The security and compliance platform Qualys today announced new capabilities as part of CyberSecurity Asset Management 3.0 (CSAM) that provide customers with a real-time view of their attack surface.
Qualys CSAM 3.0 consolidates asset and risk data into a single interface. For every asset, it provides data such as upcoming end-of-life and end-of-support data, missing agents and security controls, open ports, and misconfigured unauthorized software and services. This data is used to create a risk score for each asset called its TruRisk Score.
This release expands CSAM’s coverage, using a combination of data sources, including IoT device sensors, scanning of internet-facing assets, and third-party connectors that can pull asset records from external sources.
CSAM can also now pull in assets from all of a company’s subsidiaries, mergers, and acquisitions, with attribution back to where they came from.
The latest version also improves syncing of configuration management database (CMDB) files, helping to ensure that all asset records are up-to-date.
“As the modern attack surface continues to evolve, cybersecurity teams must simplify and consolidate their approach to building a unified asset inventory. Too often, they rely on multiple siloed point solutions for narrow discovery use cases. An external scanning tool that provides stale data from a snapshot. Another tool that pulls unstructured data from third-party sources. And a CMDB riddled with missing asset records. This approach results in visibility gaps, unstructured cyber risk data, and too much manual effort for security teams. CSAM 3.0 consolidates the strategy for cybersecurity teams to eliminate the risk from unknown assets,” Kunal Modasiya, vice president of product management for CSAM at Qualys, wrote in a blog post.