Integrated Vulnerability Risk Management and IT Risk and Compliance with QualysGuard and Modulo
Last updated on: September 6, 2020
Understanding overall security and compliance risk is an integral part of a risk management program. The integration of security and compliance solutions has provided some insight to understanding this risk, but lack true security risk as organizations are challenged with hundreds or even thousands of vulnerability detections every day.
Integrating QualysGuard and Modulo
Modulo provides a simple mechanism for importing asset and vulnerability data into Modulo Risk Manager. With Modulo Risk Manager, QualysGuard Vulnerability Management data is tightly integrated into the risk management program, allowing vulnerability risk to be correlated with other risks, controls, and assets providing a holistic management perspective of the most important risks.
Integration Benefits
Asset Synchronization and Correlation
Schedule import of assets from QualysGuard Vulnerability Management to constantly keep your asset management module updated with new assets and vulnerabilities. In addition, correlate these assets with other business assets in Modulo to understand business risk.
Holistic IT Risk Approach
QualysGuard Vulnerability Management data is automatically collected and integrated into the risk management program, allowing vulnerability risk to be correlated with other risks, controls, and assets, providing a holistic management perspective of the most important risks. In addition, the Risk Score, the formula used to calculate the risk score for vulnerabilities, can be customized using the following variables:
- Asset Criticality
- Asset Relevance
- CVSS Score
- Vulnerability Level
- Vulnerability Type
Prioritized Remediation
This integration allows customers to prioritize not only compliance risks, but also security risks to manage remediation efforts across the organization, prioritize large amounts of vulnerability data using a mature and reliable approach, produce compliance documentation and make more accurate decisions.
For more information regarding this integration, please see the Qualys and Modulo Showcase Integrated Vulnerability Management with IT GRC Press Release.
Matt – I’m very interested in this.
Doug
Matt, Doug et al,
We’ve just started (i.e last Monday) an evaluation of Modulo Risk Manager. One of our objectives is to assess how it couldlhelp us manage and track vulnerabilities.
Its very easy to set up and uses a normal logon id to access the api facility. Once you have defined your assest/asset groups to teh logon off you go. Its as easy as that.
It doesn’t appear to change our process much – it probably adds some more discipline around the stages which should please our auditors (if indeed that’s possible – have you ever seen a happy auditor? ;-))
So far it look very promising.
We are also bringing in other issues relating to configuration compliance (but these are not coming from Qualys). The intention here is to get a big picture of all risks affecting a service.
We are just staring to look at the ticketing facility. This appears to be a bit basic but its early days and we believe the November release adds more functionality.
I’ll keep you posted with how we get on
PS Our Modulo people are telling us they have customer doing a presentation at one of the forthcoming US Qualys user group conference – but I don’t have any more details.
We’ve now completed a proof of concept of Modulo Risk Manager and I’ll be happy to respond to questions. We are now proposing to subscribe to the SaaS.
Overall the product does what it says on the tin. The only downside is that the product’s risk management methodology or workflow needs some slight adaptation for dealing with Vulnerabilities in order to get exploit the full suite of facilities. You’d have to see the product in order to appreciate what we mean !!
But this is not show stopper and we are optimistic that these will get delivered as more Qualys users come on board.