Qualys Express Lite
Strengths: Vast feature set capabilities at an awesome pricepoint; 24/7/365 basic no-cost support.
Weaknesses: Scanning is not as fast as other options.
Verdict: If you’re a small business looking for a great pricepoint, the Qualys Express Lite is the perfect product.
Qualys Express Lite is a cloud-based vulnerability assessment tool intended for small businesses. This product is purchased as a cloud service, whose primary purpose is to audit the external perimeter of small business networks. For small IT operations, this offers the most value for the money because internet-facing web, email and application servers are the most frequent targets for hackers. Qualys Express Lite can be extended into the internal network by way of a preconfigured virtual or physical appliance for additional cost. Virtual appliances are available for VMware, Hyper-V and Amazon EC2. Qualys Express Lite provides administrators with all necessary tools to help track, monitor and mitigate vulnerabilities.
The tool was extremely easy to set up. For our evaluation, we were provided with access to a virtual scanner appliance. Because this is a cloud-based product, all that is needed to set up the system is a workstation with a web browser and internet access. We navigated to the website where we were prompted to login in with our credentials. After doing so, we downloaded the virtual scanner appliance for vCenter and deployed it on our system. The setup ran extremely smoothly and took less than 15 minutes to download, install and completely integrate the virtual scanner device into our network. Once we configured the network settings of our virtual scanner device, basic configuration was complete.
The product comes with an exceptional feature set at an even more exceptional pricepoint. After setup was complete, we ran an inventory scan on our test network. This helped us identify active hosts and returned the IP address as well as basic information about the hosts. From the scan results we were able to compile our identified hosts into custom asset groups. The scans are extremely simple to set up but cannot be run in parallel, trying to create additional scans simply adds them to the queue. Another very interesting feature of this solution is its map capability. This allowed us to create an interactive radial- or tree-view mapping of our network, which was then available for download in various file formats. Its feature set also includes continuous monitoring functionality as well as a malware detection service, which is capable of web application scanning and uses an up-to-date "zero-day" malware database. It comes preconfigured with PCI compliance capabilities and also allows users to create custom policies.
Although we did not receive any hands-on documentation, the available resources and links sent from the company to aid the initial setup were extremely well written. The setup guide includes more than enough information to get the tool running. The configuration process is not complex and takes no more than 20 minutes to complete.
Qualys offers its clients free support with the purchase of its product. For customers who desire extra support, fee-based extras are also available. The purchase price of the product includes phone, email and web support, available 24/7/365. A technical account manager is provided who will come onsite to assist if necessary. For the ultimate in support, customers can request a Qualys resident technical resource remain onsite full-time for additional annual cost.
Overall, Qualys Express Lite is a great product. It is evident that the company values its customers highly and stands behind its product because of its exceptional support offerings. This cloud-based vulnerability management tool is an absolute necessity for all small businesses, especially those with a limited budget. Not only will you get the security you need from this product, but you will also reap the benefits of its vast feature set. This offering is more than enough to provide organisations with the necessary security to safely and confidently conduct business.
Prices are US-based and therefore indicative only.