and API scanning, ensuring we meet our evolving business needs."

The solution offers features such as the ability to auto-discover and monitor every web application and API across various environments. Additionally, it simplifies remediation with risk-based prioritisation, leveraging the TruRisk score to help organisations prioritise vulnerabilities based on their criticality and business impact.

Sumedh Thakar, President and CEO of Qualys, commented, "APIs are the new attack surface for enterprises, growing exponentially as modern web applications rely on an increasing number of them. As organisations increasingly integrate platforms, they need a solution that provides a unified view of all interfaces to measure, communicate, and eliminate their cyber risk arising from these applications. TotalAppSec brings together our latest innovations in API security, deep-learning malware detection, and web application security to help security teams understand the business context with risk prioritisation so the greatest risks can be addressed first."