Today, Critical Start announced the general availability of Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. These new offerings allow organizations to assess, manage, prioritize, and reduce cyber risk exposure posed by vulnerabilities across their environments.
Critical Start's Vulnerability Management Service is a fully managed service that enables security leaders to effectively run a vulnerability management program by offloading burdensome operational tasks. The managed service leverages Critical Start's collaboration with Qualys, utilizing its end-to-end vulnerability management, detection, and response solution (Qualys VMDR). Critical Start's managed services engineers provide operational execution of vulnerability scanning, ongoing operational monitoring, and detailed reporting, all of which contribute to a comprehensive view of an organization's exposure landscape.
All findings provided to customers are based on expert analysis of vulnerabilities and potential exposures in the customer environment. Customers receive contextualized vulnerability reports and concise directions for effective and efficient vulnerability management that helps them reduce cyber risk and minimize their attack surface.
The Vulnerability Prioritization capability (optionally included with Vulnerability Management Service or available standalone) identifies high-risk vulnerabilities as calculated by Critical Start based on multiple dimensions including CVSS scores, threat intelligence, exploit weaponization by attack type (ransomware, malware, botnet), asset criticality, and exposure settings due to technical security controls gaps.
Critical Start's Vulnerability Prioritization is founded in the platform's Asset Visibility capability, which provides a unified asset inventory, calculates asset criticality, and identifies critical controls gaps. This allows security teams to focus remediation efforts on the vulnerabilities that pose the greatest risk and create the most significant exposures for their organizations.
"Organizations understand that effective vulnerability management is critical to reducing their cyber risk exposure, but many struggle with the complexity and effort involved in implementing and running an accurate and timely vulnerability management program," said Chris Carlson, Chief Product Officer at Critical Start. "By providing Vulnerability Management Service and Vulnerability Prioritization built on top of end-to-end Asset Visibility, this key part of our holistic risk reduction approach enables security teams to easily identify, manage, prioritize, and address the vulnerabilities that matter most to meeting their organization's risk tolerance, protecting against threats, and minimizing their overall exposure."
"Collaborating with Critical Start to integrate Qualys Vulnerability Management Detection and Response (VMDR) into their new managed security service empowers our joint customers to identify and remediate vulnerabilities and monitor threats effectively, so they can stay focused on their core business operations," said Shailesh Athalye, senior vice president, product management at Qualys. "We're excited to work with Critical Start and extend this service to customers to detect, prioritize, and remediate vulnerabilities for risks of ransomware and loss of business operations."
Key benefits of Critical Start's new offerings include:
- Foundational Asset Visibility – All Vulnerability Management Service and Vulnerability Prioritization customers gain access to a centralized, normalized, and deduplicated asset inventory built from their connected security tools that provides insights into asset criticality and security controls gaps. This lets customers determine weaknesses in their security posture while also giving them valuable insights into which assets pose the greatest risk if/when a breach occurs.
- Turnkey vulnerability management program - Customers can offload the burden of vulnerability scanning configuration, tuning, and ongoing operational monitoring to Critical Start's expert analysts, allowing their teams to focus on risk reduction and exposure management activities, with optional co-management for customers that want full visibility and control over their operational configurations.
- Clear risk visibility and actionable reporting - Executive dashboards and reports provide an up-to-date view of key risk metrics, overall risk exposure, and trending over time. Detailed reporting enables effective communication about vulnerabilities and exposures with senior management, boards of directors, auditors, and other stakeholders.
- Risk-based vulnerability prioritization - Multi-vector analysis considers factors like asset criticality, exploitability, security control posture, and threat intelligence to identify the highest risk assets and vulnerabilities with the most significant exposures requiring urgent attention.
- Improved vulnerability outcomes - Consolidating vulnerability and exposure data eliminates manual effort and allows quick access to information for reporting, decision-making, budgeting, and compliance needs.
- Integration with the Critical Start Platform – Users see their vulnerability results and prioritized remediation recommendations in the same user interface of the Critical Start Cyber Operations Risk and Response (CORR) platform as their Managed Detection and Response alerts, asset inventory and security controls gaps, and Risk Assessment posture and improvement recommendations.
These new services complement Critical Start MDR services by addressing vulnerabilities before they can be exploited. When combined with MDR, customers have a comprehensive security strategy that covers both preemptive measures and reactive measures.