Integrating Threat and Vulnerability Management with Patch Management: The (Feasible) Quantum Leap
Last updated on: September 6, 2020
The rise of sophisticated attacks combined with the security-skills shortage have driven many organizations to go back to basics and review their processes for vulnerability and patch management. The approach is definitely a winning one, given that shrinking and managing the vulnerability surface makes it harder to target and compromise.
Assessing the attack surface requires strengthening key capabilities, such as increasing visibility across the IT landscape and improving the detection, prioritization and remediation of vulnerabilities at scale. Qualys has been boosting these capabilities for its customers over the last two decades.
Read on to learn how Qualys is addressing enterprises’ patch management challenges with integrated breach prevention that includes its new Patch Management cloud application.
Prioritize remediation with Qualys Threat Protection
Qualys’ Threat Protection cloud application helps organizations prioritize remediation by using cyber threat intelligence information to map risk of compromise to impacted assets.
Threat Protection also allows organizations to assess the risk affecting a specific asset via threat indicators – such as how easily exploitable is the vulnerable asset or whether the vulnerable surface would allow lateral movement in case of asset compromise. You can also build meaningful dashboards to monitor the prioritization process.
Patch management challenges
While Threat Protection is great for understanding the vulnerable surface and prioritizing actions, the big question remains the execution speed needed for remediation. For a long time, the patch management process has been a hard one, due to many challenges, including:
- The manual correlation of vulnerabilities to patches, which causes delays in KPIs like mean-time-to-remediate. Having to figure out which KB fixes a given CVE is cumbersome and prone to human error.
- Having to wait for vulnerability management reports to know if patches have been applied successfully and required actions completed, such as rebooting affected systems. Since these reports are run weekly or less often, this creates a risky time gap during which vulnerabilities may still be open.
- The difficulty in patching remote systems that connect to corporate networks infrequently. Even when a VPN is active, the patching process could be impacted due to a weak connection, so it is rarely done.
- The limited coverage for third-party apps among PM tools, which often are designed for products from only one vendor. Customers using tools like SCCM or WSUS are doing fine for Microsoft patches, but frustration comes in when 3rd party software needs to be updated.
In addition to these challenges, IT security teams have a wish list of capabilities related to patch management, such as:
- Being able to answer the simple question: “Which patch fixes that CVE across multiple versions of Windows?”, without having to waste time manually correlating vulnerability details and patch data.
- Tracking patch deployments and effectiveness across all endpoints via a central, customizable dashboard. Unfortunately, this often requires hiring a systems integrator to build such a dashboard on external tools like SIEMs.
- Reaching all remote workers and travelling workforce in case an emergency patch is needed, no matter where they are as long as they have an Internet connection.
- Covering the most relevant attack surface, often composed of browsers, Adobe software, commonly used productivity software, and so on.
- Ensuring that one solution covers all the commonly used OS platforms.
How Qualys can help
When Qualys developed its recently launched Patch Management application, we took into account the various use cases mentioned above while focusing on improving the efficiency and effectiveness of the workflow. We leveraged the very small footprint of the Qualys Cloud Agents, which our customers have embraced with more than 18 million deployed, to enable processing the data required for remediating an asset’s vulnerabilities.
Wherever users are, as long as they have a connection, the conversation between the Cloud Agent and the Qualys Cloud Platform will enable the endpoint – client or server – to request and retrieve the patch from the Qualys Cloud Platform, from the vendor’s content delivery network or from a local repository. This will grant the needed flexibility and efficiency in delivering the patch to the endpoint.
Once the patch action completes, the integration between other Qualys apps such as Vulnerability Management and Patch Management on the same Cloud Agent Platform will immediately validate the effectiveness of the applied patch and inform the Qualys Cloud Platform of the successful remediation. This final action exposes the remediation results directly within the monitoring process, increasing the operational efficiency
The solution supports the patch rollback and uninstall as well.
Qualys Patch Management is now generally available and supports Windows – including ancient versions like Windows XP and Windows 2003. But more importantly, Qualys plans to strengthen its functional and business value this year by adding support for MacOS and Linux. Also on the roadmap is an API to allow transparent orchestration with other systems and processes. Other features on the horizon include role-based access control, and automation rules and approval workflows
Last but not least, a major advantage that Qualys delivers is operational efficiency, by providing integrated applications for asset inventory, vulnerability management, remediation prioritization and patch management. Not only is the impact on resources significantly smaller, but the velocity and agility that the integration provides are perfect for the challenges that organizations face when undergoing digital transformations.
(Marco Rottigni is Chief Technical Security Officer at Qualys)