Patch Management

 

Patch Management

 

Streamline and accelerate vulnerability remediation for all your IT assets.

 

The industry's most advanced solution for automated patch management

 

“Patch management is a critical and time-consuming task that many organizations struggle to do well at the pace and scale required today. Qualys has built an impressive platform to help organizations automate the full lifecycle of discovering, prioritizing and now remediating vulnerabilities on a global scale.”

Christopher Kissel Research Director, Security Products, IDC

 

Highlights

 

Automated correlation of vulnerability and patch data

Qualys PM lets you automatically correlate vulnerabilities and patches, increasing your remediation response time. Qualys PM does this by indexing patch data with vulnerability information. That way, when the patch team enters a CVE in Qualys PM’s search engine, they get a list of all the required patches and can deploy them.

 

Patch using the Qualys Cloud Agent, anywhere

Because Qualys PM uses the Qualys Cloud Agent, it deploys patches wherever an agent has been installed, including remote systems and public cloud assets. Essentially, anywhere you can put the Qualys Cloud Agent, you can put Qualys PM.

 

Unify discovery, prioritization, and remediation in one platform

Qualys PM is part of a full, consolidated breach prevention stack that also includes apps for asset inventory, vulnerability management, and threat prioritization, all integrated, cloud-based and sharing the same data.

 

Patch OS and third-party applications with a single solution

Qualys PM can be used to patch operating systems and applications from different vendors, all from a central dashboard. That way you don’t have to manage patches in silos via multiple vendor-specific consoles.

 

Visibility and centralized control

 

Organizations often ignore which patches they’ve deployed, and which are missing, a lack of clarity that causes delays, creates remediation gaps and increases risk. Qualys PM gives you visibility and control by letting you:

• Discover open vulnerabilities and missing patches quickly, comprehensively and at scale across assets located on premises, in clouds, and at remote endpoints
• Track patch status via its central, dynamic dashboard, and generate reports that can be customized for different types of recipients
• Create patch deployment jobs for different types of devices to run on specific, repeatable schedules
• Configure rules and workflows so patches are deployed when they meet certain criteria, like severity level, CVSS score or product name
• Deploy patches on demand at any given point, such as in emergency situations where a vulnerability is suddenly being actively exploited in the wild
• Deliver messages to end users prompting them, for example, to install a patch or reboot their machine, or informing them about an in-progress deployment

Automated vulnerability-patch correlation

 

A common challenge for patch teams is figuring out what patches must be deployed to fix the detected vulnerabilities. For example, to fix one CVE, it’s often necessary to install multiple patches for different versions of the affected product. Qualys PM addresses this challenge by:

• Automating correlation of vulnerabilities and patches, speeding up remediation response, especially for high-profile vulnerabilities being exploited in the wild
• Indexing patch and vulnerability information, so that when the patch team enters a CVE in Qualys PM’s search engine, they get a list of all the required patches
• Putting IT and security teams on the same page by tracking vulnerabilities and patches on the same cadence with correlated information. This helps them collaborate by using a common terminology and consistent data set for patch analysis, prioritization, deployment and verification

 

Faster tracking of patches

 

No need to wait for a weekly or bi-weekly vulnerability management report to find out if the latest deployed patches worked properly – or if they need to be re-deployed. With Qualys PM, patch deployments can be tracked on demand from its central dashboard using the search engine, and results filtered and narrowed using different criteria.

 

Patching remote systems

 

It’s a challenge to deploy patches on remote systems that connect to the corporate network intermittently and infrequently. Because Qualys PM uses the Qualys Cloud Agent, it:

• Deploys patches wherever an agent has been installed
• Continuously sends critical change-event data and supporting details to the cloud
• Enables patch installation on remote and roaming endpoints outside the network

 

Agnostic patch management

 

Many patch management tools work only with products from one vendor, or with one type of software. This forces organizations to have multiple patching products, and prevents them from having a unified view of the patching process. With Qualys Patch Management, you can:

• Patch operating systems and applications from different vendors, including Windows, macOS, and Linux, as well as over 300 applications
• Manage the vulnerability remediation process from a central dashboard, letting organizations target critical CVEs without researching knowledge base articles, and deploy the patches and verify remediation

 

A complete VM suite

 

With this product, Qualys offers a complete vulnerability management lifecycle stack that also includes inventorying of assets, vulnerability management, and remediation prioritization. Specifically, Qualys PM works in tandem with:

• Qualys Asset Inventory, which offers full asset visibility into hybrid IT environments
• Qualys Vulnerability Management, which detects vulnerabilities across all IT assets
• Qualys Threat Protection, which helps prioritize remediation

 

Powered by the Qualys Cloud Platform

 

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all of their IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption & strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

 

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, no software to install, and no databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

 

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.