Qualys widens TruRisk platform with agentic AI fabric
Qualys has updated its flagship Qualys Enterprise TruRisk Management (ETM) service to widen, broaden and extend this platform-level technology to include identity security, industry-specific threat prioritisation and exploit validation.
The company has also detailed what it calls the Qualys ETM platform’s “integrated remediation” to predict and prevent emerging threats to enable provable risk reduction for organisations.
Not a security company (as some people may define it), Qualys now calls itself a provider of disruptive cloud-based IT, security and compliance solutions.
Updates detailed this week include new capabilities in Qualys Enterprise TruRisk Management (ETM) designed to strengthen proactive risk management, all of which are aligned to predict and guard against new and emerging attack vectors in the era of agentic AI.
As such, Qualys says it is focused on bolstering identity security for both human and non-human identities with predictive threat analysis and the ability to provide confirmation of an exposure’s exploitability safely.
“The adoption of AI has increased the volume and complexity of attacks, while fueling a surge in non-human and autonomous identities that security teams must manage. As a result, many security teams are stretched thin, struggling to prioritise and respond effectively. Organisations need a proactive, intelligence-driven approach to breach prevention, tailored to their unique risk profile,” stated the company, in a briefing document.
Qualys says ETM delivers this (above) requirement by aligning Identity Risk Posture Management, contextual threat intelligence for prioritisation and exposure exploitability validation with a unified Risk Operation Center (ROC) framework, enabling provable risk reduction at enterprise scale.
“Enterprises today need advanced solutions to address the growing risks from AI-driven threats and sophisticated adversaries,” said Tyler Shields, principal analyst at Omdia. “Qualys’ latest enhancements will help security teams operate with greater precision and efficiency for measurable risk reduction. Its Enterprise TruRisk Management expands visibility to non-human and agentic AI identities and provides predictive, industry and environment-specific risk insights.”
These enhancements to Qualys ETM act within the ROC and are said to allow teams to unify teams around a single risk language, TruRisk™ to prioritise and reduce the most critical risk factors.
Deep domain delivery
ETM Identity uncovers identity-based risks through deep domain insights, TruLens prioritises threats and adversaries based on real-time, industry-specific intelligence and TruConfirm validates which vulnerabilities are truly exploitable within an environment.
“Agentic AI is transforming cybersecurity and forcing organisations to rethink how they manage risk. To stay ahead, they must proactively reduce risk, anticipate where attackers are most likely to strike and clearly demonstrate the impact of their security investments,” said Sumedh Thakar, president and CEO of Qualys. “Qualys Enterprise TruRisk Management (ETM) rises to this challenge with expanded risk verification – now including user identities and exploit validation – providing the clarity and precision security leaders need. We’re empowering organisations to measure, communicate and eliminate cyber risk in ways that drive real, verifiable risk reduction at the executive and board level.”
It’s all about providing what the company calls a quantifiable way to measure and verify real risk reduction.
ETM Identity
ETM Identity enables organisations to proactively reduce both human and non-human identity-related risks.
It unifies visibility, context and remediation across all identity and access management (IAM) systems, including on-premises Active Directory, Microsoft Entra ID, cloud identity providers (IdPs) and Identity as a Service (IDaaS) platforms. It correlates identity and asset risk into a single Identity TruRisk score.
TruLens
Qualys TruLens delivers tailored threat intelligence in real-time that enables organisations to detect, prioritise and remediate cyber risks with greater speed and precision. By continuously applying live threat analysis and business impact context, TruLens re-ranks exposures, such as CISA KEV vulnerabilities, so teams focus on fixing what matters before threats escalate.
TruConfirm
TruConfirm extends the value of the Qualys platform by proactively confirming the exploitability of an exposure before attackers get to it.
By executing real-world attack scenarios, TruConfirm validates exploitability and identifies where security controls have failed, giving security teams clear, actionable proof of risk. This attacker’s perspective enables faster, more effective prioritisation and accelerates mitigation by closing the loop from detection to response.
Qualys ETM is now generally available. ETM Identity, TruLens and TruConfirm are now available in preview.
Sumedh Thakar, president and CEO of Qualys (Image Credit: Adrian Bridgwater)