The Rise of Managed Risk Operations: How the New Qualys mROC Portal Helps Partners Scale the Risk Operations Center

Key Takeaways

• The mROC Portal acts as a portfolio-wide command center, giving partners unified visibility into high-risk customer environments, active threats, and critical exposures to drive prioritized, portfolio-wide risk management.
• Partners can filter risk, drill into any customer, and take action with one-click SSO on the mROC Portal, eliminating swivel-chair workflows.
• Further, the mROC Portal enables scalable, outcome-driven services with AI, TruRisk™ prioritization, and closed-loop remediation, helping partners prove risk reduction, strengthen SLAs, and identify growth opportunities.

For years, vulnerability management meant scanning, prioritizing by CVSS score, and handing a spreadsheet to IT. Attack surfaces now span cloud, on-premises, OT, IoT, and AI workloads. Threat actors weaponize vulnerabilities in hours. Boards demand risk in business terms. Meanwhile, security teams are drowning in siloed findings, with no unified way to determine what puts the business at risk.

The defining challenge is not how many vulnerabilities exist, but turning fragmented findings into consistent, business-aligned decisions.

Managed Risk Operations Center (mROC) as the Operating Model for Scalable Risk Decisions

With the Risk Operations Center (ROC) to address this gap, Qualys is reframing how cyber risk is evaluated and acted on. Built on Qualys Enterprise TruRisk™ Management (ETM), a ROC unifies visibility, prioritization, remediation, and validation into a continuous loop that uses threat intelligence and business context to drive consistent action and measure real risk reduction.

To operationalize this model at scale for partners delivering managed services on the Qualys platform, Qualys has introduced the managed Risk Operations Center (mROC) Portal, providing a unified view of risk across each customer’s entire attack surface without requiring tool consolidation — empowering them to act on exposures that drive real risk and prove measurable risk reduction through built-in intelligence, validation, and closed-loop execution.

This practical operating layer makes it easier to sell, onboard, manage, and demonstrate value across customers while delivering consistent, high-quality cyber risk management services at scale. Curated threat intelligence, TruRisk™ scoring with cyber risk quantification, workforce effectiveness amplified by Agentic AI, and exploitability validation through TruConfirm equip partners to manage the full risk lifecycle, clearly differentiating a managed risk operations practice from legacy scan-and-report services.

Scale Risk Operations Across Every Customer with the mROC Portal

Formerly known as the MSSP Portal, the mROC Portal is a multi-tenant console that builds on the existing foundation of customer management, license visibility, RBAC, bulk API actions, SSO, and audit logging and adds portfolio-wide risk intelligence.

View the Latest Threat Activity & Compare Customers against Benchmarks: The Risk Dashboard surfaces where attention is required — trending threats, high-risk customers, and critical exposures such as ransomware vulnerabilities and CISA Known Exploited Vulnerabilities. Prioritization happens at the portfolio level before investigation begins.

Quickly Triage & Take Action: The Customer Risk Overview enables partners to filter, segment, and move directly into customer environments through QQL and one-click SSO. Here, context is maintained while action shifts to the point of execution.

The mROC Portal helps partners to cut through noise, focus on high-impact exposures, and automate operations across their entire customer portfolio — quickly moving from portfolio-level insight to action within any customer’s environment. The result: measurable risk reduction that elevates partners from service providers to strategic risk advisors.

What’s Ahead

This release marks the first step in a broader evolution of the mROC Portal, with continued innovation focused on three key areas:

• Expanding on the platform Agentic AI capabilities – Amplify your team’s efficiency with partner-specific workflows to choreograph risk management tasks across multiple customers.
• Operationalizing Risk Management – Build efficient risk management workflows that enable partners to scale, track SLAs, and communicate seamlessly with customers.
• Streamlining Account Management & Sales activities –Improve license management, identify and track growth opportunities, and tie into partners’ existing business processes.

As these capabilities continue to evolve, partners can standardize execution, reduce operational friction, and scale risk operations services with greater control and consistency across every customer. The result is a more mature, outcome-driven model where risk reduction is continuously measured, clearly demonstrated, and directly tied to the value partners deliver.

Getting Started

Existing MSSP Portal users: Log in with your existing credentials here to experience the portal! 

New to the portal? Contact your Channel Account Manager, open a Qualys Support ticket, or email channels@qualys.com.

Learn More

• mROC Portal Documentation
• mROC 2.0 Release Notes
• Qualys MSSP Partner Program
• mROC Alliance

You Can Also Read

• The Future of Cybersecurity Risk Management with Qualys TruRisk and ROC
• Meet Agentic AI on the Qualys Platform
• TruConfirm: Ending Vulnerability Guesswork with Proof Inside ETM
• Cybersecurity Predictions 2026: The Rise of Risk-First Security Models
• Qualys Unveils mROC: The Industry’s First Managed Risk Operation Center
• Powering the Future of Cyber Risk Management: Welcoming Our First mROC Alliance Members

FAQs:

How does TruRisk scoring prioritize risk?

TruRisk scoring combines exploitability, threat intelligence, asset criticality, and business context to rank exposures based on their potential impact, enabling more defensible and consistent remediation decisions.

What is closed-loop remediation in Qualys?

Closed-loop remediation refers to a continuous cycle of identifying, fixing, and re-validating exposures within a single system.

How does Agentic AI support risk operations?

Agentic AI automates repetitive tasks such as discovery, prioritization, and validation to sustain continuous risk assessment at scale.

What is the mROC Portal?

The mROC Portal is a multi-tenant platform that allows partners to manage and operate risk across multiple customers, providing portfolio-level insight and enabling consistent application of risk management workflows.

Why are managed risk operations emerging as a category?

As environments become more complex and dynamic, organizations are shifting toward continuous, outcome-driven risk management delivered through partners who can standardize prioritization, remediation, and validation at scale.