Qualys Boosts Enterprise Risk Management with AI-Powered Identity Security

Qualys has significantly upgraded its Enterprise TruRisk Management (ETM) platform, integrating advanced identity security features powered by artificial intelligence to help organizations predict and neutralize emerging cyber threats. These enhancements, introduced at the Qualys Risk Operations Conference in Houston, focus on strengthening proactive risk management by addressing vulnerabilities linked to both human and non-human identities. The platform now offers improved predictive threat analysis and safe validation of exploitability, enabling security teams to anticipate and mitigate cyber risks before they escalate into breaches.

The rapid adoption of AI technologies has led to a surge in both the volume and complexity of cyberattacks, creating an influx of autonomous and non-human identities that demand careful oversight. Many security teams find themselves stretched to the limit, grappling with how to prioritize and respond to threats efficiently. Organizations require a proactive, intelligence-driven strategy for breach prevention that aligns with their specific risk profiles. Qualys ETM meets this need by combining Identity Risk Posture Management, contextual threat intelligence for prioritization, and exposure exploitability validation within a unified Risk Operation Center (ROC) framework. This integration supports measurable risk reduction across the enterprise.

“Modern enterprises face escalating dangers from AI-driven threats and highly skilled adversaries,” observed Tyler Shields, a principal analyst at Omdia. “Qualys’ latest platform improvements empower security teams to operate with enhanced precision and efficiency, delivering quantifiable reductions in risk. The Enterprise TruRisk Management solution broadens visibility to include non-human and agentic AI identities, while also supplying predictive, industry-specific risk intelligence.”

These new capabilities serve as force multipliers within the ROC, uniting teams under a common risk language known as TruRisk™. This shared framework helps organizations prioritize and mitigate the most critical risk factors with accuracy and clarity. ETM Identity uncovers identity-based risks using deep domain insights, TruLens prioritizes threats using real-time intelligence tailored to specific industries, and TruConfirm validates which vulnerabilities are genuinely exploitable in a given environment. Together, these tools offer a quantifiable method to measure and confirm actual risk reduction. Beyond simple detection, Qualys ETM closes the loop from discovery to resolution by pairing insights with guided, operationalized remediation steps.

ETM Identity allows organizations to proactively minimize risks tied to both human and non-human identities. It consolidates visibility, context, and remediation across all identity and access management systems—including on-premises Active Directory, Microsoft Entra ID, cloud identity providers, and Identity as a Service platforms. By correlating identity and asset risk into a single Identity TruRisk™ score, security teams can concentrate on the most exploitable attack paths and automate remediation from detection through verified resolution. This measurably shrinks the attack surface. By targeting lateral movement paths and securing high-risk service and machine identities—often the root cause of lateral movement during breaches—ETM Identity strengthens organizational resilience and meaningfully reduces the potential for identity-related breaches.

TruLens supplies real-time, tailored threat intelligence that helps organizations detect, prioritize, and remediate cyber risks more quickly and precisely. It continuously applies live threat analysis and business impact context, dynamically re-ranking exposures such as CISA KEV vulnerabilities so teams can address what matters most before threats intensify. TruLens unifies fragmented threat and vulnerability data, enriches it with asset and business context, and highlights risks most likely to impact critical operations. Accessible via a mobile application and supported by industry-leading intelligence, TruLens provides actionable insights customized to each organization’s specific industry and environment, enabling leaders to make faster, more informed decisions across the board.

TruConfirm enhances the Qualys platform by proactively confirming whether an exposure is exploitable before attackers can take advantage. It safely executes real-world attack scenarios to validate exploitability and identify where security controls have failed, giving teams clear, actionable evidence of risk. This attacker-centric perspective supports faster, more effective prioritization and accelerates mitigation by closing the loop from detection to response. Once a vulnerability is confirmed as exploitable, Qualys ETM orchestrates patching or mitigation through ITSM workflows, verifies the remediation, and automatically updates the TruRisk™ score. When used alongside TruLens, TruConfirm ensures that remediation efforts are sharply focused on exposures that meaningfully reduce the likelihood of incidents.

“Agentic AI is reshaping the cybersecurity landscape, compelling organizations to rethink their approach to risk management,” stated Sumedh Thakar, President and CEO of Qualys. “To stay ahead, they must proactively reduce risk, anticipate where attackers are likely to strike, and clearly demonstrate the value of their security investments. Qualys Enterprise TruRisk Management rises to this challenge with expanded risk verification—now covering user identities and exploit validation—delivering the clarity and precision security leaders need. We are empowering organizations to measure, communicate, and eliminate cyber risk in ways that produce real, verifiable risk reduction at the executive and board levels.”

Qualys ETM is now generally available, while ETM Identity, TruLens, and TruConfirm are currently available in preview. Organizations can register at qualys.com/free-trial-new/enterprise-trurisk-management to be among the first to explore these new capabilities, including support for agentic AI.

(Source: MEA Tech Watch)