Joerg Vollmer, Qualys: it is essential that senior executives can provide the CISO with a clear view of the challenges to be faced
October 2022 by Marc Jacob
At it-sa 2022 in Nuremberg, Qualys will showcase the latest innovations from Qualys including VMDR 2.0, Vulnerability Management Detection and Response with TruRisk and EASM, External Attack Surface Management. For Joerg Vollmer, General Manager, DACH of Qualys it is essential that senior executives can provide the CISO with a clear view of the challenges to be met.
Global Security Mag: You’ll be attending the it-sa as an exhibitor. What will you be presenting?
Joerg Vollmer : At the it-sa 2022, the team will be presenting the latest innovations by Qualys, including VMDR 2.0 (Vulnerability Management Detection and Response) with TruRisk and EASM (External Attack Surface Management).
Besides integrating the end-to end VMDR 1.0 process – from asset visibility to recognition and prioritisation and all the way through to correction – we’ve added an additional dimension to the new VMDR 2.0, which takes a risk-based approach to cyber security. This version also features an algorithm which calculates the real risk of any weak points and incorrect configurations, taking the following into consideration:
– whether the IT system is mission critical
– the probability and degree to which the weak point could be exploited
– measures to reduce the risk (compensatory controls that allow the cyber risk to be reduced and minimised on a priority basis)
EASM, which is included in CSAM (Cybersecurity Asset Management), increases and completes the visibility of assets in IT environments that are increasingly hybrid, complex and difficult to secure. It enables them to be seen from the outside. This view – which is the attackers’ view – highlights everything that is exposed on the internet and which is, in effect, very likely to be the preferred goal of a cyber attack.
Global Security Mag: What are the strengths of the solution you’re presenting?
Joerg Vollmer : The QualysCloudPlatform consists of more than 20 applications from the fields of asset management, IT security, cloud/container, web applications and compliance. Its ability to reduce cyber risks is measurable in terms of both quality and quantity. The cyber risk approach for minimising cyber security risks lays the foundation for the Qualys solution. One big benefit of the solution is that Qualys applications are integrated natively and its open cloud system is interoperable with the customer’s existing ecosystem. As a result, the cyber security team is able to work more efficiently, and also interact more effectively with the IT teams. The simple, intuitive no-code automation of work processes into the various components of the Qualys solution enables faster action and response times for all assets in the hybrid infrastructure.
Global Security Mag: How do you plan to develop your strategy further to help companies fight cyber threats?
Joerg Vollmer : Consolidating different vertical solutions in a single solution like Qualys helps by reducing the complexity of all cyber security solutions. It also increases the operative efficiency of the security team and means that weak points and misconfigurations can be repaired faster. One of the innovations in the 2.0 version of our MV-EDR (Multi-Vector Endpoint Detection and Response) is that we’ve invested heavily in the recognition and response to threats based on the positive assessment by Mitre-Att&ck and the XDR (Extended Detection and Response) that’s now available.
Global Security Mag: What specific advice would you give in this area, and what general advice would you give on limiting risks?
Joerg Vollmer : We need to act on the principle of ‘Prevention is better than cure’ and do everything we possibly can to minimise cyber risks – which, as we well know, constitute a very real business risk when you consider that organisations and value chains are often fully digitalised, or at the very least are strongly dependent on digital technology. As the digital transformation progresses, new technology provides a bigger targetable area for threats and cyber attacks – and these are growing constantly in size, scope and frequency. As a result, it’s immensely important to identify and quantify risks in cyber security so that we can prioritise the right areas for taking appropriate action.
Risk-based prioritisation and automation to achieve faster response times (zero-touch patches) are the only ‘antidotes’ for cyber criminals – who attack with ever greater speed and efficiency. If you don’t prioritise your weak points, cyber criminals will do the job for you.
Global Security Mag: Can you describe your sales structures in Germany?
Joerg Vollmer : Qualys GmbH, which is based in Munich, is responsible for sales in Germany, Switzerland, Austria, Central Europe and Eastern Europe. In order to provide our clients with the best possible service, we have account executives for new customers as well as several technical account managers for existing customers. We also have regional solution architects who have the necessary expertise to help customers with specific problems or challenges.
Global Security Mag: Can you describe your technical support structures in Germany?
Joerg Vollmer : We provide customer support via our local, technical account managers and solution architects. In addition, Qualys also operates an international 24/7 support network that provides comprehensive support to our customers and anyone who is interested in our products.
Global Security Mag: What message would you like to send to our readers?
Joerg Vollmer : By consolidating different vertical solutions in a single solution that meets cyber security and compliance requirements in a holistic and integrated manner, you can improve your operative efficiency because you optimise costs and you no longer need to orchestrate different solutions. This approach also allows you to conduct a comprehensive analysis of the areas attackers can potentially target and speed up lead times for protection. Last but not least, it enables you to respond appropriately to cyber attacks – and at the same time spend less money on emergency support or administration. Cyber risks are business risks, and that’s why companies employ CISOs to protect themselves against cyber threats. In this context, it’s vital that senior management is able to provide the CISO with a clear overview of the challenges in question and is also able to define the relevant strategies, priorities and goals. According to a Gartner® study, nearly a third of a CISO’s work performance up until the end of 2023 will be measured by their ability to generate additional value for the company. The approach taken in cyber security must always be based on a risk analysis and the impact of a successful cyber attack. It’s crucial that all those involved join forces in developing an adequate protection strategy.
Related articles:
- Ramon Mörl CEO of itWatch: our partnership with Gatewatcher will contribute to the Franco-German agreement in the field of Cybersecurity
- Jean-Noël de GALZAIN, Wallix: autonomy and sovereignty should be integral to cybersecurity choices
- Mike Polatsek, CybeReady: Companies should adopt an APT approach, Advanced Persistent Training
- Hanspeter Karl, Pentera: To mitigate cyberattacks, Pentest is now a must to have !
- Dominique Meurisse, Gatewatcher: European cyber security is no longer a myth and is becoming a reality
- Mirko Bulles, Armis: visibility is the key to security
- Jelle Wieringa : "We don’t want to force anyone to do cybersecurity training, we want to enable them and motivate them to do it themselves!"
- SailPoint : "You can only make smart decisions about things you can see."