Qualys Unveils AI-Powered Patch Reliability Scoring
Qualys has recently rolled out a groundbreaking feature known as AI-Powered Patch Reliability Scoring, now integrated within its TruRisk Eliminate platform. This innovative capability empowers organizations to anticipate potential issues with software patches before they are deployed, facilitating more informed, risk-based patching decisions.
The Challenge of Patch Rollbacks
According to Eran Livne, Senior Director of Product Management at Qualys, patch rollbacks can be more than just a minor inconvenience; they can be major disruptions. They consume critical time, lead to service outages, and create security vulnerabilities as teams race to stabilize systems. With the increasing volume of patches and the rise in critical vulnerabilities, traditional patch management strategies—relying on a simplistic “deploy and see” method or endless testing—simply cannot keep pace with current demands.
How Patch Reliability Scoring Works
The AI-Powered Patch Reliability Score employs artificial intelligence to analyze vast amounts of real-world data. By evaluating feedback from various public sources, it generates straightforward scores that track the stability of patches throughout their lifecycle. A high reliability score indicates that deployment can occur more swiftly, while a low score signals the need for more rigorous testing or careful planning before rollout.
This predictive capability is particularly crucial in an era where the frequency of rolled-back patches has escalated. Data derived from anonymized Qualys telemetry revealed that some of the most commonly reversed patches—like advisory USN-7545-1 and several Windows updates (KB5065426, KB5063878, KB5055523, and KB5066835)—were assessed as “Low Reliability” by the new scoring system, aligning with the real-world experiences faced by users.
Complementary Mitigation Strategies
Beyond scoring, organizations can enhance their patch management strategies by utilizing Qualys-curated mitigation techniques. These strategies aid in reducing risk while patches undergo comprehensive testing or are staged for secure deployment. This dual approach of scoring and mitigation allows for a more agile and secure operational framework.
Benefits for Organizations
Implementing the AI-Powered Patch Reliability Scoring offers several key benefits for organizations, including:
- Foreseeing potential patch instability before outages arise
- Focusing testing efforts where they are needed most
- Speeding up deployment under favorable conditions
- Utilizing mitigations to maintain security during the testing phase
Livne stresses that today’s patch management landscape is not just about rapid deployment; it’s also about ensuring predictability. With the introduction of this AI-powered capability, organizations can expect fewer instances of guesswork, a decrease in rollbacks, and improved security outcomes.
Availability
The AI-Powered Patch Reliability Scoring functionality is available to all customers using Qualys TruRisk Eliminate, enhancing their ability to navigate the complexities of modern patch management.
