Cloud Security

VMDR: What it is, and how it fits into cloud-native infrastructure and applications

Cloud-native development allows organizations to develop apps that are more scalable and have greater elasticity than traditional platforms. But the use of cloud-native components like container orchestration and distributed infrastructure creates more opportunity for attackers to exploit misconfigurations and other vulnerabilities in the development pipeline. 

Vulnerability management, detection and response, or VMDR, is the industry’s answer to this problem, pulling together disparate security functions into a single automated workflow so that DevOps teams can better identify, prioritize and fix the most vulnerable assets before they’re released for deployment. While speed and scalability of the cloud environment are important features for any growing business, managing vulnerabilities is integral to securing cloud implementation. Consider that:

  • There is broad consensus that cloud-native application challenges are leading to slower deployment cycles, with 2 in 3 respondents in a recent survey pointing to security as the top impediment.

  • 53% of IT respondents surveyed by CRA Business Intelligence said their top concern about storing data in the cloud was a lack of detection and response capabilities, while 36% pointed specifically to lack of prevention capabilities in cloud-native services as their greatest concern.

Poor vulnerability management is the common denominator to these deficiencies. Traditional perimeter-based defenses simply can’t keep up with the rapid spin-up of microservices and serverless architecture that cloud-native development entails. 

Recognizing these gaps, more organizations are giving serious thought to how VMDR can address their cloud-native security needs.

What is VMDR?

  1. Automatic asset management and discovery enables organizations to know what’s on their network, tracking not just approved cloud-based assets but also unauthorized devices and endpoints that shouldn’t be there. The detailed info it collects on each asset (i.e. performance, origin, file type, dependencies) is then fed into a global IT asset inventory, which is updated in real-time to reflect changes in the environment.
  1. Automated vulnerability management lets organizations know the compliance status and security posture of their cloud assets. Qualys, a provider of VMDR solutions, provides customers with a customizable dashboard where they can check these status updates in real time, including alerts of discovered vulnerabilities and misconfigurations.
  1. Threat detection and prioritization. With help from threat intelligence, advanced correlation, and machine learning, VMDR will automatically prioritize the most critical assets among a potential field of hundreds so that organizations can truly focus resources on the most time-sensitive, at-risk vulnerabilities.
  1. Response and patch deployment: Upon registering a threat, VMDR can immediately go into action by either patching the vulnerability or quarantining it so it cannot spread through the network. VMDR uses multiple inputs and criteria – the common vulnerability scoring system (or CVSS), real-time threat indicators, historical risk trends, and known threat actors – to make sure that its response and patch procedures prioritize remediation of the most critical risks.
A VMDR user dashboard lets organizations easily see top risks and vulnerable assets in need of remediation. (Credit: Qualys)

Why VMDR makes sense for cloud-native workloads

VMDR makes a lot of sense for organizations taking the cloud-native route because of how well its security functions integrate and scale to cloud-native demands. Traditional or legacy app development tends to rely heavily on in-house server space, which requires considerably greater maintenance and attention than the cloud. Routine patch management, identity and access management, regular updating, and proper configuration are par for the course when it comes to owning and maintaining a server. On top of these responsibilities, size and bandwidth constraints means that a single server can only provide infrastructure to a limited number of apps and end-user devices before performance is inhibited. Cloud services don’t suffer from those limitations, but they do require a more adaptive security model that can manage vulnerabilities at the scale and speed of this serverless environment. 

Purpose-built for the cloud, VMDR stands out from the crowd because of its emphasis on automating vulnerability management so that organizations can better understand, anticipate, and act intelligently with regard to risk. This is a great fit for protecting cloud-native applications for several reasons. 

  • VMDR can provide developers proactive detection early and continuously. VMDR takes the process of shifting security left to the next level by providing engineers with critical insights and easy-to-use tools to fix vulnerabilities that are automatically flagged early in the pipeline. One of these tools is drag-and-drop visual no-code workflows, which allows devs the opportunity to automate previously tedious and time-intensive vulnerability management checks. Another benefit is out-of-the-box integration with IT service management tools, such as ServiceNow or JIRA, which automatically generates remediation tickets and tags vulnerable assets with risk scores for devs to address.  
  • VMDR analyzes dependencies and business criticality to identify risk. Security teams consistently report that alert fatigue is a problem. On average, IT professionals see over 500 cloud security alerts per day. Even with a designated cloudsec admin, this is an untenable workload for most security teams. VMDR streamlines vulnerability management by automating alert analysis and risk assessment, and by prioritizing assets that require immediate remediation.
  • VMDR drives critical context for treating vulnerabilities. VMDR provides real-time visibility into cloud assets and dependencies, which allows DevOps teams to understand the context surrounding identified vulnerabilities, including overall risk and potential impact. This allows teams to resolve vulnerabilities in the order that they matter, from critical to least critical. Case studies from Qualys show that VMDR customers were able to successfully patch CISA’s Top 15 known exploited vulnerabilities of 2021 60% faster than customers with traditional patch management solutions, dramatically reducing mean time to remediation (MTTR).
Daniel Thomas

Daniel Thomas is a technology writer, researcher, and content producer for CyberRisk Alliance. He has over a decade of experience writing on the most critical topics of interest for the cybersecurity community, including cloud computing, artificial intelligence and machine learning, data analytics, threat hunting, automation, IAM, and digital security policies. He previously served as a senior editor for Defense News, and as the director of research for GovExec News in Washington, D.C.. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.