Virtualized scanners and report customization for security assessment
Qualys announced a new edition of the QualysGuard Consultant service, featuring virtualized scanner appliances (vScanners) and a report customization module.
The new edition brings the power of the SaaS model to consultants, delivering accurate network auditing, comprehensive vulnerability assessments, policy compliance and web application scanning, reducing time on-site for consultants and providing data-rich, customizable reports – all at a lower cost.
The service provides:
Ease of deployment and use. Consultants can quickly and easily set up vScanners, on their laptops or at client sites to initiate engagements and perform security assessments. Consultants can also manage multiple vScanners for clients from their QualysGuard accounts, reducing time on site.
Scalability and accuracy. Leveraging the scalability of SaaS model, QualysGuard brings together, in a single platform, data of internal and perimeter networks as well as for infrastructure hosted in private and public clouds, such as Amazon EC2. Performing more than 500 million IP scan per year, QualysGuard has a reported six sigma accuracy rate of less than 3.4 errors per million scans.
Comprehensive security and compliance auditing. QualysGuard Consultant Edition simplifies the process of auditing network devices, databases and web applications by bringing together the capabilities of asset discovery, vulnerability management, web application scanning, policy compliance and PCI compliance – within one solution. A robust suite of third party integrations helps customers prioritize remediation activities by correlating discovered vulnerabilities with multiple exploit databases (like Core IMPACT and Immunity DSquare), TrendMicro Malware Encyclopedia, as well as virtual patching solutions. It empowers consultants to provide additional services like penetration testing by using QualysGuard scan data with popular frameworks like MetaSploit and Immunity CANVAS.
Custom controls for policy compliance. Flexibility in creating custom controls and policies automates the validation of systems, databases, and network devices for regulatory gap analysis and readiness services for compliance with industry regulations such as HIPAA and ISO 27002. QualysGuard Consultant Edition’s suite of third party integrations with GRC solutions (including Archer, Modulo and Rsam) helps prioritization of remediation activities for customers. This empowers consultants to provide additional risk and consulting services, including fully integrated GRC services.
Highly scalable and customizable reporting engine in the cloud. The powerful reporting engine and a comprehensive library of templates allow consultants to quickly and easily create a wide variety of dynamic reports. Specialized operational reports, such as the Qualys patch report, dramatically simplify remediation efforts. Granular customization controls provide the ability to create and manage multiple client reports from a single interface. Qualys’ SaaS reporting leverages the power of the cloud for detailed analysis of data for clients with few devices to a few million devices.
“Releasing a special consultant edition provides consultants with a more portable and engagement-oriented edition of Qualys’ products,” said Andrew Hay, senior security analyst for The451 Group. “The addition of virtualized scanner appliances to Qualys’ portfolio means that its customers will no longer be required to transport physical appliances to client sites – something that will likely reduce deployment times in addition to facilitating more affordable engagements. The new templates and frameworks for consultants may also reduce the time and tediousness normally required to create customized reports for clients.”