QualysGuard – Introduction
QualysGuard is the product of Qualys company. It covers many aspects of the IT Security workflow in an enterprise company like Asset Management, Vulnerability Scanner, Web Application Scanner, Policy Compliance.
The solution is cloud-based but you can install an appliance on premises to scan internal networks also, not only public IPs. The main concern of the customers is the security of their data because everything is stored in the cloud, the appliance being only a relay for the internal networks. To cover this concern, QualysGuard is configured in such a way that all the data is encrypted by a combination of encryption key and the password for your main administrative account (name “Manager” in the console).
QualysGuard Vulnerability Management
This is the main module where you can define the targets (Assets), the scanning options, the remediation actions, the reports, the authentication and so on. Basically form this module you can define all you need in order to generate reports regarding your network security status.
The Assets tab let you define your “targets” from the company network. The targets can be Internet domains (like prohelpdesk.ro), IPs, IP ranges. There is also a type of scan called “discovery scan” that can help discovering all the assets on specified network segments or Internet domains. These scans create a “Map” which is in fact a kind of active report containing all the assets discovered and provide a drop-down menu to take actions of them like creating Asset Groups.
QualysGuard Search Lists
After defining the assets next step would be to define some filters that here are called “Search Lists”. These lists act as filtering for other actions, for example you can define a list of specific vulnerabilities or a list of critical vulnerabilities and start a vulnerability scanner only for those.
QualysGuard Options Profile
Before starting the actual scan, it is recommended to define a scanning profile (Options Profile in the console) because in this wizard you can setup all the parameters required for scanning (port range, performance, authentication, vulnerabilities to scan for and many other settings).
Having the targets and the way how to do it, it’s time to start the scanning. In the scan wizard you can define parameters like targets (specific asset groups) and the scanning profile. The scanning can take a lot of time, depending of what you selected in the scanning profile.
The reporting tab let the customer define specific scheduled reports to be sent or run (Remediation Reports, Patch Reports, Compliance Reports and so on..). Take note that for the email options there is a limit of 5MB per report PDF file. There are already pre-defined report templates for the most used reports but you can define your own templates.
The product has its own internal ticketing system that keeps tracking for the issues found in the customer’s environment. There are some integration with third-party ticketing systems (BMC for example) but QualysGuard has a public API which can be used in order to integrate it with any software you may have.
QualysGuard Policy Compliance
This module is probably a very nice to have for the security officers because, after creating some policies that your company must comply, you just run some reports and see exactly what is not compliant with your standards. There is a nice feature to build a policy from a device which you consider as being compliant and with some fine tuning on this you get a very nice and easy to use Compliance Policy. Of course there is the possibility to build the policy from scratch but what’s the point to reinvent the wheel?
For the international standards (like PCI) there are built-in policies.
To summarize, the solution is very good and I would recommend it to any company who wants to know what is happening in it’s IT environment and who wants to have an easier life with audits.
For any details don’t hesitate to ask me here and I will try to answer as fast as I can.
For more information you can always check the Qualys site of course.