Qualys Enhances ETM with Agentic AI for Identity Security and Threats

Qualys ETM AI cybersecurity Identity security Threat intelligence Risk management Cyber resilience TruLens ETM Identity TruConfirm
Lalit Choda
Lalit Choda

Founder & CEO @ Non-Human Identity Mgmt Group

 
October 29, 2025
3 min read

TL;DR

  • Qualys has enhanced its Enterprise TruRisk Management (ETM) platform with agentic AI, introducing ETM Identity for unified identity and asset risk scoring, TruLens for real-time threat intelligence, and TruConfirm for automated exploit validation. These updates aim to empower organizations to proactively identify, prioritize, and remediate cyber risks before breaches occur, significantly improving overall cyber resilience.

Qualys Expands ETM with AI-Powered Features

Qualys has introduced enhancements to its Enterprise TruRisk Management (ETM) platform, incorporating agentic AI to bolster proactive risk management. The updates, revealed at Qualys' Risk Operations Conference (ROCon) in Houston, focus on identity security, predictive threat analysis, and exploit validation. These enhancements aim to enable organizations to anticipate and mitigate cyber risks before breaches occur. Read more about the announcement.

ETM Identity

ETM Identity is designed to reduce identity-related risks by providing visibility, context, and remediation across IAM systems. It integrates with on-premises Active Directory, Microsoft Entra ID, cloud identity providers (IdPs), and Identity as a Service (IDaaS) platforms. ETM Identity correlates identity and asset risk into a single Identity TruRisk™ score, facilitating the prioritization of exploitable attack paths and automating remediation. This includes securing high-risk service and machine identities to prevent lateral movement.

Dashboard voor ACME Corporation met de identiteitsrisicoscore, een trendgrafiek van de TruRisk-score, het totaal aan beveiligde middelen en het aantal AD-kwetsbaarheden en -misconfiguraties.

Image courtesy of Techzine Global

Corey Amsler, director of risk management at GE Vernova, noted the importance of aligning identity risk with asset risk for effective action. Qualys ETM Identity aims to unify these insights within the Risk Operations Center. Agent Grant, Qualys' AI coworker, can identify toxic privilege chains and AD to cloud attack paths, converting Identity TruRisk™ priorities into actionable steps. This includes automated remediations such as opening tickets, enforcing MFA, de-privileging accounts, or quarantining assets.

TruLens

TruLens delivers real-time, tailored threat intelligence to enhance the speed and precision of cyber risk detection, prioritization, and remediation. By applying live threat analysis and business impact context, TruLens dynamically re-ranks exposures, such as CISA KEV vulnerabilities, enabling teams to focus on critical fixes. It unifies fragmented threat and vulnerability data, enriching it with asset and business context to highlight risks affecting critical operations. Industry-specific intelligence is accessible via a Qualys mobile application, available in the Apple App Store and Google Play Store.

TruLens-Landing-1-1-scaled

Image courtesy of Qualys

TruConfirm

TruConfirm validates the exploitability of exposures before attackers can leverage them. By executing real-world attack scenarios safely, TruConfirm identifies security control failures, providing actionable proof of risk. This attacker's perspective allows for faster prioritization and accelerates mitigation by closing the loop from detection to response. Qualys ETM orchestrates patching or mitigations through ITSM workflows, verifies remediation, and updates the TruRisk™ score. Combined with TruLens, TruConfirm ensures remediation efforts focus on exposures that reduce incident likelihood.

image-19-1-scaled

Image courtesy of Qualys

Shailesh Athalye, highlighted AI-powered Patch Reliability Scoring, which provides ITOps with a reliability score for each remediation. This enables adaptive, automated patching and intelligent mitigations.

Availability

Qualys ETM is generally available. ETM Identity, TruLens, and TruConfirm are available in preview.

Lalit Choda
Lalit Choda

Founder & CEO @ Non-Human Identity Mgmt Group

 

NHI Evangelist : with 25+ years of experience, Lalit Choda is a pioneering figure in Non-Human Identity (NHI) Risk Management and the Founder & CEO of NHI Mgmt Group. His expertise in identity security, risk mitigation, and strategic consulting has helped global financial institutions to build resilient and scalable systems.

Related News

New Cybersecurity Insiders Report Highlights How Identity Sprawl Outpaces Traditional Enterprise Security Models
non-human identity security risks 2026

New Cybersecurity Insiders Report Highlights How Identity Sprawl Outpaces Traditional Enterprise Security Models

Identity-related breaches are the new norm. Discover why machine identities and Shadow AI are rendering traditional perimeter security models obsolete in 2026.

By Lalit Choda July 1, 2026 4 min read
common.read_full_article
SailPoint Acquires Entro Security to Strengthen Automated Machine Identity and Credential Lifecycle Management
non-human identity security

SailPoint Acquires Entro Security to Strengthen Automated Machine Identity and Credential Lifecycle Management

SailPoint acquires Entro Security to tackle non-human identity risks. Discover how they're securing machine credentials and autonomous AI agents in 2026.

By AbdelRahman Magdy June 30, 2026 4 min read
common.read_full_article
GitGuardian Report Identifies Non-Human Identity Sprawl as Primary Security Risk for Enterprise Infrastructure 2026
non-human identity security risks 2026

GitGuardian Report Identifies Non-Human Identity Sprawl as Primary Security Risk for Enterprise Infrastructure 2026

GitGuardian report reveals non-human identities outnumber humans 144:1. Learn the risks of AI agents and how to secure your enterprise infrastructure in 2026.

By Lalit Choda June 29, 2026 4 min read
common.read_full_article
NIST and ISO Publish New Governance Frameworks for Securing Autonomous AI Agent Identities
AI agent identity security

NIST and ISO Publish New Governance Frameworks for Securing Autonomous AI Agent Identities

Learn how new NIST and ISO frameworks are standardizing AI agent identity security. Discover best practices for managing machine-scale identity risks in 2026.

By AbdelRahman Magdy June 26, 2026 5 min read
common.read_full_article