Get Started with VMDR
Vulnerability Management, Detection and Response (VMDR) enables you to discover, assess, prioritize, and identify patches for critical vulnerabilities and misconfigurations in real-time and across your global hybrid-IT landscape all in one solution.
It combines free unlimited asset inventory, vulnerability and configuration assessment, threat risk, and powerful vulnerability prioritization technology, integrated with patch management workflows helping organizations reduce Mean-Time-to-Remediate (MTTR) for vulnerabilities.
Qualys VMDR provides a single solution for internal, external, and PCI scanning needs and directly integrates with ITSM solutions such as ServiceNow to automate vulnerability management.
VMDR starts with asset discovery and inventory to make sure you have an accurate account of all devices in your environment. It performs continuous vulnerability assessments with cloud agents and a variety of sensors and leverages artificial intelligence to instantly assess and prioritize threats based on relevant context.
Know your subscription type
If you are a VM customer, you can be upgraded to experience VMDR features, and you can then choose to purchase VMDR to get additional features.
With this upgrade, you get
- Asset inventory across environments like Certificate, Cloud, Container, and Mobile Devices
- Unlimited sensors to help you identify those assets: Virtual Passive Sensors, Cloud Agents, Mobile Agents, Container Sensors
- Search any asset in seconds using over 200+ searchable attributes
- Customizable dashboards and widgets with trending information
Once you purchase VMDR, you will also get
- Security configuration assessment to start configuration assessment of your assets based on CIS benchmarks
- Threat-based prioritization based on continuously updated Real-time threat indicators
- Real-time alerting by email of critical vulnerabilities and changes to your external perimeter, etc.
- Detection of missing patches in the context of the detected vulnerabilities
- Initiate deployment of missing patches from the VMDR Prioritization report directly
Patches are only deployed if you have a Patch Management subscription.
How does it work?
With VMDR, you will be able to accomplish real-time asset discovery and vulnerability information, prioritizing or shortlisting the vulnerabilities according to the threat intelligence and detecting and deploying the right remedial patches at the click of a button.
Identify Assets
Start identifying assets by installing Cloud Agents or upgrading existing agents for VMDR. Assign tags to categorize and organize your assets.
Discover Vulnerabilities & Misconfigurations
Our signature database continuously discovers software vulnerabilities and identifies security misconfigurations
Prioritize Threats with TruRiskTM
Run the Prioritization report to prioritize the most critical threats on your assets based on real-time threat indicators and identify what to remediate first. With TruRisk, you can assess the risk scores of your assets and prevent attacks. You can quantify asset risks using TruRisk Score and Qualys Detection Score.
Asset Risk Score is renamed to TruRisk Score.
Remediate with ITSM & to Deploy Missing Patches
VMDR for IT Service Management (ITSM) manages the tracking of open vulnerabilities and remediation mapping by using the ServiceNow ITSM platform. ServiceNow tasks are automatically assigned to the group to deploy the most relevant patches.
Get started by Installing Cloud Agents
Start building your inventory by installing Cloud Agents. With our lightweight agents, you’ll get continuous network security updates through the cloud. As soon as changes are discovered on your hosts, they’ll be assessed, and you’ll know about new security threats right away.
You can also identify assets using other methods like Scanners, Passive Sensors, Cloud Inventory, Container Inventory, and Mobile Device Inventory. Learn more about Qualys Cloud Agent. You can check out the tutorial about how to install Cloud Agent:
Manage Asset and Vulnerability Details
Get a complete view of vulnerability posture from an asset and vulnerability point of view. The Vulnerabilities tab lists all the assets identified by cloud agents and sensors. Know more about Manage Asset and Vulnerability Details
Run Prioritization Report
You can use the VMDR Prioritization report to automatically prioritize the riskiest vulnerabilities on your most critical assets – reducing potentially thousands of discovered vulnerabilities to the few that matter.
The VMDR Prioritization report helps you focus resources in the right area to patch the highest-risk vulnerabilities first. It increases your organization's security posture by identifying and remediating the vulnerabilities likely to be exploited in the wild by threat actors.
Deploy Patches
From the Prioritization report, you can view the assets or vulnerabilities that can be patched by Qualys. You can patch the vulnerabilities directly from the report. Know more about deploying patches
Patches are only deployed if you have a Patch Management subscription.
Customizable dynamic dashboards
Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and quickly fix the priority of vulnerabilities.
We have integrated Unified Dashboard (UD) with VMDR. UD brings information from all Qualys applications into a single place for visualization. UD provides a powerful new dashboard framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.
You can use the default VMDR dashboard provided by Qualys or easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your vulnerability posture view.
Search all your assets
Use guided search capabilities to help you search all your VM assets anywhere - on-premises, endpoints, and clouds - with 2-second visibility, using powerful search capabilities. Your latest vulnerability and security results are correlated from VM scans, cloud agents, and other sensors.
VMDR for IT Service Management
VMDR for IT Service Management (ITSM) offers you to track open vulnerabilities and map remediation tickets to the respective resolver group.
For this integration, we use the Qualys Core application that manages the connection between ServiceNow and Qualys Vulnerability Management, Detection and Response (VMDR), data import, import schedules, vulnerability detection rules, and service-level agreement (SLA) definition.
Additional Resources
- VMDR Onboarding
- Qualys Training Videos
- VMDR Walkthroughs
It provides step-by-step assistance to complete tasks in the application. To enable the in-app guide tours perform the following steps in the Qualys Cloud Platform VMDR application:-
Click the Help menu and then click Guide Me.
-
Click to launch the guide tours menu.
-
Click the preferred option to view the step-by-step guidance.
-