QualysGuard Features
Management
|
Automatic centralized reporting from distributed scans. |
|
|
Consolidated administration of both internal and external (perimeter) scanning. |
|
|
Flexible asset prioritization and asset grouping that gives users the ability to fix the highest priority vulnerabilities based on asset value and security policies. |
|
|
Collaboratively view and share reports with multiple users within the organization as part of a collaborative workflow. |
|
|
Daily signature updates and feature enhancements are completed automatically and transparently to the user. |
|
|
Hierarchical role-based user access controls allow delegation of responsibilities to reflect organizational structure. |
|
|
Authorized user access from any location. |
|
|
Scheduled scans and network discoveries. |
|
|
All functionality and management is available via a Web browser. |
|
|
Appliance-based; no software to install or maintain. |
Network Discovery
|
|
Network topology visualization. |
|
|
Perimeter mapping rapidly identifies all network devices that can be seen from the Internet and reports comprehensive information about them. |
|
|
Internal mapping detects and identifies all visible devices on your internal network including servers, desktops, routers, wireless access points and other networked devices. |
|
|
Detect rouge devices including virtual hosts that my have been maliciously placed on your network. |
|
|
Track device changes over time. |
Vulnerability Assessment
|
|
Comprehensive vulnerability KnowledgeBase that incorporates 6,000+ unique checks — the largest vulnerability database in the industry. |
|
|
Non-intrusive detection techniques |
|
|
Inference-based scanning engine. |
|
|
Authenticated or unauthenticated scanning capabilities. |
|
|
Internal and external scanning provides a 360-degree view of network vulnerabilities. |
|
|
Scans are configurable for optimum performance and minimum network load. |
|
|
Unique fingerprints for over 2,000 operating systems, applications and protocols. |
|
|
Customization of scans to scan for specific ports/services and specific vulnerabilities. |
|
|
Schedule and automate network discovery and vulnerability scan tasks on a daily, weekly or monthly basis. |
|
|
Automated daily updates to the QualysGuard vulnerability KnowledgeBase. |
Vulnerability Analysis
|
|
Easy access to concise, auto-generated reports via a Web browser. |
|
|
Executive Dashboard provides real-time illustration of risk. |
|
|
Graph and trend reports for managers. |
|
|
Detailed technical reports with verified remediation actions for technicians. |
|
|
SANS Top 20 Report provides industry baseline. |
|
|
Top 10 reports of the top ten most prevalent vulnerabilities (both internal and external). |
|
|
Risk analysis report predicts the likelihood of exposure. |
|
|
CVE and Security Focus-linked and Bugtraq-referenced vulnerability checks with detailed remediation instructions. |
|
|
Customizable reports for flexible, on demand reporting by business units for executives and managers. |
|
|
Export reports to HTML, MHT, PDF, CSV and XML formats. |
Remediation & Verification
|
|
Automatically generate and verify trouble tickets via dedicated remediation workflow. |
|
|
Create ticket policies to focus and automate remediation efforts. |
|
|
Ticket trending and reports by owner, asset group and vulnerability to help track performance. |
|
|
Easy-to-follow instruction to eliminate risks with links to verified solutions. |
|
|
Integration with ticketing systems and helpdesk solutions. |
Policy Compliance
|
|
Automated compliance scanning using the same QualysGuard infrastructure used for vulnerability scanning. |
|
|
Access to comprehensive policy and controls library. |
|
|
Policy library includes pre-defined, sample compliance policies based on popular compliance frameworks, including CobIT, SOX HIPAA, etc. |
|
|
Controls library provides technical controls for measuring compliances against numerous frameworks, technologies and regulations. |
|
|
Controls are based CIS benchmarks and NIST standards. |
|
|
Policy Editor to construct policies from controls and map them to internal standards and external regulations. |
|
|
Exception management workflow to create and approve exceptions. |
|
|
Collaboration capabilities to review policies and approve exceptions with internal and external auditors. |
|
|
Customizable reports showing compliance by policy, control and/or host. |
|
|
Policy Report provides full compliance status with a specific policy. |
|
|
Authentication Report identifies pass/fail status for authentication. |
|
|
Individual Host Report identifies the compliance status for a specific host. |
|
|
Control Pass/Fail Report identifies pass/fail status for a specific control. |
PCI Compliance Certification
|
|
Online version of the PCI Security Council Self-Assessment Questionnaire (SAQv1.1). |
|
|
Questionnaire draft versions can be saved at any time during the process for later completion. |
|
|
Questionnaires can be collaboratively viewed and shared by multiple users. |
|
|
Unlimited and automated PCI DSS defined network scans. |
|
|
PCI DSS-defined vulnerabilities are continuously kept up-to-date. |
|
|
Streamlined vulnerability remediation through comprehensive, step-by-step instructions with links to verified solutions. |
|
|
Web application scanning module provides users an automated tool to secure Web applications and meet PCI 6.6 requirements. |
|
|
PCI Executive Report is submitted to your acquiring banks as proof of PCI compliance. |
|
|
Auto-submit compliance status to acquiring bank. |
Deployability/Scalability
|
|
Deploys in minutes with no software installation, rollout complications or maintenance upgrades. |
|
|
Immediately accessible anytime, anywhere via a Web browser. |
|
|
On demand technology allows users to scan globally with no additional infrastructure to buy or maintain. |
Security
|
|
End-to-end encryption of vulnerability data. |
|
|
SAS/70 audited security architecture provides maximum data protection. |
|
|
Section 508 compliant. |
|
|
Optional two-factor authentication with RSA SecurID. |
|
|
Trusted, third-party certification of network security with tamper-resistant audit trails. |
|
|
Secure architecture protects scan results from tampering and manipulation. |
Interoperability
|
|
Extensible XML-based API. |
|
|
Policy Compliance SDK available for custom report generation. |
|
|
Out-of-the-box integration with existing and legacy security management consoles. |
|
|
Integration with ticketing systems and helpdesk solutions. |
|
|
Industry standard support for vulnerability scoring with Common Vulnerability Scoring System (CVSS). |
|
|
Industry standard support for the addition of custom detections using Open Vulnerability Assessment Language (OVAL). |
|
|
CVE-Compatible |
Support
|
|
24x7x365 email/telephone customer and technical support. |
|
|
Ongoing Web-based customer training. |
|
|
Technical training and regional certification workshops. |
|
|
Attendance to all Qualys users conferences and seminars. |
