Cloud Platform
Contact us

Patch Management.

Streamline and accelerate vulnerability remediation for all your IT assets.

Qualys is uniquely positioned to leverage both vulnerability and threat intelligence insights in its patching solution. Cleverly, Qualys’ approach of taking patch remediation a step further with the addition of zero-touch automation eliminates non-caustic threats like always patching Chrome or iTunes. It is a welcome addition that helps companies reduce their attack surface while also freeing up IT and Security resources to focus on more strategic areas.

Christopher Kissel Christopher Kissel Research Director, Security Products, IDC

Qualys Patch Management is a cloud service that helps security and IT professionals efficiently remediate vulnerabilities and patch their systems.

Qualys is uniquely positioned to leverage both vulnerability and threat intelligence insights in its patching solution. Cleverly, Qualys’ approach of taking patch remediation a step further with the addition of zero-touch automation eliminates non-caustic threats like always patching Chrome or iTunes. It is a welcome addition that helps companies reduce their attack surface while also freeing up IT and Security resources to focus on more strategic areas.


A single solution to patch operating systems (OS), mobile devices and third-party applications

Qualys Patch Management can be used to patch and apply post-patch configuration changes to operating systems, mobile devices, and 3rd-party applications from a large variety of vendors, all from a central dashboard. That way you don’t have to manage patches in silos via multiple vendor-specific consoles.

% of patchable Windows OS vulnerabilities resolvable via Microsoft patch vs. third-party patch

Automated correlation of vulnerabilities and patches

Qualys Patch Management lets you automatically correlate vulnerabilities with patches and required configuration changes, decreasing your remediation response time. Qualys Patch Management efficiently maps vulnerabilities to patches and required configuration changes, and automatically creates ready-to-deploy “patch jobs” that can be scheduled and deployed automatically. A first-in-the-industry report lets security and IT teams define a single shared priority list of systems & applications to patch regularly, based on historical per-application vulnerability data, for increased productivity and cooperation between these two teams.

Zero-Touch Patch

Qualys Patch Management gives the flexibility to automate patching based on prioritized vulnerability data that helps enterprises address the most critical threats like ransomware. Teams can automatically apply routine patches where risk of creating system instability is low, to reduce time to remediation and free up critical IT and Security resources to focus on strategic tasks. This helps security & IT teams reduce their attack surface, more easily meet SLAs, and reduce manual remediation efforts and costs.

Cloud-based solution that is easy to deploy and use

No need to install software on premises or configure open ports and VPNs. Any on-premises workstation and server, or work-from-home (WFH) device with the Qualys Cloud Agent installed can be immediately scanned for missing patches and patched. Anywhere you can put the Qualys Cloud Agent, you can run Qualys Patch Management. When Qualys Patch Management is used with the Qualys Cloud Agent Gateway Service, you can significantly optimize bandwidth usage by caching patches locally on your network.

Remote patching for corporate and personal devices (endpoint and mobile)

With remote work now the norm, many organizations struggle to deliver patches to corporate and personal devices when users are working from home or otherwise infrequently connected to the network. Qualys Patch Management allows the patch team to deliver patches to these remote users within hours from the cloud, while avoiding the use of limited VPN bandwidth.

Unify discovery, prioritization and remediation in one platform

Qualys Patch Management is part of a full, consolidated breach-prevention stack that also includes apps for asset inventory (including EOL/EOS data), vulnerability management, and threat prioritization, all integrated, cloud-based and sharing the same data.

A complete, cloud-based patch management solution

Qualys Patch Management gives you visibility and control by letting you:

  • Discover missing OS patches as well as missing patches from 3rd-party vendors, like Adobe, Google, Firefox, Apple, Microsoft, Linux and many more

  • Discover open vulnerabilities and patches for mobile apps available on the Google Play Store

  • Discover open vulnerabilities and missing patches quickly, comprehensively and at scale across assets located on premises, in clouds, and at remote endpoints

  • Track patch status via its central, dynamic dashboard, and generate reports that can be customized for different types of recipients

  • Create patch deployment jobs for different types of devices to run on specific, repeatable schedules

  • Configure rules and workflows so patches are deployed when they meet certain criteria, like severity level, CVSS score or product name

  • Deploy patches on demand at any given point, such as in emergency situations where a vulnerability is suddenly being actively exploited in the wild

  • Deliver messages to end users prompting them, for example, to install a patch or inform them about an in-progress deployment

  • Control and manage reboots. Our patch optimization engine will deploy as many patches as possible before a reboot is enforced. When a reboot is required, end users are given control to defer the reboot until a suitable time. However, Qualys PM can enforce a reboot if needed

Automated vulnerability-patch correlation

A common challenge for patch teams is figuring out what patches must be deployed to fix the detected vulnerabilities. For example, to fix one CVE, it’s often necessary to install multiple patches for different versions of the affected product. Qualys Patch Management addresses this challenge by:

  • Automating correlation of vulnerabilities and patches, speeding up remediation response, especially for high-profile vulnerabilities being exploited in the wild

  • Indexing patch and vulnerability information, so that when the patch team enters a CVE in Qualys Patch Management’s search engine, they get a list of all the required patches

  • Putting IT and security teams on the same page by tracking vulnerabilities and patches on the same cadence with correlated information. This helps them collaborate by using a common terminology and consistent data set for patch analysis, prioritization, deployment and verification

  • Providing a comprehensive, filterable view of how many vulnerabilities were introduced in your environment over the last 2 years by each patchable OS or application so you can prioritize patching of your highest-risk applications

Faster tracking of patches

No need to wait for a weekly or bi-weekly vulnerability management report to find out if the latest-deployed patches worked properly – or if they need to be re-deployed. With Qualys Patch Management, patch deployments can be tracked on demand from its central dashboard using the search engine, and results filtered and narrowed using different criteria.

Patching remote systems

It’s a challenge to deploy patches on mobile devices and remote systems that connect to the corporate network intermittently and infrequently. Because Qualys Patch Management uses the Qualys Cloud Agent, it:

  • Deploys patches wherever an agent has been installed

  • Continuously sends critical change-event data and supporting details to the cloud

  • Enables patch installation on remote and roaming endpoints outside the network

  • Patches binaries downloaded directly from the vendor, or caches patches locally, eliminating the need for devices inside your corporate network to download them from the internet

  • Switches automatically to the best source to download patches from, no VPN required: For example, from a local cache when a device is inside the network, or from a vendor when it is at the user’s home

Zero-Touch Patch

Qualys Zero-Touch Patch automates routine and risk-based patching to reduce exposure and maximize protection against high-risk attacks like ransomware. Mapping of vulnerabilities against the patches and configuration changes required for remediation enables security and IT teams to easily prioritize remediation for increased cooperation, productivity and SLA compliance. Qualys Patch Management enables teams to:

  • Intelligently identify and automatically deploy the proper patches and configuration changes required for remediating vulnerabilities (available 4Q2021)

  • Automate the entire patch correlation process and the application of patches with configuration changes in order to continuously meet remediation SLAs and demonstrate patch compliance

  • Prioritize patching based on real-time threat indicators such as ransomware, active attacks or lateral movements

  • Automatically apply low-complexity patches where patching has minimal risk of creating system instability

  • Identify and prioritize which systems & applications to patch regularly based on historical per-application vulnerability data via the new prioritization report

A complete VM suite

With this product, Qualys offers a complete vulnerability management lifecycle stack that also includes inventorying of assets, vulnerability management, and remediation prioritization. Specifically, Qualys Patch Management works in tandem with:

Powered by the Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.