Security Information & Event Management (SIEM) , Security Operations
Sumedh Thakar on Fusing Vulnerability and Patch ManagementQualys' Sumedh Thakar on the Need to Cut Time Between Detecting and Patching Flaws
Organizations continue to struggle with prioritizing which vulnerabilities present the greatest risk to the business and need to be remediated first since vulnerability scoring today is too often based on a static set of what could happen if a flaw is exploited, says Qualys President and CEO Sumedh Thakar.
To address this, Thakar says security teams need to know to what extent the vulnerability is actually being exploited in the wild and what mitigating controls are available. Thakar urges businesses to eliminate the vulnerabilities that are introducing the greatest amount of risk first and automatically remediate detected vulnerabilities whenever possible (see: New Qualys CEO Tackles Cybersecurity Asset Management).
Qualys has sought to reduce the time between detection and patching by debuting a patch management offering of its own and tightly integrating that with the company's existing vulnerability management capabilities, according to Thakar.
"We continue to work toward getting vulnerability management in a place where all the elements that you need are integrated into more of a seamless platform, so we can go from detecting to actually fixing things rather than just reporting on it," Thakar says.
In this audio interview with Information Security Media Group, Thakar also discusses:
- Why prioritizing vulnerabilities remains such a challenge;
- How clients can determine the likelihood of exploitation;
- What sets Qualys apart from other vulnerability management firms.
Thakar leads the company's vision and strategic direction. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping the company deliver on its platform vision. Starting in 2014, he served as chief product officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps and customer support.