News alert: Qualys unveils ‘Enterprise TruRisk Platform’ to help businesses eliminate cyber risks

Foster City, Calif., Nov. 21, 2023 — Qualys, a cloud-based IT, security and compliance solutions leader, unveiled its forward-looking vision of the Qualys Enterprise TruRisk Platform on Nov. 8.

The announcement was made by president and CEO, Sumedh Thakar at the company’s annual Qualys Security Conference in Orlando, Florida. The Qualys Enterprise TruRisk Platform centers around helping customers holistically measure, effectively communicate, and proactively eliminate cyber risk, with a hyper focus on the impact of cyber risk on business risk.

The ground-breaking platform is the maturation of a concept that Qualys began working on 18-months ago through a commitment to deliver powerful security solutions for attack surface management, vulnerability management, and remediation, in addition to providing a higher level of orchestration between these solutions that allow security leaders to better identify, prioritize, and action cyber risk remediation to maximize positive impact on their businesses.

In a company blog post, Thakar described the Qualys Enterprise TruRisk Platform as “marking a seismic shift for the future of Qualys as a leader in managing and reducing cyber risk for CISOs as well as security practitioners.” He went on to comment on how disjointed cyber risk scoring methodologies and disparate cybersecurity point solutions have had a negative impact on CISOs and the organizations they secure.


“Despite a market push to release more cyber risk ‘measurement’ solutions, security leaders and stakeholders have no reliable means of aggregating, correlating, and translating cyber signals from a growing cybersecurity stack into meaningful cyber risk mitigation and remediation strategies,” said Thakar. The Qualys Enterprise TruRisk Platform addresses this issue head-on by delivering a unified view of risk under one agent and a single scalable solution.

With ever-expanding attack surfaces and a growing threat landscape, cyber risk has become an elevated topic of importance and prominence for virtually every organization, especially for the C-suite. Today, nearly 50% of CISOs report directly to the CEO, with over 90% regularly briefing their Board of Directors about their organization’s exposure to cyber risk.

With dozens of security tools on average, security leaders are forced to parse through a complex maze of risk data from a collection of disparate solutions managed by different teams and split between IT and security to calculate, articulate, and remediate cyber risk across their extended infrastructure. Ultimately, they’re measuring risk with limited data, and because of this, they’re communicating the cyber risk inaccurately to their stakeholders and not reducing cyber risk effectively for their businesses.

The Enterprise TruRisk Platform provides a centralized way for organizations to measure and eliminate their cyber risk and arms users with the actionable insights they need to communicate their actual cyber risk posture to internal security and business risk stakeholders. It also provides external executive stakeholders, from the board to cyber risk insurers, with the necessary data they need to make the right decisions.

Eliminate cyber risk

The Qualys Enterprise TruRisk Platform is the only cybersecurity and risk management solution that enables users to:

•Measure Cyber Risk – Aggregates cyber risk across Qualys and non-Qualys external security and IT tools within an organization’s ecosystem. For the first time, users will be able to aggregate third-party solution risk factors. On top of data from the Qualys Threat Library and over 25 threat intelligence feeds, Qualys Enterprise TruRisk Platform will ingest data from other IT and security vendor solutions, to allow organizations to get an accurate assessment of their risk with their current security stack.

•Communicate Cyber Risk – Translates disparate cyber risk data into common actionable insights and business impact metrics for key security and business risk stakeholders. Risk will be measured in terms of potential financial impact to the business, and the level of detail in reports will be customizable to the respective leadership audience.

•Eliminate Cyber Risk – Eliminates cyber risk across the extended enterprise with precise remediation and mitigation actions. The platform goes beyond patching to introduce dynamic methods for risk reduction where patching is neither possible nor preferred. These options include, but are not limited to, virtual patching, permission adjustments, temporary asset disablement, and port-blocking to allow for risk reduction without compromising operational efficiencies.

To learn more about the Qualys Enterprise TruRisk Platform, please read the company blog post here.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone