It’s no secret that the number of vulnerabilities is on the rise, and so too are the attempts by hackers to exploit them as quickly as they can. Over the last few years, the average time from vulnerability disclosure to exploit is down to a mere seven days. Organizations therefore need to move quickly and apply patches to protect systems from exploitation.
Just today Microsoft released security updates for Microsoft Exchange servers which allow an unauthenticated attacker to execute arbitrary code on the remote system. Given the hacking spree that followed after the disclosure of ProxyLogon vulnerability, CISA issued an emergency directive directing all federal agencies to install today’s security updates by 12:01 AM on Friday, April 16th, 2021.
It’s easier said than done.
Patch Management Challenges
IT teams tasked with patching the organization’s digital infrastructure often face multiple hurdles while trying to achieve a seamless patching process that improves an organization’s security posture. One of the primary challenges is the lack of a consolidated platform that both recommends and applies patches based on efficient vulnerability prioritization techniques.
Further, IT teams face the following pain points while performing security-driven patch management processes.
- Disparate systems handling security vulnerability detection, prioritization and the patch deployment process. This often leads to ‘patch fatigue’ for IT teams who are tasked with applying a seemingly infinite number of patches while failing to address critical vulnerabilities that matter the most.
- Lack of workflows based on underlying security SLAs to automate and scale the patching process.
- Inability to quickly determine the exact patch required to remediate a vulnerable product or OS version.
To address these challenges Qualys developed its Patch Management solution which provides a unified vulnerability detection (through VMDR), prioritization and remediation platform. By leveraging the integrated workflow between Qualys VMDR and Qualys Patch Management customers are able to remediate vulnerabilities much faster than those with disconnected patching solutions.
Advantages of Qualys Patch Management
With Qualys Patch Management, the Qualys Cloud Platform consolidates vulnerability assessment, threat prioritization and remediation, allowing IT and SecOps teams to centralize remediation of vulnerabilities across operating system and over 300 third-party applications.
Users can quickly target critical Common Vulnerability and Exposure IDs (CVEs) without researching knowledge base articles, then deploy the patch to endpoints, on-premises or cloud assets and verify remediation all from one console.
Introducing “This Month in Patches” Webinar Series
To help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is excited to announce the start of a new monthly webinar series “This Month in Patches.”
In this new monthly webinar series, which will occur on every Thursday after Patch Tuesday, Qualys Research team will discuss some of the key vulnerabilities disclosed in the past month (including Microsoft Patch Tuesday) and how to patch them.
Here’s what we will cover:
- Vulnerability and threat landscape metrics covered by Qualys over the last month
- Notable Patch Tuesday vulnerabilities assessed on risk, threat, priority and remediation perspectives
- Actionable patch prioritization dashboards
- Demo highlighting seamless prioritization and patching using Qualys’ rich RTI information, vulnerability research and prioritization interface
Free 60-Day Patch Management Trial
In addition to the new webinar series, Qualys is also excited to announce the availability of a free 60-day trial of Patch Management. We hope the free trial will help global organizations and community of security professionals in general to deploy patches quickly and reduce the mean time to remediate.