New ETM capabilities deliver predictive, provable risk reduction across hybrid environments
Qualys has unveiled major enhancements to its Enterprise TruRisk Management (ETM) platform, introducing agentic AI-powered capabilities for identity security, industry-specific threat prioritization, and exploit validation. Announced at the Risk Operations Conference (ROCon) in Houston, the updates aim to help security teams proactively reduce risk and anticipate emerging attack vectors before breaches occur.
The rise of AI has accelerated the volume and complexity of cyber threats, especially from non-human and autonomous identities. Qualys ETM now integrates Identity Risk Posture Management, contextual threat intelligence, and exploitability validation into a unified Risk Operation Center (ROC) framework—enabling measurable, enterprise-scale risk reduction.
“Agentic AI is transforming cybersecurity and forcing organizations to rethink how they manage risk.”
— Sumedh Thakar, President and CEO, Qualys
“Enterprises today need advanced solutions to address the growing risks from AI-driven threats and sophisticated adversaries,” said Tyler Shields, Principal Analyst at Omdia. “Qualys’ latest enhancements expand visibility to non-human and agentic AI identities and provide predictive, industry-specific risk insights.”
The new ETM Identity module correlates identity and asset risk across IAM systems, delivering a single Identity TruRisk™ score. It helps security teams automate remediation and shrink the attack surface by targeting lateral movement paths and securing high-risk service and machine identities.
TruLens adds real-time, tailored threat intelligence, dynamically re-ranking exposures based on live analysis and business impact. It enables faster decision-making by surfacing risks most likely to affect critical operations, with mobile access and industry-specific insights.
TruConfirm validates exploitability by safely simulating real-world attack scenarios, giving teams clear proof of risk and enabling focused remediation. Once confirmed, vulnerabilities are patched through ITSM workflows, with automatic updates to TruRisk™ scores.
“Qualys ETM rises to the challenge with expanded risk verification—now including user identities and exploit validation,” said Sumedh Thakar. “We’re empowering organizations to measure, communicate, and eliminate cyber risk in ways that drive real, verifiable risk reduction at the executive and board level.”
ETM is now generally available, with ETM Identity, TruLens, and TruConfirm offered in preview.
