Mayuresh Ektare from Qualys Addresses Risk Operations Center, Human Errors, and Vulnerability Management to Mitigate Threats

TechNadu interacted with the VP of Product Management at Qualys, Mayuresh Ektare, and asked questions about enterprise security, vulnerability management, AI, and more.

Ektare shared about the Risk Operation Center (ROC) that monitors an organization highlighting the importance of a single platform for better cybersecurity implementation. He detailed Enterprise TruRisk Management (ETM) which puts a score to risk signals and seamlessly prevents threat through AI.

Ektare reiterated the importance of consolidating risk data from several sources, the scenario where cybersecurity risks are managed manually, and how companies respond to AI-driven automation.

Read the interview with Maturesh Ektare to learn more about vulnerability management, MSSPs acting as strategic advisors, and addressing cybersecurity needs to attain broader business goals.

1.  We are excited to learn more about the world’s first Risk Operations Center (ROC) with Enterprise TruRisk Management (ETM) launched by Qualys. Could you share some of its key features and how it is designed to help fight cybercrime?

The Risk Operations Center (ROC) is a centralized, cross-functional hub built to continuously monitor and manage changes across an organization’s risk surface. It brings together cybersecurity, operational, and financial risks into a single platform—enabling teams to align risk reduction strategies with business objectives and respond proactively.

Powered by Qualys Enterprise TruRisk Management (ETM), the ROC consolidates risk signals from multiple sources, prioritizes them using TruRisk Scores, and automates responses through AI-driven workflows.

With a unified asset inventory enriched with business context and Value at Risk (VAR) assessments, and consolidated findings that are enriched with curated threat intelligence, organizations can effectively prioritize what matters most for reducing risk with precision.

2.  How has the consolidation of security risk data from Qualys and non-Qualys organizations and technology alliances helped in understanding threats and increasing security?

Consolidating security risk data from both Qualys and non-Qualys sources—like Forescout, Okta AI, Microsoft, Oracle, and Wiz—gives organizations a complete, unified view of their cyber risk landscape without needing to replace tools they already rely on. By integrating data across cloud, on-premises, and hybrid environments, this approach normalizes and enriches findings with threat intelligence and business context.

As a result, security teams can cut through the noise, prioritize what matters most, and automate response workflows. Organizations can leverage their best-of-breed solutions for assessing security posture across their attack surface and decouple the risk orchestration workflows in ROC to make them tool and vendor-agnostic. Instead of juggling siloed insights, they get a consolidated view and a unified workflow across their security investments.

3.  What are the integration requirements for the ROC by companies, and do cybersecurity professionals need additional training to adapt to it? How has Qualys’ experience been with it in this short span of time?

Today, cyber risk is managed in a very fragmented and manual way. One might often encounter spreadsheets being used for aggregation, prioritization and reporting across various tools.

Adopting the Risk Operations Center (ROC) is simpler than many expect. Organizations need to bring together risk signals from across cloud, on-premises, and hybrid environments, prioritize them based on business impact, and automate response—and that’s exactly what Qualys Enterprise TruRisk Management (ETM) is built to do.

ETM provides a unified asset inventory and consolidates risk findings from multiple sources, giving teams one centralized view instead of juggling multiple dashboards. With real-time threat intelligence and business context baked in, the ROC helps teams align security efforts with what matters most to the business.

As for training, Qualys designed the ROC with intuitive workflows and AI-driven automation, so the learning curve is minimal. Most teams quickly adapt and see value fast. In our experience, organizations using the ROC are moving from unstructured firefighting to proactive, strategic decision-making—streamlining efforts and reducing risk more effectively than ever before.

4.  Qualys announced its Managed Risk Operations Center (mROC) Partner Alliance in February. Could you elaborate on its impact on improving revenue for partners and other advantages? 

Qualys’ Managed Risk Operations Center (mROC) Partner Alliance empowers MSSPs and channel partners to shift from traditional vulnerability management to delivering advanced, business-aligned cyber risk services. By centralizing and analyzing risk signals across cloud, on-premises, and hybrid environments, partners can offer tailored insights, proactive threat mitigation, and continuous risk reduction.

This transformation positions MSSPs as strategic advisors, aligning cybersecurity efforts with broader business goals. mROC also opens new revenue streams for partners through high-value services such as cyber risk quantification, compliance alignment, and automated remediation workflows.

Partners can leverage Qualys’ threat intelligence from over 25 sources, as well as a broad enterprise client base—expanding their reach and differentiation in a competitive market. The result is stronger client relationships built on measurable outcomes, from reduced risk exposure to enhanced compliance and potentially reduced premiums for cyber insurance. With mROC, partners can lead with value, scale efficiently, and grow profitability through smarter, proactive security operations.

5.  Based on common cyberattacks, what is your observation about the cause of the threat to cloud security and the role of human error in it?

Human error—often called the “layer 8” factor—is one of the biggest contributors to cloud security threats. It’s not unique to the cloud, but with the growing reliance on cloud infrastructure, misconfigurations and weak access controls are top targets for attackers. Threat actors are opportunistic and often exploit stolen credentials, usually gained through phishing, to access cloud environments, escalate privileges, and exfiltrate data.

Extortion threats are also on the rise. According to the Verizon 2024 DBIR, about one-third of all breaches involved ransomware or other extortion techniques. These types of attacks often start with simple human mistakes.

To combat this, organizations need to understand attacker tactics and take proactive steps—like applying least privilege access, securing configuration files, and automating incident response. Ultimately, minimizing human error through best practices and ongoing vigilance is key to strengthening cloud defenses.

6.  What are the distinguishing features and other details about the vulnerability management solutions offered by Qualys?

Qualys is the only vendor in the industry that offers best-of-breed vulnerability detection across the attack surface (on-premises, IT/OT/IoT, web applications, APIs, cloud assets, and AI/LLMs), an aggregation and orchestration layer to prioritize and automate workflows, and remediation technologies to patch, mitigate and eliminate cyber risks.

Qualys Vulnerability Management, Detection & Response (VMDR) delivers a comprehensive, risk-based approach to securing today’s complex digital environments. At the heart of VMDR is the TruRisk prioritization engine, which combines technical severity, exploitability, and business context to help organizations focus on what matters most—mitigating risks with real business impact. With near real-time detection of critical vulnerabilities and 99% coverage of CISA Known Exploited Vulnerabilities (KEVs), it ensures organizations stay ahead of emerging threats.

By integrating asset discovery, vulnerability detection, threat intelligence from over 25 sources, and automated remediation workflows, VMDR empowers security teams to move from simply identifying vulnerabilities to actively eliminating risk—driving smarter, faster, and more impactful security outcomes.

7.  Could AI-based innovations and technology help in reducing human errors in your opinion? What is your view about AI tools for specific functions in cybersecurity?

AI absolutely helps reduce human error in cybersecurity by automating routine tasks and spotting threats that might otherwise slip through the cracks. By analyzing large datasets and learning patterns of both normal and malicious behavior, AI can detect subtle indicators of emerging threats—making it especially valuable for early detection and predictive protection.

It’s also a huge time-saver. AI streamlines processes like threat triage and risk prioritization, allowing security teams to focus on more complex, high-impact work. But while AI enhances speed and accuracy by automating repetitive tasks, it’s not a replacement for human expertise.

Security professionals are still essential for interpreting data, making informed decisions, and handling nuanced situations. Looking ahead, the most effective approach will be human-AI collaboration—where AI handles the heavy lifting and humans guide strategy. In the next few years, AI will boost efficiency, but the human element will remain at the core of smart, resilient cybersecurity.