Cloud Platform
Contact us

Patch Management.

Streamline and accelerate vulnerability remediation for all your IT assets.

Patch management is a critical and time-consuming task that many organizations struggle to do well at the pace and scale required today. Qualys has built an impressive platform to help organizations automate the full lifecycle of discovering, prioritizing and now remediating vulnerabilities on a global scale.

Christopher Kissel Christopher Kissel Research Director, Security Products, IDC

Qualys Patch Management is a cloud service that helps security and IT professionals efficiently remediate vulnerabilities and patch their systems.

Qualys Patch Management can detect missing patches and deploy patches to your assets whether they’re on premises, on mobile devices, roaming or remote. Built on the world’s leading cloud-based security and compliance platform, Qualys Patch Management frees you from the substantial cost, resource and deployment issues associated with traditional software products.


A single solution to patch operating systems (OS), mobile devices and third-party applications

Qualys Patch Management can be used to patch operating systems as well as mobile devices and 3rd-party applications from a large variety of vendors, all from a central dashboard. That way you don’t have to manage patches in silos via multiple vendor-specific consoles.

% of patchable Windows OS vulnerabilities resolvable via Microsoft patch vs. third-party patch

Automated correlation of vulnerabilities and patches

Qualys Patch Management lets you automatically correlate vulnerabilities and patches, decreasing your remediation response time. Qualys Patch Management does this by efficiently mapping vulnerabilities to patches and automatically adding the required patches to a ready-to-deploy “patch job.” Remediation teams can schedule and deploy those patch jobs directly from within Qualys Patch Management. This helps remediation teams reduce the time traditionally required to research and map vulnerabilities and the patches required to remediate them.

Cloud-based solution that is easy to deploy and use

No need to install software on premises or configure open ports and VPNs. Any on-premises workstation and server, or work-from-home (WFH) device with the Qualys Cloud Agent installed can be immediately scanned for missing patches and patched. Anywhere you can put the Qualys Cloud Agent, you can run Qualys Patch Management. When Qualys Patch Management is used with the Qualys Cloud Agent Gateway Service, you can significantly optimize bandwidth usage by caching patches locally on your network.

Remote patching for corporate and personal devices (endpoint and mobile)

With remote work now the norm, many organizations struggle to deliver patches to corporate and personal devices when users are working from home or otherwise infrequently connected to the network. Qualys Patch Management allows the patch team to deliver patches to these remote users within hours from the cloud, while avoiding the use of limited VPN bandwidth.

Unify discovery, prioritization and remediation in one platform

Qualys Patch Management is part of a full, consolidated breach-prevention stack that also includes apps for asset inventory (including EOL/EOS data), vulnerability management, and threat prioritization, all integrated, cloud-based and sharing the same data.

A complete, cloud-based patch management solution

Qualys Patch Management gives you visibility and control by letting you:

  • Discover missing OS patches as well as missing patches from 3rd-party vendors, like Adobe, Google, Firefox, Apple, Microsoft, Linux and many more

  • Discover open vulnerabilities and patches for mobile apps available on the Google Play Store

  • Discover open vulnerabilities and missing patches quickly, comprehensively and at scale across assets located on premises, in clouds, and at remote endpoints

  • Track patch status via its central, dynamic dashboard, and generate reports that can be customized for different types of recipients

  • Create patch deployment jobs for different types of devices to run on specific, repeatable schedules

  • Configure rules and workflows so patches are deployed when they meet certain criteria, like severity level, CVSS score or product name

  • Deploy patches on demand at any given point, such as in emergency situations where a vulnerability is suddenly being actively exploited in the wild

  • Deliver messages to end users prompting them, for example, to install a patch or inform them about an in-progress deployment

  • Control and manage reboots. Our patch optimization engine will deploy as many patches as possible before a reboot is enforced. When a reboot is required, end users are given control to defer the reboot until a suitable time. However, Qualys PM can enforce a reboot if needed

Automated vulnerability-patch correlation

A common challenge for patch teams is figuring out what patches must be deployed to fix the detected vulnerabilities. For example, to fix one CVE, it’s often necessary to install multiple patches for different versions of the affected product. Qualys Patch Management addresses this challenge by:

  • Automating correlation of vulnerabilities and patches, speeding up remediation response, especially for high-profile vulnerabilities being exploited in the wild

  • Indexing patch and vulnerability information, so that when the patch team enters a CVE in Qualys Patch Management’s search engine, they get a list of all the required patches

  • Putting IT and security teams on the same page by tracking vulnerabilities and patches on the same cadence with correlated information. This helps them collaborate by using a common terminology and consistent data set for patch analysis, prioritization, deployment and verification

Faster tracking of patches

No need to wait for a weekly or bi-weekly vulnerability management report to find out if the latest-deployed patches worked properly – or if they need to be re-deployed. With Qualys Patch Management, patch deployments can be tracked on demand from its central dashboard using the search engine, and results filtered and narrowed using different criteria.

Patching remote systems

It’s a challenge to deploy patches on mobile devices and remote systems that connect to the corporate network intermittently and infrequently. Because Qualys Patch Management uses the Qualys Cloud Agent, it:

  • Deploys patches wherever an agent has been installed

  • Continuously sends critical change-event data and supporting details to the cloud

  • Enables patch installation on remote and roaming endpoints outside the network

  • Patches binaries downloaded directly from the vendor, or caches patches locally, eliminating the need for devices inside your corporate network to download them from the internet

  • Switches automatically to the best source to download patches from, no VPN required: For example, from a local cache when a device is inside the network, or from a vendor when it is at the user’s home

A complete VM suite

With this product, Qualys offers a complete vulnerability management lifecycle stack that also includes inventorying of assets, vulnerability management, and remediation prioritization. Specifically, Qualys Patch Management works in tandem with:

Powered by the Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.