Get the Most Out of VMDR

You can't protect what you can't see. Therefore, it's essential to incorporate a variety of sensors to get the most comprehensive inventory of all your assets. Leverage Qualys Cloud Agents, discovery scans, connectors with Cloud services, and CMDBs to get the most accurate inventory. Utilize external and perimeter scanning, coupled with External Attack Surface Management, to gain comprehensive insight into assets exposed to the internet. Conduct lightweight vulnerability management scans to enhance visibility into internal assets.

Similar to the previous question, you can't protect what you can't see. Ensuring that your assets are being inventoried like your CMDB will ensure that you're protecting your entire environment.

Tagging helps to organize assets in your organization. The most powerful use of tags is accomplished by creating a dynamic tag. A dynamic tag automatically assigns tags to the assets based on search criteria in the dynamic tagging rule. It also helps you group tags based on business units, geographic locations, asset types, etc.

Expiring digital certificates could lead to business outages of up to $15 million in loss per outage. Thus, it's critical to have an accurate inventory of your certificates to monitor when they expire and prioritize expiring certificates accordingly.

Currently, many organizations are no longer relying on periodic vulnerability or compliance assessments, even if performed weekly or daily. Instead, they seek an immediate and continuous grasp of their vulnerability status. Leverage the Cloud Agent to perform real-time vulnerability assessments on agent-supported operating systems. This approach delivers quick results and significantly minimizes network impact by reducing the noise associated with traditional network scans while network scanners cover the remaining infrastructure.

Authenticated scans give you the most accurate results and provide the most visibility into the security posture of each system. Instead of solely relying on the software list of installed packages, Qualys' authenticated scanning verifies more on the endpoint. By minimizing potential vulnerabilities and prioritizing confirmed vulnerabilities, authenticated scans save you time and give you the most accurate results. You can use the 'Qualys Subscription Hygiene' dashboards to gain insight into subscription health, including authentication failures, and use those insights to fix them.

Using the Agentless Tracking Identifier in DHCP environments allows users to uniquely identify and track each host with a distinct ID, preventing multiple entries for the same host with different IP addresses (or DNS/NetBIOS names). This is advantageous for scanning systems with multiple IP addresses, enabling the consolidation of vulnerability data based on a unique host ID.

There are multiple ways to scan an asset, for example, credentialed vs. uncredentialed scans or agent-based vs. agentless. Regardless of the scanning technique, the vulnerability detections must link back to the same asset, even if the key identifiers, like IP address, network card, and so on, have changed over its lifecycle. Merging unauthenticated scans with agent scan results helps provide a better assessment of your risk posture by providing you with an internal and external view of risk. Refer to Agentless tracking and Agent correlation identifierto set up merging for both authenticated and unauthenticated remote scans with Cloud Agent.

The mantra here is simple: 'Use the agent where you can, scanner where you can't.' Both Qualys Cloud Agents and Scanners offer comprehensive and continuous vulnerability management of the entire attack surface.

Hardening your infrastructure through secure configurations minimizes the attack surface, making it more challenging for attackers to compromise systems. According to the Verizon DBIR report, misconfigurations rank among the top three causes of ransomware attacks. Additionally, every regulatory framework mandates that organizations implement robust configuration hygiene management.

Qualys VMDR includes access to Qualys PCI ASV scanning, which can help you maintain your PCI compliance for your PCI-certified environments. This can be done directly from the Qualys VMDR UI, and results can be imported into the Qualys PCI environment quarterly.

With CMDB Sync, both CMDB and Qualys sync asset metadata, helping you close your vulnerability tickets 60% faster. Ticketing can also help you reduce your Mean Time to Remediate (MTTR) by ensuring critical vulnerabilities are tracked from discovery to remediation.

Prioritizing based on the risk of exploitation or evidence of exploitation helps you focus on fewer high-risk vulnerabilities and reduce the risks you face. You should also consider using a risk-based approach to minimize risk.

Qualys VMDR with TruRisk prioritizes critical assets efficiently by considering factors like location, business importance, and advanced threat intelligence from over 25 threat & exploit intelligence sources. Use TruRisk scores to first target the assets that contribute to the highest risk.

Integrating the MITRE ATT&CK Framework with Qualys and third-party tools elevates the overall efficacy of managing vulnerabilities and misconfigurations, offers a more profound insight into the threat landscape, facilitates prioritized remediation efforts, and ensures alignment of security practices with industry best standards.

Through Patch Detection, organizations can identify specific patches (for example, KB5022511) that must be deployed to remediate vulnerabilities. It saves IT teams countless hours by eliminating the need to research which patches to deploy.

Eliminating assets that are no longer active helps you maintain healthy asset inventory hygiene. You can find information about purging and how to configure the purge rules as per best practices here : Remove stale assets.