Qualys Extends Cloud Platform With Patch Management

Qualys is adding patch management capabilities to its Cloud Platform, providing organizations with an integrated capability to discover IT assets as well as manage and patch vulnerabilities.

Qualys Patch Management

Qualys announced a new patch management application on Feb. 12, providing organizations with the ability to more easily manage the often complex process of keeping infrastructure software updated.

Qualys Patch Management (PM) is part of the Qualys Cloud Platform service that runs with a single agent on an endpoint to collect information and manage different services. The new service runs alongside other capabilities in the Qualys Cloud Platform, including vulnerability and IT asset management as well as a Web Application Firewall (WAF). With the new patch management component, Qualys is looking to help organizations not only identify areas of vulnerability within their IT systems, but also keep them patched as well.

"As the number of devices are increasing and there is a move toward more of a hybrid environment, the ability to quickly patch and remediate things is still a major challenge, even though our customers can already identify vulnerabilities continuously," Sumedh Thakar, Chief Product Officer at Qualys, told eWEEK.

With the Qualys Cloud Platform, additional capabilities are regularly added to the core platform, to help organizations manage their IT operations. On Feb. 11, Qualys announced the availability of another new capability, with its IT Asset Inventory Cloud app, which provides visibility to organizations on what IT assets they have running. Without the integrated patch management component, organizations would have had to use a separate process or application for software patching.

"From a technology perspective, and from a feature perspective, patch management being part of the Qualys platform is significant, since now we can really provide an end-to-end capability and not just give an IT person a report saying - hey this is bad and good luck fixing it," Thakar said.

How It Works

Thakar explained that the Qualys Platform was already enabling organizations to understand what software is running. As a vulnerability management platform provider, Qualys was also already helping organizations to understand areas of risk, as well as prioritization for vulnerabilities.

Qualys is integrating technology from software vendor Ivanti to help with the patch management side to help determine which patches should be deployed. Thakar said that Qualys technology enables administrators to also validate a given patch before deployment, as well as providing the ability for rollback if needed.

Ranking of patches is another key attribute that benefits from the larger Qualys Cloud Platform. Thakar said that Qualys has a product called Threat Protect which prioritizes with real-time threat indicators if a given IT flaw is being exploited in the wild, or is included in a malware toolkit. He added that visibility into active levels of threat helps to inform the pathing priority.

Patch Effectiveness

Among the key challenges that organizations face with patching is making sure that patches are actually properly deployed to all impacted systems across a distributed enterprise.

Thakar said that the IT Asset Inventory app in the Qualys Cloud Platform is a starting point for knowing what assets are present within an organization. The asset inventory then feeds into the management interface, which can be used to conduct vulnerability assessments and identify potential flaws as well as issues that need to be patched.

Once patches are deployed the Qualys engine goes back to make sure that the right patches have been properly deployed. Thakar explained that since the Qualys agent provides visibility in real-time about what is running on a given system, administrators can get an accurate view of whether or not a patch is actually in place.

Whats Next

Looking forward, Thakar said that Qualys will also be looking at integrating with change management systems to further enable IT operations management.

"We're also looking at embedding patch management capabilities in the DevOps cycle, especially for containers," Thakar said. "So as the product evolves, we'll integrate the patch management capabilities in an  automated DevOps type of approach."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.