"Speaking at Qualys' newly rebranded ROCon conference (formerly QSC), Thakar explains SOC are very good at some things, but not so good at others. If you want things like 24/7 breach detection and immediate remediation, a SOC is indispensable. However, a SOC is not built to helpt organizations with strategic risk planning over months and quarters. For that, they need a Risk Operations Center, or ROC. As Qualys has always focused heavily on vulnerability and therefore also risk, it is well-positioned to offer that ROC to organizations."
"Qualys has evolved from its vulnerability management roots founded in 1999. The company now positions itself at the cross-roads of multiple security disciplines: vulnerabilities, misconfigurations, and identity. The goal is to standardize all of these in one risk scoring framework, Thakar says. An important reason for going in this direction is tool sprawl. That is, organizations drowning in disparate risk scores from many different tools. Tools that each speak a different language too."
"Qualys' True Risk Score platform aims to translate technical findings into business impact measured in euros or dollars. "At the end of the day, what is the need for a dashboard?" Thakar asks rhetorically. "Really what you want to be able to do is get it fixed. The dashboard is just one step along the journey.""
Organizations require both a Security Operations Center (SOC) for 24/7 breach detection and immediate remediation and a Risk Operations Center (ROC) for proactive, strategic risk planning across months and quarters. A ROC focuses on translating technical vulnerabilities, misconfigurations, and identity issues into business impact and prioritized remediation. Consolidating disparate tools and scores into a single risk scoring framework reduces tool sprawl and inconsistent languages. True Risk Score platforms can quantify business exposure in monetary terms to guide prioritized fixes. Dashboards provide visibility, but the primary goal is driving remediation and reducing business risk through coordinated, time‑horizon aware operations.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]