Integrated solution combines BMC BladeLogic and Qualys Vulnerability Management to quickly identify and remediate threats and boost collaboration between Security and IT Operations teams.
As organizations move to become more digital, they must maintain the security and privacy of their digital assets: critical systems, data, and intellectual property. Today, BMC and Qualys announce the first solution to tie vulnerability information to automated remediation actions. This dramatically reduces the window of vulnerability while simultaneously improving IT operational performance.
While data breaches can be catastrophic, most are preventable, as 80 percent of exploits utilize vulnerabilities with known fixes. One of the causes of successful attacks is the misalignment of objectives between the security team, responsible for identifying vulnerabilities, and the IT operations team, responsible for implementing the changes to the systems. This misalignment is the SecOps gap.
“Given the number of information security vulnerabilities that exist in the world today, security and IT operations can benefit tremendously from tighter collaboration and more efficient workflow,” said Michael Allen, information security officer at Morningstar, Inc. “With Intelligent Compliance, we now have an integrated solution to automate our information security processes, greatly reducing time and cost.”
The joint solution, Intelligent Compliance, addresses the gap through a combination of security and compliance audit data from Qualys Vulnerability Management (VM) with the associated action from BMC BladeLogic Server Automation to remediate the vulnerability. Specifically, it helps:
Reduce the Window of Exposure to Vulnerabilities – accelerate remediation of vulnerabilities through automation
Avoid Downtime – make remediation actions predictable and safe, minimizing both planned and unplanned outages
Increase Speed and Frequency of Audits – run automated audits as frequently as needed, or even on-demand, without impacting other operational activities
Stay Compliant with Industry Regulations – take advantage of pre-built audit and remediation content for common policies
Lower the Cost of Audit and Remediation – automate actions that were previously manual
“The SecOps gap is a significant problem, undermining companies’ efforts to keep their customer information and intellectual property safe and secure,” said Phil Harris, CTO and president of Cloud and Data Center Automation at BMC. “The BladeLogic suite has always been a great way to remediate vulnerabilities and compliance issues quickly and safely, but now we are excited to combine that with Qualys’ extremely detailed vulnerability scanning data.”
“Reducing the window of exposure to vulnerabilities on critical systems is a fundamental proactive measure to deflect cyber attacks,” said Philippe Courtot, chairman, and CEO of Qualys, Inc. “Together with BMC, we can now offer the ability to not only identify threats in real time, but to significantly accelerate remediation while greatly reducing the time and cost required to conduct audits.”
Charles Kolodgy, Research vice president, secure products, IDC:
“Organizations face an escalating need to improve operational excellence in security and IT compliance, since the downsides of a security breach can be catastrophic. One reason current approaches aren’t successful is a disconnect between security and operations teams. The combination of vulnerability scanning solutions, like Qualys, and remediation solutions, like BMC BladeLogic, can improve a company’s security posture and the IT organization’s efficiency. Any company in an industry or situation where security or compliance is important should investigate a combined solution like the Qualys and BMC integration.”
About BMC
BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. We have worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to mobile, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide amazing user experiences with optimized IT performance, cost, compliance, and productivity. We believe that technology is the heart of every business, and that IT drives business to the digital age. To learn more, visit bmc.com.
About Qualys, Inc.
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 7,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100.The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, Accuvant, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, InfoSys, NTT, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA) and Council on CyberSecurity. For more information, please visit www.qualys.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.