Qualys – QualysGuard Express
Strengths: Easily deployed, highly scalable, comprehensive reporting.
Weaknesses: Hosted externally to a subscriber’s environment, but may not be appropriate depending on security policy.
Verdict: No real issues outside of the SaaS model. If that’s not an issue for your enterprise, the product will serve it well.
QualysGuard Express from Qualys uses the software-as-a-service (SaaS) model to provide vulnerability and compliance management services to customers. It combines vulnerability scanning, policy and PCI compliance, along with web application scanning and malware detection, into a single hosted console. QualysGuard offers both security novices and veterans an easy way to maintain awareness and, used properly, effectively protect their networks.
As it is cloud-based, the setup was simple. We received a welcome email containing our login credentials and URL, and after accepting the user agreement and logging in, we were presented with a welcome screen and a quick-start wizard which guided us through adding an IP scanning range, activating our scanning appliance, configuring a number of scanning options and initiating a scan.
The QualysGuard suite is made up of vulnerability management, policy compliance, PCI compliance, web application scanning, malware detection, web application firewall and questionnaire service modules. Using cloud-based and local network scanners, administrators can easily scale from a test implementation to obtain full scan coverage of their environment. Externally available servers are handled by Qualys' hosted scanners, and all internal scan coverage is provided by either a physical or virtual appliance, managed by Qualys. Scans can be scheduled or initiated manually via the console. Vulnerabilities detected by the system are tracked over time, allowing administrators to produce reports showing trends and predictions about hosts that are likely to be affected by new zero-day threats. Reporting data is generated separately from the scan data, so different reports can be run against a single scan. Too, the system supports patch reporting, offering detail on what hosts are missing which patches and what vulnerabilities would be remedied by the application of those patches. There is a built-in ticketing system to control the remediation workflow or the system can be integrated into some third-party ticketing tools by way of SMTP messages from Qualys to the third-party tool.
We found documentation very useful, particularly the Rollout Guide. While the tool is not hard to use, by dividing the documentation up into sections, the company provided specific guidance on those use cases not necessarily limited to the tool itself.
Qualys offers one, excellent support tier, which includes 24/7 phone and email support, as well as access to its online user community. Subscribers also are eligible for training and certification, which provides CISSP CLE credits and access to user conferences and seminars.
QualysGuard Express is priced based on the number of hosts being scanned. However, the pricing examples we were provided start at £1,503 per year, which provides scanning services for web applications on eight external IP addresses and PCI compliance reporting; £3,311 per year gets into the meat of the product giving subscribers scan coverage for 256 IPs and a virtual scanning appliance providing the full range of features; and £3,913 per year offers the same feature set, but provides for a physical scanning appliance. Full product support is included in the yearly subscription.
Prices are US-based, thus indicative only.