Qualys enhances CyberSecurity Asset Management to discover risky unmanaged devices

Qualys is expanding Qualys CyberSecurity Asset Management (CSAM) to identify unmanaged and untrusted devices in real-time.

Leveraging the Qualys Cloud Agent to continuously monitor the network, this passive discovery method complements scans, agents, and API-based discovery to build a comprehensive asset inventory, calculate the TruRisk of every asset, and eliminate risk based on business impact.

69% of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset such as software, cloud-based workloads, user accounts, and connected IoT devices. Staying on top of a changing attack surface requires constant vigilance. Qualys is tackling this critical issue by enriching its Cloud Agent to offer passive sensing, empowering security teams to protect against threats that originate within the internal network, without disrupting operations.

By leveraging Qualys Cloud Agents to sniff network traffic, customers have identified an average of 34% more unmanaged and untrusted assets, seamlessly integrating them into their vulnerability management programs with business context and risk assessment.

In navigating intricate enterprise landscapes, real-time visibility of the entire infrastructure is difficult, and at times, appears impossible,” said Gary Bowen, director of Security Operations, Brown & Brown Insurance.

“The Qualys Cloud Agent passive sensor has proven to be a game-changer, providing us with unparalleled visibility and immediate insights across our hybrid IT and OT domains, all without the complexities of identifying optimal locations for network taps. By helping to eradicate blind spots, this passive sensing capability empowers our security teams to identify and address potential risks the moment they arise, offering a comprehensive view of cyber risk across our entire attack surface,” concluded Bowen.

Qualys CyberSecurity Asset Management with passive sensing provides organizations with:

Complete internal attack surface coverage: Incorporates the final component of a comprehensive asset inventory to detect risk from IoT devices, unauthorized cloud instances and any network devices that may have been previously missed. By adding previously unmanaged and untrusted network device inventory, organizations can perform automated vulnerability management and compliance scans to identify vulnerabilities and misconfigurations, calculate TruRisk, and prioritize remediation actions based on business risk—all within a single platform.

Lays the foundation for zero trust security architecture: CyberSecurity Asset Management proactively identifies devices connected to the network that are not authenticated, missing security agents, or otherwise untrusted in real-time. This provides cyber risk assessment—without additional overhead, cost, or resource deployment.

Turbocharges CMDB accuracy and coverage: Automatically add discovered assets to the configuration management database (CMDB), enabling IT with comprehensive visibility required to manage asset inventory lifecycle and remediate cyber risk.

“By adding passive discovery to Qualys’ more than 100 million deployed Cloud Agents, we are providing organizations with a unique expansion of attack surface coverage that requires no additional overhead, cost, or resources to maintain,” said Sumedh Thakar, CEO of Qualys. “Bringing significantly more visibility to unknown devices as part of their risk management programs, CISOs now have an ace-in-the-hole to defend against shadow IT; a huge step as organizations move toward a Zero Trust Security Architecture.”

The Qualys Cloud Agent Passive Sensor is now available as part of Qualys CyberSecurity Asset Management app.