Security News > 2021 > June > Helping security teams respond to gaps in security and compliance programs with Qualys CSAM
While traditional IT teams and inventory tools provide an IT view of inventory, software support, and licensing, security teams are looking for the security context of assets such as assets that are not running security tools, detection of unauthorized software, internet visibility, and more.
Security tools like EDR help secure assets, but do not let security teams know which critical assets are not running EDR, or if databases are visible from the internet? All security teams have defined authorized and unauthorized software policies.
Asset inventory data specifically managed with security context helps security teams continuously assess asset risk, detect at-risk assets, and prioritize an often overwhelming number of security issues so they can respond quickly.
Security teams don't just want a list of static issues and adding security context on an ad hoc basis or manually on top of IT asset inventory doesn't work.
The app fills the gap between traditional IT inventory and the core security functions by overlaying key business and asset criticality data, establishing unauthorized and authorized software lists, applying current and upcoming EOL/EOS data, providing an outside-in view of the organization's internet-facing assets, highlighting security endpoint blind spots, monitoring the result with policy-based alerts, and facilitating appropriate response with software uninstall.
Qualys CSAM allows teams to focus security prioritization efforts on high-importance and high-risk assets using Asset Criticality.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/hNBwC2TKd0M/
Related news
- eBook: Navigating compliance with a security-first approach (source)
- Compliance frameworks and GenAI: The Wild West of security standards (source)
- SOC teams are frustrated with their security tools (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- 7 Security and Compliance Tips From ISC2 Security Congress (source)
- Top 5 Cloud Security Automations for SecOps Teams (source)