GigaOm has unveiled its third-annual Radar for Continuous Vulnerability Management featuring Qualys. In this Report, GigaOm provides a detailed analysis of the value and progression of vulnerability management (VM) capabilities to help organizations build the best security and vulnerability management program to meet their needs, now and into the future.
The 2023 Report shifts its focus to continuous VM for traditional areas of coverage, with the addition of new modern requirements that support public cloud resources and IT / DevOps workflows.
The headline of this post gives away the results, so let’s clarify exactly what GigaOm Radar said about Qualys and then describe some of their evaluation processes.
From the GigaOm Radar: “Qualys is a well-established player in the vulnerability management field, offers vulnerability management, detection, and response (VMDR), a risk-based solution for managing vulnerabilities and misconfigurations. With the recent upgrades to VMDR 2.0 with its TruRisk capability, the platform has undergone significant upgrades, providing a range of SaaS-delivered features to effectively measure and reduce cyber risk.”
And, “The VMDR platform’s infrastructure scanning capabilities are robust…. VMDR’s automation capability is worth noting, especially as it relates to patching…The VMDR solution is able to deploy patches to endpoints automatically, significantly reducing the labor required during remediation activities for most organizations.”
“Also noteworthy in this space is the continued yet steady pace at which vendors maintain and develop features for this solution set… while only one vendor demonstrated Outperformer characteristics.”
We’re pleased to announce that only Qualys occupies the Outperformer’s pole position in the GigaOm Radar!
The GigaOm Radar below plots the positions of all the vendors in the Report based on critical technical capabilities and features that support the needs of the modern attack surface. Vendors in the concentric ring closest to the center are judged to be of higher overall value. The arrow projects each solution’s evolution over the next 12 to 18 months. Note the projection for Qualys VMDR: aiming close and straight for the center bullseye!
Qualys and competitors serve large enterprises and SMB companies, but GigaOm Radar’s key criteria for evaluating continuous VM are especially important to large, distributed organizations. The seven areas of evaluation criteria for the GigaOm Radar are:
GigaOm Radar tapped Qualys with three “Exceptional” key criteria rankings: Infrastructure Vulnerability Scanning, Aggregation of Vulnerability Data Sets, and AI-Assisted Risk Calculation. Qualys earned “Capable” rankings for the other key criteria.
“GigaOm’s shift in approach to continuous VM is a smart move,” says Pinkesh Shah, Chief Product Officer at Qualys. “Everyone’s moving to the cloud, and many organizations need to secure complex hybrid environments. The new evaluation criteria give users a real-world handle on hot button requirements unmet by legacy tools – it’s why we’ve built all this functionality into VMDR 2.0.”
GigaOm Radar’s evaluation applied four metrics to the seven key criteria for each vendor’s solution. Evaluation metrics include:
Qualys earned “Exceptional” rankings for End-to-End Coverage, Interoperability, and Scalability. GigaOm ranked Licensing and support as “Capable.”
“Comparing and judging capabilities of 11 different continuous VM solutions was no simple task,” says Chris Ray, an analyst at GigaOm. “The results earned by Qualys make it one of the strongest performers for continuous VM – especially for large enterprises that depend on accurate, reliable protection from modern cyber risks.”
Qualys VMDR customers are long familiar with its award-winning continuous discovery capabilities. If you’re just becoming familiar with VMDR, here is a short list of capabilities that served as a best-practice framework for the GigaOm Radar evaluation.
Children’s Mercy Kansas City is a leading pediatric care center in the US that has 8,200 employees and more than 40,000 IT assets. With VMDR, they cut their total number of vulnerabilities by 85% within 18 months using the solution’s prioritization feature for remediation, according to Ravi Monga, Director of Cybersecurity.
Monga says the key driver was keeping the protected health information (PHI) of patients and families safe and ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA).
“Thanks to Qualys, our priorities for remediation aren’t subjective any longer. We can make clear, data-driven decisions about what to target first,” says Monga.
London-based University of Westminster enjoyed similar results with VMDR. It supports more than 19,000 students and has about 6,500 digital assets with the usual heterogeneity intrinsic to an educational institution. “Mobile devices make up a significant portion of our estate: they account for 45% of all our endpoints,” says Thierry Helaitre, Head of IT Development.
The University of Westminster’s reasons for choosing Qualys included a complete, real-time view of vulnerabilities across all on-premises and cloud assets and significant remediation capabilities, including:
“Through our partnership with Qualys, we’re gaining the fine-grained, real-time insights we need to protect students, colleges, schools, and employees across the University of Westminster,” says Delaitre.
With this compelling intro, there’s but one thing left to do:
Download the GigaOm Radar, Read Its Insights, and Take Action With Qualys VMDR!
After you read the GigaOm Radar, we invite you to Try VMDR for Free and experience all these benefits in your own environment. And, if your organization is already using VMDR, you have permission to pat yourself on the back and say, “Well done!”
P.S. We invite you to join our webinar on Oct 10, 2023, with GigaOm describing the Radar findings in more detail. Register here