Qualys Blog

Qualys Enterprise TruRisk™ Management (ETM) extends the power of risk operations with agentic AI — Introducing ETM Identity, TruLens for industry-based threat prioritization, and TruConfirm exposure exploitability validation to accelerate your remediation. Every year at our yearly conference, now ROCon, I connect with security professionals on the front lines. A common theme in our conversations

Enterprise security leaders and their teams face an impossible challenge: drowning in thousands of critical exposures in an ever-expanding attack surface while simultaneously trying to determine which ones pose a genuine risk of exploitation in their organizational environment. Traditional CVSS scoring and even some advanced risk-based vulnerability management (RBVM) techniques can often leave one fundamental

CISOs and security leaders today face extraordinary challenges: the constant influx of vast quantities of fragmented threat data, information that lacks the context necessary for their unique organizations, and mounting operational gaps that hinder genuine risk reduction. The need has shifted from “more visibility” to “more insight.” To sift through the noise and move faster

Security has always been about controlling who can do what and where. In 2025, that control is mediated entirely by identity. When an attacker “logs in,” not “breaks in”, they inherit legitimate permissions, blend into normal telemetry, and pivot across AD, Entra/Okta, SaaS, and cloud, driving multi-million-dollar losses. Credentials, tokens, and service accounts have become

As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for October 2025 This month’s release addresses a staggering 193 vulnerabilities, including nine critical and 123 important-severity vulnerabilities. In this month’s updates, Microsoft

With vulnerabilities growing faster than most organizations can keep up with, the need for a smarter, easier way to reduce risk has never been more urgent. That’s why in 2019 Qualys launched Patch Management—the first solution built to reduce risk, not just push software updates. Since then, the solution has evolved into full-scale vulnerability elimination,

The Fragility of “One Bad Update” In cybersecurity, speed is non-negotiable. New vulnerabilities surface daily, and enterprises expect coverage the moment exploits are in the wild. For years, the mantra was simple: push signatures fast, and you reduce risk. Faster updates meant faster protection. But speed without guardrails introduces fragility. A single flawed update can

Deployment health is mission-critical in today’s digital environment. Duplicate records, ghost hosts, and stale data obscure insights, slow decisions, and erode confidence. Building on last year’s Subscription Health Dashboard blog and best practices, the 2025 update delivers cleaner visibility, stronger ownership, and sharper awareness across the Qualys Enterprise TruRisk™ Platform. It equips teams to act

Introduction Containerized applications power the backbone of modern software delivery. But with speed comes risk. Vulnerabilities and embedded secrets can slip through the cracks long before they hit production. The result? Alert fatigue, noisy false positives, and critical exposures that disrupt sprints and delay releases. That’s why Qualys is introducing a new Pipeline Integration capability

We’re proud to announce that Qualys has been recognized as a Leader in the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment (doc #US52994525, August 2025). We believe this recognition underscores Qualys’ commitment to helping organizations proactively manage cyber risk with comprehensive visibility, contextualized prioritization, and integrated remediation. IDC MarketScape Recognition IDC MarketScape’s report notes,