What is Qualys TruRisk™

Security teams face an overwhelming number of vulnerabilities, many of which pose little or no real-world risk. Traditional severity-based metrics, such as CVSS or EPSS, measure how dangerous a vulnerability could be, but they lack the context needed to understand which vulnerabilities truly matter to your business.

Qualys TruRisk™ bridges this gap by combining technical severity with real-time threat intelligence and business context. Instead of viewing risk solely through the lens of vulnerability severity, TruRisk™ evaluates where a vulnerability exists, how critical the affected asset is, and the potential business impact if that asset were compromised.

This context-driven approach transforms raw vulnerability data into measurable, actionable insights. Security and IT teams can use TruRisk™ to:

  • Quantify cyber risk in business terms that stakeholders can understand.
  • Focus remediation on the vulnerabilities and assets that represent the highest risk.
  • Continuously monitor and measure the reduction of cyber risk over time.
  • Align security decisions and investments with business priorities.

By factoring in asset criticality, environmental exposure, and threat likelihood, TruRisk™ provides a unified, dynamic view of organizational cyber risk.
It helps bridge the gap between technical teams and business leaders, enabling both to speak the same language — risk.

TruRisk™ Score in the Qualys Ecosystem

The TruRisk™ Score provides a contextual measure of cyber risk for each vulnerability and asset. It combines vulnerability severity, exploit likelihood, threat intelligence, and asset importance to help prioritize what truly matters to your organization.

Within VMDR, TruRisk™ uses multiple inputs to calculate risk:

  • Vulnerability data from detections (QIDs) across your assets.
  • Threat intelligence from over 25 global sources, covering exploit activity, malware associations, ransomware use, and known threat campaigns.
  • Asset context, including criticality and exposure within your environment.

These factors are continuously evaluated to calculate a TruRisk™ Score (0–1000) that reflects both technical and business impact.
Higher scores indicate greater risk based on real-time exploitability and the importance of the affected asset.

By correlating vulnerability data with live threat indicators and asset context, TruRisk™ enables teams to prioritize vulnerabilities with the highest potential impact on business operations, thus moving from traditional severity-based management to risk-based decision-making.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: October, 2025