Qualys announced that QualysGuard Vulnerability Management now includes correlated exploitability information from real-time feeds to provide customers with up-to-date references to exploits and related security resources.
Previously, when running vulnerability scans, customers would get a list of Common Vulnerabilities and Exposures (CVEs), and have to manually look up exploits for each CVE, taking up the time and energy of security staff or consultants.
Now, QualysGuard VM scans automatically, producing a list of correlated exploits for each CVE, using the most comprehensive databases of tested exploits from Core Security, Immunity, The Exploit-DataBase or Metasploit, enabling customers to quickly and easily assess the impact of each vulnerability from a risk standpoint, helping them prioritize their remediation plans.
The exploit information can also be included in scanning reports, providing a more complete view of security risk. Customers who use these penetration testing tools can also produce actionable reports to apply the exploits on target hosts.
The new exploitability correlation feature includes:
- Live exploit feeds from Core Security, Immunity (and their partners Agora, Dsquare, Enable Security, White Phosphorous), Metasploit and The Exploit-DataBase. Customers can choose the source of exploit data
- An “Exploitability” column in the QualysGuard KnowledgeBase indicating whether exploitability information is available for the vulnerability from third party vendors and/or publicly available sources
- Exploit details for any vulnerability selected, including the CVE reference, a description of the exploit provided by the source and a link to the exploit when available
- The ability to include exploitability information for vulnerabilities in scan reports.