SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Asset Discovery
Qualys offers free cybersecurity platform access after NCSC guidance
Thu, 18th Apr 2024
Author image
By Tom Raynel, Managing Editor
Follow us

Aligning with the new patching timeframe guidance from the UK's National Cyber Security Centre (NCSC), Qualys, a provider of disruptive cloud-based IT, security, and compliance solutions, has announced free 30-day access to its Qualys Enterprise TruRisk Platform. The move is set to assist organisations in efficiently discovering and classifying both internal and internet-facing assets, prioritising vulnerabilities for rapid and safe resolution.

Richard Sorosina, Chief Technology Security Officer ANZ for Qualys, addressed the importance of the new service to organisations: "In our experience, few companies here can meet the 5-day patching window recommended. In fact, we know from our research that on average, weaponised vulnerabilities are typically only patched within 30.6 days - and are only being patched an average of 57.7% of the time. Speed is the key to outmanoeuvring adversaries." He added that the company is "committed to going even further to help them identify and understand their risk and prioritise vulnerabilities for swift and safe remediation."

NCSC has issued guidance suggesting vulnerabilities for internet-facing services and software be patched within five days, and non-external-facing vulnerabilities within seven days. Yet many businesses struggle with accurately locating all their assets, specifically those that are internet-facing, and efficiently measuring, prioritising the associated risk, and then remediating it. According to anonymised data from the Qualys Threat Research Unit (TRU), the median time it took a typical UK firm to remediate was 17 days for external-facing vulnerabilities and 15 days for internal threats.

Head of Governance, Risk and Compliance at Associated British Foods, Tom Copeland, illustrated how Qualys has already enhanced the company's ability to handle cyber threats: "As a longstanding customer, Qualys has helped us build a culture of continuous improvement and awareness, where every identified vulnerability is an opportunity to strengthen our defenses... making ABF safer overall."

The Qualys NCSC service, which is offered free for 30 days, comprises Vulnerability Management Detection and Response (VMDR), CyberSecurity Asset Management, and Patch Management. This platform facilitates accurate discovery of both internal and external assets, prioritises vulnerabilities based on their TruRisk score, and automates the patching process within the 5-7 day window advised by the NCSC.

Sumedh Thakar, President and CEO of Qualys, said of the announcement: "Adversaries are weaponising vulnerabilities more quickly than ever, which accounts for the NCSCs focus on swift remediation of vulnerabilities. We're offering the Qualys Enterprise TruRisk Platform free for 30 days... This allows organisations to streamline asset discovery,  takes the guesswork out of understanding which vulnerabilities are the riskiest and helps with prioritisation, so organisations can mitigate risks quickly and efficiently to safeguard their businesses."

Related stories
Evri, Amazon, PayPal top list of brands abused by cyber scammers
Africa serves as testing ground for nation-state cyber warfare, says Performanta
ThreatLocker raises USD $115m for global expansion of Zero Trust security
Illumio included in prestigious Cyber 66 report for the second year
Kaspersky boosts email security features after 77% of firms hit by cyber attacks
Top stories
Semperis unveils groundbreaking identity runtime protection platform
Logpoint unveils platform enhancements for improved cybersecurity operations
PPRO appoints Bronwyn Boyle as new Chief Information Security Officer
Kordia appoints Glen White as Executive GM of Cyber Security
How to safeguard your data with DataCentre220 and UPSPS