21 matches found
What Is a Risk-Based Vulnerability Management Tool?
Your security team is talented, but they aren't miracle workers. With a persistent skills shortage and ever-tightening budgets, asking them to patch every single vulnerability is not just unrealistic; it's inefficient. Chasing low-risk issues wastes valuable time and leads to burnout, all while...
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" wher...
Cybersecurity Metrics Every CISO Should Report to the Board
Cybersecurity Metrics Every CISO Should Report to the Board After twenty years of leading security teams and presenting to boards at companies like Tripwire and RiskIQ, I can tell you this: the metrics that matter to your SOC team are not the metrics that matter in the boardroom. Boards do not wa...
Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of...
6 Actionable Vulnerability Management Best Practices
Every unpatched vulnerability is more than just a technical flaw; it's a direct business risk. These security gaps are the entry points for breaches that lead to devastating financial losses, operational downtime, and long-term damage to your brand's reputation. When viewed through this lens,...
Your Guide to Risk-Based Vulnerability Management
Communicating security needs to leadership can be a challenge when you’re just presenting a long list of technical flaws. The conversation shifts when you can talk about risk in clear business terms. Instead of saying "we have 500 critical vulnerabilities," you can say "we have 15 vulnerabilities...
Introducing TruLens for Enterprise TruRisk™ Management: Unified Threat Intelligence
CISOs and security leaders today face extraordinary challenges: the constant influx of vast quantities of fragmented threat data, information that lacks the context necessary for their unique organizations, and mounting operational gaps that hinder genuine risk reduction. The need has shifted fro...
The State of Cyber Risk 2025: Business Context Needed
The cyber risk conversation is changing. Momentum is growing for formal cyber risk programs. However, despite rising investments, evolving frameworks, and more vocal boardroom interest, new data reveals that most organizations remain immature in their risk management programs, and cyber risk is...
Key Takeaways from the Take Command Summit 2025: Customer Panel on Future-Proofing VM Programs
One of the most actionable sessions at the Take Command 2025 Virtual Cybersecurity Summit came directly from the field. In a panel hosted by Aniket Menon, VP of Product Management at Rapid7, security leaders from Cross Financial Corp, Phibro Animal Health Corporation, and Miltenyi Biotec shared h...
Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management
Security leaders today face a harsh reality: traditional vulnerability management isn’t enough. Threat actors are evolving, attack surfaces are expanding, and organizations need a more proactive approach to stay ahead of risk. Latest research from Gartner, How to Grow Vulnerability Management Int...
Three Takeaways from the Gartner® Report: How to Grow Vulnerability Management Into Exposure Management
Security leaders today face a harsh reality: traditional vulnerability management isn’t enough. Threat actors are evolving, attack surfaces are expanding, and organizations need a more proactive approach to stay ahead of risk. Latest research from Gartner, How to Grow Vulnerability Management Int...
Want to Grow Vulnerability Management into Exposure Management? Start Here!
Vulnerability Management VM has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations...
The Importance of Asset Context in Attack Surface Management.
This is the last of the four blogs Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management ASM Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery covering the foundational elements of Attack...
Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management
In today’s threat landscape, where cyber-attacks are increasingly sophisticated and pervasive, organizations face the daunting challenge of securing a constantly expanding attack surface. Traditional vulnerability management VM programs, while necessary, are no longer sufficient on their own. The...
Three Recommendations for Creating a Risk-Based Detection and Response Program
It should come as little surprise to most security professionals that keeping pace with the evolution of threat actors has become harder and harder. Maintaining visibility into the threat landscape and on top of external risk vectors is more than a matter of incorporating more point solutions. It...
CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors
Organizations using Qualys CyberSecurity Asset Management CSAM can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...
Modernizing Vulnerability Management: The Move Toward Exposure Management
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effectiv...
Building an Open Cloud Platform
Qualys Chairman and CEO Philippe Courtot kicked off QSC USA 2020, the company’s 20th annual user conference, with an assessment of current security challenges, and a clear call to action on how to successfully overcome them. “Today security is front and center, and as we move to the cloud, we mus...
Lessons learned from the Microsoft SOC—Part 1: Organization
We’re frequently asked how we operate our Security Operations Center SOC at Microsoft particularly as organizations are integrating cloud into their enterprise estate. This is the first in a three part blog series designed to share our approach and experience, so you can use what we learned to...
NIST Cybersecurity Framework Series Part 1: Identify
The National Institute of Standards and Technology created the Cybersecurity Framework NIST CSF four years ago under the Obama administration. Recently, the framework received added attention when President Donald Trump signed a cybersecurity executive order in May 2017, mandating that government...