QUALYS
Risk Assessment

Qualys - Risk Assessment

Continuously detect and protect against attacks,
anytime, anywhere.

Qualys VM is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

Built on the world’s leading cloud-based security and compliance platform, Qualys VM frees you from the substantial cost, resource and deployment issues associated with traditional software products. Known for its fast deployment, unparalleled accuracy and scalability, as well as its rich integration with other enterprise systems, Qualys VM is relied upon by thousands of organizations throughout the world.

Qualys-Vulnerability Management

Key Features

Agent-based detection

In addition to our scanners, VM also works with the groundbreaking Qualys Cloud Agents, extending its network coverage to assets that can’t be scanned. The lightweight, all-purpose, self-updating agents reside on the assets they monitor— no scan windows, credentials, or firewall changes needed. Vulnerabilities are found faster, and network impact is minimal.

Constant monitoring and alerts

When VM is paired with Continuous Monitoring (CM), InfoSec teams are proactively alerted about potential threats so problems can be tackled before turning into breaches. You can tailor alerts and be notified about general changes or specific circumstances. CM gives you a hacker’s-eye view of your perimeter, acting as your cloud sentinel.

Comprehensive coverage and visibility

Qualys VM continuously scans and identifies vulnerabilities with Six Sigma (99.99966%) accuracy, protecting your IT assets on premises, in the cloud and mobile endpoints. Its executive dashboard displays an overview of your security posture and access to remediation details. VM generates custom, role-based reports for multiple stakeholders, including automatic security documentation for compliance auditors.

VM for the perimeter-less world

As enterprises adopt cloud computing, mobility, and other disruptive technologies for digital transformation, Qualys VM offers nextgeneration vulnerability management for these hybrid IT environments whose traditional boundaries have been blurred. With its fast deployment, low TCO, unparalleled accuracy, robust scalability, and extensibility, Qualys VM is relied upon by thousands of organizations throughout the world.

Benefits

Qualys VM is the industry’s most advanced, scalable and extensible solution for continuous vulnerability management and compliance. Its capabilities are powered by the Qualys Cloud Platform.

  1. 2-second visibility – Gives you full clarity into your data center assets, identifies their vulnerabilities, prioritizes remediation and assesses IT compliance.
  2. Continuous, comprehensive protection – Continuously monitors your environment, and flags traffic anomalies and compromise indicators.
  3. Accurate, prioritized results – Features a powerful data analysis, correlation and reporting engine.
  4. Lower and more predictable TCO – No capital expenditures, extra human resources or infrastructure or software to deploy and manage.
BEOtech - Benefits of Solution

Detailed Features

With Qualys, you can quickly determine what’s actually running in the different parts of your network—from your perimeter and corporate network to virtualized machines and cloud services such as Amazon EC2. Uncover unexpected access points, web servers and other devices that can leave your network open to attack.

  • Visually map your network with our graphical host map
  • Prioritize your remediation by assigning a business impact to each asset
  • Identify which OS, ports, services and certificates are on each device on your network
  • Organize hosts to match the structure of your business—e.g., by location, region, and company department
  • Control which hosts can be scanned by which users
  • Continuously monitor your perimeter for unexpected changes with our optional Continuous Monitoring service
  • Dynamically tag assets to automatically categorize hosts by attributes like network address, open ports, OS, software installed, and vulnerabilities found
Qualys-Scan-for-Vulnerabilities

Scan for vulnerabilities everywhere, accurately and efficiently

Scan systems anywhere from the same console: your perimeter, your internal network, and cloud environments (such as Amazon EC2). Since Qualys separates scanning from reporting, you can scan deeply and then create custom reports showing each audience just the level of detail it needs to see.

  • Select target hosts by IP address, asset group or asset tag
  • Scan manually, on a schedule, or continuously
  • Scan behind your firewall securely with Scanner
  • Appliances, remotely managed by Qualys 24/7/365
  • Scan complex internal networks, even with overlapping private IP address spaces
  • Securely use authentication credentials to log in to each host, database or web server
  • Scan in Amazon EC2 without filling out request forms—Qualys is pre-approved
  • Save time with our Six Sigma accuracy rate—no more chasing after false positives
  • Store configuration information offsite with secure audit trails
Qualys-Identify-and-Prioritize-Risks

Identify and prioritize risks

Using Qualys, you can identify the highest business risks using trend analysis, Zero-Day and Patch impact predictions.

  • Track vulnerabilities over time: as they appear, are fixed, or reappear
  • Monitor certificates deployed throughout your network—see what’s about to expire, which hosts they are used on, what their key size is, and whether or not they are associated with any vulnerabilities
  • Put critical issues into context with the Qualys’ industry-leading, constantly updated KnowledgeBase
  • See which hosts need updates after Patch Tuesday every month
  • Examine your network’s vulnerabilities over time, at different levels of detail, instead of just single snapshots
  • Predict which hosts are at risk for Zero-Day Attacks with the optional Qualys Zero-Day Risk Analyzer
Qualys-Remediate-Vulnerabilities

Remediate vulnerabilities

Qualys’ ability to track vulnerability data across hosts and time lets you use reports interactively to better understand the security of your network. Use a library of built-in reports, change what’s shown or choose different sets of assets — all without having to rescan. Reports can be generated on demand or scheduled automatically and then shared with the appropriate recipients online, in PDF or CSV.

  • Automatically generate and assign remediation tickets whenever vulnerabilities are found
  • Get consolidated reports of which hosts need which patches
  • Integrate with third-party IT ticketing systems
  • Manage exceptions when a vulnerability might be riskier to fix than to leave alone
  • Exceptions can be set to automatically expire after a period of time for later review

Custom reports anytime, anywhere — without rescanning

Qualys’ ability to track vulnerability data across hosts and time lets you use reports interactively to better understand the security of your network. Use a library of built-in reports, change what’s shown or choose different sets of assets — all without having to rescan. Reports can be generated on demand or scheduled automatically and then shared with the appropriate recipients online, in PDF or CSV.

  • Create different reports for different audiences— from scorecards for executives, to detailed drilldowns for IT teams
  • Document that policies are followed & lapses get fixed
  • Provide context & insight about each vulnerability, including trends, predictions, and potential solutions
  • Track ongoing progress against vulnerability management objectives
  • Share up-to-the-minute data with GRC systems & other enterprise applications via XML-based APIs
Qualys-Custom reports

Powered by the Qualys Cloud Platform – the revolutionary architecture that powers Qualys’ IT security and compliance cloud apps

Sensors that provide continous visiblity

On-premises, at endpoints or in the cloud, the Qualys Cloud Platform sensors are always on, giving you continuous 2-second visibility of all your IT assets. Remotely deployable, centrally managed and self-updating, the sensors come as physical or virtual appliances, or lightweight agents.

Respond to threats immediately

With Qualys’ Cloud Agent technology, there’s no need to schedule scan windows or manage credentials for scanning. And Qualys Continuous Monitoring service lets you proactively address potential threats whenever new vulnerabilities appear, with real-time alerts to notify you immediately.

All data analyzed in real time

Qualys Cloud Platform provides an end-to-end solution, allowing you to avoid the cost and complexities that come with managing multiple security vendors. The Qualys Cloud Platform automatically gathers and analyzes security and compliance data in a scalable, state-of-the-art backend, and provisioning additional cloud apps is as easy as checking a box.

See the results in one place, anytime, anywhere

Qualys Cloud Platform is accessible directly in the browser, no plugins necessary. With an intuitive, single-pane-of-glass user interface for all its apps, it lets you customize dashboards, drill down into details, and generate reports for teammates and auditors.