Qualys – QualysGuard Express
February 03, 2014
Starting £1,503 per year.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easily deployed, highly scalable, comprehensive reporting.
- Weaknesses: Hosted externally to a subscriber’s environment, but may not be appropriate depending on security policy.
- Verdict: No real issues outside of the SaaS model. If that’s not an issue for your enterprise, the product will serve it well.
QualysGuard Express from Qualys uses the software-as-a-service (SaaS) model to provide vulnerability and compliance management services to customers. It combines vulnerability scanning, policy and PCI compliance, along with web application scanning and malware detection, into a single hosted console. QualysGuard offers both security novices and veterans an easy way to maintain awareness and, used properly, effectively protect their networks.
As it is cloud-based, the setup was simple. We received a welcome email containing our login credentials and URL, and after accepting the user agreement and logging in, we were presented with a welcome screen and a quick-start wizard which guided us through adding an IP scanning range, activating our scanning appliance, configuring a number of scanning options and initiating a scan.
The QualysGuard suite is made up of vulnerability management, policy compliance, PCI compliance, web application scanning, malware detection, web application firewall and questionnaire service modules. Using cloud-based and local network scanners, administrators can easily scale from a test implementation to obtain full scan coverage of their environment. Externally available servers are handled by Qualys' hosted scanners, and all internal scan coverage is provided by either a physical or virtual appliance, managed by Qualys. Scans can be scheduled or initiated manually via the console. Vulnerabilities detected by the system are tracked over time, allowing administrators to produce reports showing trends and predictions about hosts that are likely to be affected by new zero-day threats. Reporting data is generated separately from the scan data, so different reports can be run against a single scan. Too, the system supports patch reporting, offering detail on what hosts are missing which patches and what vulnerabilities would be remedied by the application of those patches. There is a built-in ticketing system to control the remediation workflow or the system can be integrated into some third-party ticketing tools by way of SMTP messages from Qualys to the third-party tool.
We found documentation very useful, particularly the Rollout Guide. While the tool is not hard to use, by dividing the documentation up into sections, the company provided specific guidance on those use cases not necessarily limited to the tool itself.
Qualys offers one, excellent support tier, which includes 24/7 phone and email support, as well as access to its online user community. Subscribers also are eligible for training and certification, which provides CISSP CLE credits and access to user conferences and seminars.
QualysGuard Express is priced based on the number of hosts being scanned. However, the pricing examples we were provided start at £1,503 per year, which provides scanning services for web applications on eight external IP addresses and PCI compliance reporting; £3,311 per year gets into the meat of the product giving subscribers scan coverage for 256 IPs and a virtual scanning appliance providing the full range of features; and £3,913 per year offers the same feature set, but provides for a physical scanning appliance. Full product support is included in the yearly subscription.
Prices are US-based, thus indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry