January 04, 2012 | Palo Alto, California: MetricStream Inc., the market leader in enterprise-wide Governance, Risk and Compliance (GRC) solutions, and Qualys, Inc., the leading provider of Software-as-a-Service (SaaS) IT security, risk and compliance management solutions, today announced the integration of MetricStream IT-GRC Solution with QualysGuard® Vulnerability Management (VM). The joint solution provides a single robust framework to automatically monitor and capture all asset and network vulnerabilities, and route them through a systematic process of investigation and remediation. This integration enables customers to quickly identify and report on the vulnerabilities affecting business critical assets, map security issues to business applications, and aggregate and rollup risk information across their enterprise for proactive mitigation.
Many compliance regulations today lay out requirements for IT security and business risks. This has led to a greater convergence between the disciplines of IT security and IT-GRC. The joint solution addresses this convergence, providing an integrated and efficient approach to managing IT risks. QualysGuard VM locates and identifies network devices and applications, scans those devices and applications to detect vulnerabilities, and provides detailed information on the nature of those vulnerabilities. MetricStream IT-GRC solution imports this data in real time, and initiates immediate remedial action by assigning investigative responsibilities to the appropriate personnel. Automatic alerts ensure that action plans are carried out to closure, while advanced dashboards and reports provide in-depth visibility into the status of each case, enabling real-time tracking and trend analysis.
The joint solution also strengthens the “bottom-up” approach to IT-GRC. According to Mark Nicolett and Paul E. Proctor in Gartner’s ‘MarketScope for IT Governance, Risk and Compliance Management (ITGRCM),’ report, 2011, “A bottom-up approach implies greater detail in IT controls for an IT-centric audience. Many organizations use IT GRCM to organize their vulnerability management, patch and configuration control data.”
“Companies must keep up with rapidly changing regulatory requirements, while protecting data and assets against the latest security threats,” said Philippe Courtot, chairman and CEO of Qualys. “The integrated MetricStream and QualysGuard solution gives management the visibility required to effectively manage security risks, and ensure compliance.”
The integrated solution provides a centralized and scalable framework to efficiently manage IT network vulnerabilities across departments, business units and locations. With the joint system, IT security managers will be able to accelerate the identification and remediation of network exposures, and proactively eliminate vulnerabilities before they are abused.
“IT security managers are under enormous pressure to protect IT assets - a task that becomes more challenging as networks grow more complex, and security threats become more sophisticated,” says Vidya Phalke, CTO at MetricStream. “The use of virtualized infrastructure is rising, smart phones and tablets are proliferating, reliance on managed IT services is increasing, and business managers are independently driving the adoption of cloud applications. These trends are introducing a whole new class of risks and threats that enterprises need to deal with. Our partnership with Qualys will strengthen organizations’ ability to tackle these security risks and compliance challenges.”
The MetricStream solution has been integrated with QualysGuard VM through MetricStream’s intelligent connectors or Infolets which also enable seamless integration with SIEM, Log Management, Problem Management, Operations and Asset Management systems. MetricStream GRC Platform is empowering customers to facilitate a holistic and sustainable top-down, risk driven intelligence by integrating Business, Security and IT-GRC on a common architecture.
Qualys, Inc. is the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions. Qualys solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.
The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 50 of the Fortune 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a leading global company, and has been recognized by leading industry analysts for its market leadership. Qualys was recently named Best Security Company in the Excellence Awards category of the 2011 SC Awards U.S.
Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, Dell SecureWorks, Symantec, Tata Communications and TELUS. Qualys is a founding member of the Cloud Security Alliance (CSA).
For more information, please visit www.qualys.com.