Qualys introduces TruRisk Eliminate for augmented Patch Management. Qualys didn't wait until the event and published a blog post. What they presented is an implementation of workarounds.
In the screenshot of TruRisk Eliminate we see a filtered list of vulnerabilities on assets, the criticality of vulnerabilities in the form of QDS, the Remediations and Mitigations columns.
🔹 Remediations - installing a patch or installing a patch with reconfiguration.
🔹 Mitigations - workarounds that neutralize the vulnerability instead of patching: changing the registry key, changing the config, removing the application, blocking the port, isolating the device, etc.
And there is a button to perform an action on the asset (using an agent) with a choice of Remediations/Mitigations option.
It's a logical step. Since they gave the ability to patch, why not give the ability to apply workarounds. But Qualys will have a lot of difficulties with this. 🫣
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю подписаться на мой канал @avleonovrus "Управление Уязвимостями и прочее" в MAX или в Telegram.
Pingback: Regarding the Qualys Patch Management event that took place yesterday | Alexander V. Leonov