Price: Based on size of organisation
Value for Money 4/5
Ease of Use 4/5
Qualys VMDR is a smart modular security solution that delivers joined-up vulnerability assessment, management and remediation services with full visibility of global assets.
As cyber-attacks get ever more sophisticated and deadly, businesses need to stay one step ahead of the criminals as their very survival could be on the line. In this increasingly hostile environment, they must comply with data protection regulations to avoid potentially punitive fines and keep their brand reputation untarnished.
Vulnerability assessment and management are essential weapons in the war against hackers but many solutions are fragmented and complex to deploy. The Qualys VMDR (vulnerability management, detection and response) cloud-based SaaS suite brings order to chaos and looks to have every security angle covered as it provides a wealth of extra features including patch management, asset inventory, endpoint detection and response, web app scanning and file integrity monitoring.
Some products take a distributed approach requiring security functions such as vulnerability assessment, asset inventory, patch management and reporting to be handled by multiple point solutions and even different departments. Furthermore, some vendors have merely added vulnerability management as an extra add-on feature that provides little or no threat intelligence
VMDR is designed from the ground up to provide a centralised solution that can manage the entire vulnerability lifecycle. It doesn’t just identify a problem and drop it on your desk to sort out later but seamlessly integrates full visibility of all on-premises and cloud assets, real-time categorization and prioritization of vulnerabilities, based on real-time threat indicators and multiple attack surface options.
Scanner appliances, Qualys cloud agents and a comprehensive array of sensors are fundamental to VMDR operations as these sensors discover all assets in the network environment and pass this information to the cloud service for vulnerability assessment. Using hardened Linux kernels, Qualys offers physical and virtual options and for testing, we installed a Hyper-V version in the lab in a matter of minutes.
The appliances are managed from the cloud console using schedules and option profiles that determine what you want them to look for. You can also use virtual appliances for scanning EC2 instances making VMDR perfect for hybrid environments with a mix of cloud and on-premises services.
For real-time security updates, missing patch detection and detailed inventory, Qualys provides lightweight cloud agents for Windows, Linux, Unix, BSD and Mac hosts. When creating agent installable packages, you can enable any or all of the seven available VMDR apps and for easier management, have hosts automatically placed in specific groups when they come online.
Qualys also provides passive sensors that detect and profile all devices connecting to the network and can be deployed as physical or virtual appliances attached to a switch span port. We found it much easier to use VMware as the Hyper-V version has very limited support for network adapters that support promiscuous mode and despite lengthy support sessions, we were unable to get it to work.
The VMDR console
The VMDR cloud portal gets straight down to business as its console dashboard opens with a detailed graphical readout of your vulnerability posture in real-time. The dashboard uses dynamic widgets so it’s easy to customise the visualization to your liking, create as many views as you want and preview each widget prior to adding it to a dashboard.
Menus across the top provide swift access to detailed views of vulnerabilities identified by the cloud agents, scanners and sensors. It’s easy to drill down for more detail as a sidebar listing sorts them into areas such as severity, category, affected operating systems plus CVSS ratings and views can be fine-tuned further using complex search queries.
A valuable feature is the ability to assign tags to assets and organize them into groups showing their impact on business operations. These can be assigned during cloud agent creation or you can use dynamic rules and automatically assign tags based on queries such as IP address ranges or specific inventory details.
VMDR’s prioritization reports get you quickly to the active threats that matter and tags play an important part as they are used to identify critical systems at risk. The reports show what happens if a vulnerability is exploited so you can see their potential impact and choosing between detection date and vulnerability age will show the effectiveness of your remediation efforts.
Remediation and more
VMDR is a modular solution and all licensed components are neatly integrated into the same cloud portal. Patch management services are outstanding as you can select a vulnerability, see affected assets, view the required patches and create on-demand or scheduled deployment jobs.
More importantly, patches can be deployed directly from a VMDR prioritization report which provides a view of affected assets, the prioritized vulnerabilities and available patches. Attack surface filters can be applied to show the most critical business threats and the report provides facilities to immediately run a patch job.
You can set up continuous monitoring of your network perimeter and hosts to identify events such as new vulnerabilities, open ports, software added or removed and expiring certificates. Ruleset creation uses a simple drag and drop operations and once again, tags come into play as they can be used to assign continuous monitoring profiles to asset groups.
The certificate view provides a central location for discovering and managing your SSL/TLS certificates while the container security add-on uses sensors to keep a close eye on your Docker environment. The Policy Compliance module streamlines risk management as you can use predefined and custom policies to ensure assets meet your business security standards and swiftly remediate those that don’t.
The EDR (endpoint detection and response) component extends your security umbrella even further as it actively monitors assets for suspicious activities and malware. Nothing extra needs to be deployed as it leverages the standard cloud agent with EDR activated in its profile.
The widget-based EDR dashboard provides a complete overview of your asset security posture and you can drill down to view threats by asset or detected malware. The hunting section offers an event search facility while for automated remedial actions, you can instruct the agent to kill a suspect process, quarantine a dubious file or delete it.
The sheer range of features offered by VMDR meant it took us a while to familiarize ourselves with the cloud portal to be able to confidently navigate it. That said, it’s clear from the outset that VMDR is a very powerful vulnerability assessment and management platform that meets the security challenges presented by hybrid network environments.
Its modular design allows organisations to choose only the features they need and still manage them all from a single centralised console. Furthermore, with many companies now forced to adopt new working practises, VMDR is perfectly placed to extend its protection services to home and remote workers.