Qualys recently announced the availability of its Ransomware Risk Assessment Service to provide companies with visibility into their ransomware exposure and automate the patching and configuration changes needed to reduce risk immediately. As part of Cybersecurity Awareness Month and to help organisations proactively combat ransomware, Qualys is making the solution available at no cost for 60 days.
Ransomware continues to escalate with the FBI reporting a 62 per cent year-over-year increase for the period ending July 31, and President Biden convening with global leaders in an effort to protect economic and national security. Unpatched vulnerabilities, device misconfigurations, internet-facing assets and unauthorised software rank consistently among the top attack vectors. Authorities like CISA and NIST recommend that organisations strengthen their defense by proactively assessing ransomware risk including quickly patching associated vulnerabilities.
“While there is no silver bullet to prevent ransomware, companies can take charge with proactive measures including solid cybersecurity hygiene, patching for known ransomware vulnerabilities, changing configurations and adjusting security policies,” said Jim Reavis, Co-Founder and CEO of the Cloud Security Alliance. “Qualys Ransomware Risk Assessment puts cybersecurity teams in control by operationalising government guidelines and providing a company-specific ransomware heatmap so they can eliminate an area of risk and shrink their attack surface.”
Qualys vulnerability and threat researchers analysed ransomware attacks over the last five years to identify approximately 100 CVEs commonly used by ransomware threat actors. Researchers mapped CVEs to ransomware families like Locky, Ryuk/Conti and WannaCry along with specific misconfigurations that are typically leveraged by the threat actors.
Leveraging the research, Qualys developed the Ransomware Risk Assessment Service, powered by the VMDR platform, to help organisations proactively identify, prioritise, track and remediate assets that are vulnerable to ransomware attacks. Once identified, vulnerabilities are mapped to available patches that can be directly deployed from the service without requiring additional tools and VPNs reducing the company’s ransomware exposure.
Qualys Ransomware Risk Assessment Service leverages a single, dynamic dashboard to provide a clear comprehensive view of your ransomware risk exposure including:
Identification of Internet Facing Assets
The solution includes comprehensive asset discovery and a global asset software inventory that identifies and highlights internet-facing assets and unauthorised software to eliminate security blind spots.
Clear Insights into Ransomware Exposure
Expertly researched and curated ransomware-specific vulnerabilities and misconfigurations provide actionable insights so security teams can prioritise workflows and take immediate steps to reduce ransomware risk. Teams can also track remediation progress via live dashboards that provide clear metrics.
Integrated Patch Deployment
One-click and zero-touch workflows kickoff remote vulnerability patching regardless of the asset location. Since the solution is cloud-based, the need for on-premises patching tools that require VPNs is eliminated.
“Ransomware risk is top of mind for CISOs who are no longer satisfied with reactive tools and generic guidelines. They want actionable information to reduce risk proactively,” said Sumedh Thakar, President and CEO of Qualys. “The Qualys security team has extensively researched past ransomware attacks as well as CISA, MS-ISAC and NIST guidance and operationalised it into a prescriptive, actionable plan so companies can proactively remediate to stay ahead of ransomware attacks and reduce their overall risk.”