We previously used native patch management tools like SCCM servers for Microsoft, Linux, and Mac OS. However, with the shift to remote work in 2020, we encountered issues pushing patches through these on-premise servers. To address this, we adopted Qualys Patch Management, leveraging their cloud agents that are already in place. This simplified patch deployment, allowing us to push patches directly from the Qualys cloud platform, eliminating the need for on-premise servers and VPN connections, which often caused bandwidth congestion and patch deployment failures.
Qualys Patch Management only requires an internet connection, significantly improving our patching efficiency and overcoming previous challenges with large patch sizes and network limitations.
Qualys Patch Management employs a risk-based approach to automation, utilizing the TruRisk feature within the Qualys VMDR module. TruRisk assesses the security posture of infrastructure by considering asset criticality and assigning a Qualys detection score to each vulnerability. This combination generates a TruRisk score for each asset, enabling the identification of critical assets such as crown jewels or public-facing systems. By categorizing assets based on criticality, users can prioritize vulnerability remediation directly from the VMDR interface. This prioritization seamlessly integrates with Qualys Patch Management, allowing for efficient patch deployment by clicking the Patch Now option in VMDR.
Qualys Patch Management and VMDR are seamlessly integrated, enabling direct communication between them. Patch Management obtains necessary vulnerability and missing patch data directly from the VMDR interface. Both modules rely on the Qualys Cloud Agent to gather complete vulnerability information from VMDR. This integration allows for direct patch deployment through either VMDR or Patch Management.
The COVID-19 pandemic significantly increased cyberattacks on organizations due to the shift to remote work and the resulting expansion of vulnerable attack surfaces. Employees connecting to company networks from home created security gaps that cybercriminals exploited, particularly with ransomware. To mitigate this, organizations adopted proactive measures like using Qualys Patch Management to quickly deploy patches and updates, addressing vulnerabilities, and protecting against attacks without relying on scheduled downtime.
We use the TruRisk scoring mechanism, which ranges from zero to 1,000, to assess and prioritize vulnerabilities. This score is based on Qualys-defined ranges for severity levels, critical, high, medium, low, and our asset criticality scoring. We categorize assets by creating tags for groups belonging to different organizational entities and assign criticality scores to those tags. By combining the asset criticality score with the Qualys detection score provided on a QID basis for each vulnerability, we calculate the TruRisk score. This allows us to identify the number of assets with critical or high-severity vulnerabilities and prioritize remediation efforts.
We have used Qualys Patch Management for four years, but our organization has used Qualys for over 12 years. In that time, I've also used other leading scanning vendors like Tenable and Rapid7. Compared to those, Qualys more accurately detects vulnerabilities due to its cloud agent. This agent, installed on the end asset, reads complete metadata, including the registry and other areas, to identify vulnerable software versions. For example, if an application vulnerability is identified, we can check the asset's installed programs. Even if the software isn't found there, Qualys provides the path where the vulnerable version is detected, often revealing remnant files. These files, left behind even after uninstallation, can be exploited by attackers. Qualys detects these remnants, ensuring accurate vulnerability identification, even if the software appears to be absent from the endpoint.
Although Qualys may be more expensive than other vulnerability scanning tools, its accuracy and effectiveness justify the cost. While alternatives like Tenable Professional offer unlimited IP scanning at a lower price, Qualys provides superior vulnerability detection. This leads to a good return on investment by minimizing security breaches and associated costs, such as reputational damage and compromised client data. Ultimately, Qualys increases stakeholder confidence by providing a high level of protection against cyberattacks.
We previously used a native patch management solution, which resulted in consistently low patch compliance. Achieving even 80 percent compliance often took an entire month, by which time Microsoft would release new security patches. Despite the challenge of maintaining high patch compliance across our extensive infrastructure, with Qualys Patch Management, we now achieve 75 to 80 percent compliance within the first week and 90 to 95 percent within two weeks of patch release. Consequently, our monthly patch compliance consistently exceeds 95 percent.
We augmented our existing vulnerability management solution by adding Qualys Patch Management. Before 2020, we relied solely on Qualys VMDR and other modules. Subsequently, we transitioned to Qualys Patch Management for most patching tasks, although we still utilize Microsoft Intune and SCCM for Microsoft OS assets. Qualys Patch Management leverages vulnerability feeds from the VMDR module, allowing us to identify vulnerabilities missing Qualys patches. Using Qualys Query Language queries within the Qualys interface, we can pinpoint assets with missing patches by searching for Qualys missing patches. This capability enables us to prioritize vulnerability remediation through Patch Management, supplementing our broader vulnerability management strategy.