Qualys offers free cybersecurity platform access after NCSC guidance
Aligning with the new patching timeframe guidance from the UK's National Cyber Security Centre (NCSC), Qualys, a provider of disruptive cloud-based IT, security, and compliance solutions, has announced free 30-day access to its Qualys Enterprise TruRisk Platform. The move is set to assist organisations in efficiently discovering and classifying both internal and internet-facing assets, prioritising vulnerabilities for rapid and safe resolution.
Richard Sorosina, Chief Technology Security Officer ANZ for Qualys, addressed the importance of the new service to organisations: "In our experience, few companies here can meet the 5-day patching window recommended. In fact, we know from our research that on average, weaponised vulnerabilities are typically only patched within 30.6 days - and are only being patched an average of 57.7% of the time. Speed is the key to outmanoeuvring adversaries." He added that the company is "committed to going even further to help them identify and understand their risk and prioritise vulnerabilities for swift and safe remediation."
NCSC has issued guidance suggesting vulnerabilities for internet-facing services and software be patched within five days, and non-external-facing vulnerabilities within seven days. Yet many businesses struggle with accurately locating all their assets, specifically those that are internet-facing, and efficiently measuring, prioritising the associated risk, and then remediating it. According to anonymised data from the Qualys Threat Research Unit (TRU), the median time it took a typical UK firm to remediate was 17 days for external-facing vulnerabilities and 15 days for internal threats.
Head of Governance, Risk and Compliance at Associated British Foods, Tom Copeland, illustrated how Qualys has already enhanced the company's ability to handle cyber threats: "As a longstanding customer, Qualys has helped us build a culture of continuous improvement and awareness, where every identified vulnerability is an opportunity to strengthen our defenses... making ABF safer overall."
The Qualys NCSC service, which is offered free for 30 days, comprises Vulnerability Management Detection and Response (VMDR), CyberSecurity Asset Management, and Patch Management. This platform facilitates accurate discovery of both internal and external assets, prioritises vulnerabilities based on their TruRisk score, and automates the patching process within the 5-7 day window advised by the NCSC.
Sumedh Thakar, President and CEO of Qualys, said of the announcement: "Adversaries are weaponising vulnerabilities more quickly than ever, which accounts for the NCSCs focus on swift remediation of vulnerabilities. We're offering the Qualys Enterprise TruRisk Platform free for 30 days... This allows organisations to streamline asset discovery, takes the guesswork out of understanding which vulnerabilities are the riskiest and helps with prioritisation, so organisations can mitigate risks quickly and efficiently to safeguard their businesses."