Qualys Releases New AI-Powered Risk Management Application

0

Cyber company Qualys has released a new AI-powered application risk management solution to allow organisations to monitor and mitigate cyber risk from critical web applications and APIs.

TotalAppSec integrates API security, web application scanning, and AI-driven malware detection into one risk-based approach. It allows organisations to immediately assess and prioritise their most critical application risks across the entire enterprise and streamlines remediation efforts to quickly reduce their risk.

Qualys TotalAppSec leverages the Qualys Enterprise TruRisk Platform. It enables security teams to discover known, unknown, and shadow web applications and APIs for comprehensive visibility. TotalAppSec detects critical vulnerabilities, including the OWASP Top 10 for web applications and OWASP API Top 10. Harnessing advanced deep learning algorithms to detect and mitigate sophisticated malware threats, including zero-day exploits, Qualys TotalAppSec delivers accuracy and resilience against evolving threats.

With risk prioritisation using Qualys’ proprietary TruRisk score, integrated CI/CD pipelines and ITSM workflows with ServiceNow and JIRA, the solution automates vulnerability remediation processes, allowing companies to reduce their attack surface and secure web applications and APIs throughout the development lifecycle.

Web applications and APIs have reshaped the digital landscape and significantly contribute to enterprise risk. According to the 2024 Verizon DBIR Report, web applications remain the top entry point for breaches, with 68% of breaches involving the human element and 32% leveraging ransomware attacks, which are frequently delivered through compromised web applications and APIs.

Security teams often struggle with disjointed and incomplete risk assessments because application security is treated as a collection of independent layers – web applications, APIs, and the infrastructure that supports them. In contrast, cyber adversaries have been known to chain vulnerabilities across these layers to maximise impact. Furthermore, traditional, siloed security tools fail to provide visibility into business criticality and threat intelligence or address vulnerabilities like API misconfigurations, broken object level authorisation, and sensitive data exposure. Qualys says a new approach is needed – one that simplifies and consolidates application risk management while aligning security efforts with business priorities.

“Enterprises are increasingly prioritising the security of web applications and APIs as threats grow in complexity,” said Qualys’ Katie Norton. “Safeguarding these assets is now a fundamental requirement for maintaining trust and operational resilience.”

“Solutions like Qualys TotalAppSec can help break down organisational silos between infrastructure, web applications, and API risk, providing the context and visibility security teams need to collaborate effectively,” she added. “By delivering a holistic view of application security, teams can prioritise the most critical threats and take decisive action to mitigate risk more efficiently.”

By consolidating these capabilities into a single, AI-driven platform, Qualys TotalAppSec delivers comprehensive risk management across the entire application portfolio:

  • Auto-discover every API and web application: Identify known, unknown, forgotten, and shadow web applications and APIs across on-premises, multi-cloud, API gateways and containerised environments with seamless integration into Qualys VMDR, EASM, and TotalCloud. This ensures no asset is left unmonitored or exposed. Leveraging AI-powered scanning, the solution optimises resources while improving detection accuracy.
  • Simplify remediation with risk-based prioritisation: Using Qualys TruRisk, TotalAppSec allows organisations to rank vulnerabilities based on criticality, exploitability, and business impact, enabling teams to address the most significant risks first and streamline remediation efforts.
  • Secure applications from unknown vulnerabilities and malware:  Leverage deep learning-based malware detection to discover and defend against hidden vulnerabilities, advanced malware, and zero-day attacks that traditional methods might miss.
  • Stay audit-ready: Reduce the risk of non-compliance penalties by ensuring ongoing adherence to regulatory standards like PCI-DSS, GDPR, HIPAA, and OpenAPI Specification via continuous compliance monitoring.

Fast track risk remediation with real-time feedback loop: Leveraging seamless integrations with CI/CD pipelines and ITSM systems, such as ServiceNow and JIRA, organisations will benefit from consolidating vulnerabilities for faster response times and better tracking, mapping tickets to the appropriate remediation owners, and embedding security directly into DevSecOps workflows.

“APIs are the new attack surface for enterprises, growing exponentially as modern web applications rely on an increasing number of them,” said Qualys CEO Sumedh Thakar. “As organisations increasingly integrate platforms, they need a solution that provides a unified view of all interfaces to measure, communicate, and eliminate their cyber risk arising from these applications.”

“TotalAppSec brings together our latest innovations in API security, deep-learning malware detection, and web application security to help security teams understand the business context with risk prioritisation so the greatest risks can be addressed first.”

Qualys TotalAppSec will be available in Q1 2025.

Share.