Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys CyberSecurity Asset Management Expands to Detect Unauthorized Devices Across Hybrid Environments

Groundbreaking functionality enables millions of cloud agents to discover risky unmanaged devices in real time with one click

FOSTER CITY, Calif. – February 1, 2024 – Qualys Inc (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions, today announced it is expanding Qualys CyberSecurity Asset Management (CSAM) to identify unmanaged and untrusted devices in real-time. Leveraging the Qualys Cloud Agent to continuously monitor the network, this passive discovery method complements scans, agents, and API-based discovery to build a comprehensive asset inventory, calculate the TruRisk of every asset, and eliminate risk based on business impact.

Sixty-nine percent of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset such as software, cloud-based workloads, user accounts, and connected Internet of Things (IoT) devices. Staying on top of a changing attack surface requires constant vigilance. Qualys is tackling this critical issue by enriching its Cloud Agent to offer passive sensing, empowering security teams to protect against threats that originate within the internal network, without disrupting operations.

With this new capability, Qualys CyberSecurity Asset Management strengthens its position as the industry leader in combining internal and external attack surface management. By leveraging Qualys Cloud Agents to sniff network traffic, customers have identified an average of 34% more unmanaged and untrusted assets, seamlessly integrating them into their vulnerability management programs with business context and risk assessment.

CSAM with Passive Sensing

  • Qualys CyberSecurity Asset Management with Cloud Agent Passive Sensing*

“In navigating intricate enterprise landscapes, real-time visibility of the entire infrastructure is difficult, and at times, appears impossible,” said Gary Bowen, director of Security Operations, Brown & Brown Insurance. “The Qualys Cloud Agent passive sensor has proven to be a game-changer, providing us with unparalleled visibility and immediate insights across our hybrid IT and OT domains, all without the complexities of identifying optimal locations for network taps. By helping to eradicate blind spots, this passive sensing capability empowers our security teams to identify and address potential risks the moment they arise, offering a comprehensive view of cyber risk across our entire attack surface.”

Qualys CyberSecurity Asset Management with passive sensing provides organizations with:

  • Complete Internal Attack Surface Coverage: Incorporates the final component of a comprehensive asset inventory to detect risk from IoT devices, unauthorized cloud instances and any network devices that may have been previously missed. By adding previously unmanaged and untrusted network device inventory, organizations can perform automated vulnerability management and compliance scans to identify vulnerabilities and misconfigurations, calculate TruRisk, and prioritize remediation actions based on business risk—all within a single platform.

  • Lays the Foundation for Zero Trust Security Architecture: CyberSecurity Asset Management proactively identifies devices connected to the network that are not authenticated, missing security agents, or otherwise untrusted in real-time. This provides cyber risk assessment—without additional overhead, cost, or resource deployment.

  • Turbocharges CMDB Accuracy and Coverage: Automatically add discovered assets to the configuration management database (CMDB), enabling IT with comprehensive visibility required to manage asset inventory lifecycle and remediate cyber risk.

“By adding passive discovery to Qualys’ more than 100 million deployed Cloud Agents, we are providing organizations with a unique expansion of attack surface coverage that requires no additional overhead, cost, or resources to maintain,” said Sumedh Thakar, president and CEO of Qualys. “Bringing significantly more visibility to unknown devices as part of their risk management programs, CISOs now have an ace-in-the-hole to defend against shadow IT; a huge step as organizations move toward a Zero Trust Security Architecture.”


The Qualys Cloud Agent Passive Sensor is now available as part of Qualys CyberSecurity Asset Management app. To learn more, join our webinar or read our blog, Identify and De-risk Unmanaged, Unauthorized Devices With Qualys CyberSecurity Asset Management (CSAM).

Additional Resources

About Qualys
Qualys, Inc (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.

The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit

Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey