Vulnerability Management

Scan for vulnerabilities everywhere (perimeter, internal networks, Amazon EC2) – accurately and efficiently.

Qualys VM is a cloud service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously secure your IT infrastructure and comply with internal policies and external regulations.

Built on the world’s leading Cloud security and compliance platform, Qualys VM frees you from the substantial cost, resource and deployment issues associated with traditional software products. Known for its fast deployment, unparalleled accuracy and scalability, as well as its rich integration with other enterprise systems, Qualys VM is relied upon by thousands of organizations throughout the world.

Scan Anywhere From a Single Console

With Qualys, you can scan systems anywhere from the same console: your perimeter, your internal network, and cloud environments (such as Amazon EC2). You can select target hosts by IP address, asset group or asset tag. And, since Qualys separates scanning from reporting, you can scan deeply and then create custom reports showing each audience just the level of detail it needs to see.

Scan On-demand or on a Schedule

Qualys gives you the flexibility to scan whenever you want. You can launch scans with a click to manually check desired hosts. Or, schedule recurring scans with specific durations to match your maintenance windows. You can even have scans operate continuously to keep constant watch for changes without overloading your network.

Scan Quickly & Efficiently

Qualys is designed to work efficiently and unobtrusively in even the largest global networks. You can choose specific groups of systems to scan or dynamically select hosts according to criteria you set using Qualys’ asset tags. Scans of internal network asset groups can be done in parallel using multiple appliances to accelerate assessments and prevent network bottlenecks.

Scan Behind Your Firewall Securely with Scanner Appliances Managed by Qualys

You can scan your internal networks securely and seamlessly with Qualys Scanner Appliances. These physical devices or virtual machine images (both of which are remotely managed 24x7x365 by Qualys) let you efficiently monitor your internal assets without opening inbound firewall ports or setting up special VPN connections.

Handle Distributed, Overlapping Networks Seamlessly

As the number of locations and functions in your organization grows, your network will become more complex. With Qualys, you can handle even complex topologies such as overlapping IP address spaces that can arise from company mergers and the connection of independently-managed private subnets.

Assess Deeply with Authenticated Scans

Qualys can securely use authentication credentials to log in to each host and uncover vulnerabilities lurking below the surface of your network. For added control, Qualys can pull credentials dynamically from a password vault and use privilege escalation systems such as “sudo.”

Scan in Amazon EC2 Without Filling Out Request Forms

Qualys is pre-authorized by Amazon for scanning instances in EC2 or VPC. There’s no hassling with request forms or waiting for approval. You can launch an instance of our Virtual Scanner Appliance AMI and begin scanning your cloud assets right away.

Scan Accurately

With the industry’s leading vulnerability KnowledgeBase and its thousands of unique checks, the Qualys Cloud Platform performs approximately one billion scans per year. Its vulnerability scans, the most difficult type, consistently exceed Six Sigma accuracy, the industry benchmark for high quality. Reliable results free you from chasing after false positives or worrying that you’ll miss important vulnerabilities.

Store Configuration Information Offsite with Secure Audit Trails

As a cloud service, Qualys provides a trusted, independent location for securely storing critical vulnerability information and tamper-resistant audit trails. Qualys automatically flags vulnerabilities that affect PCI compliance and Qualys is an Approved Scanning Vendor for PCI.

Track Vulnerabilities as They Appear, are Fixed, or Reappear

Qualys uses the data in each scan to track vulnerabilities over time—when they appear and are fixed, as well as whether they reappear later.

Monitor Certificates Deployed Throughout Your Network

Qualys finds and tracks certificates that are deployed in your network. You can see in one place which certs are about to expire, which hosts they are used on, what their key size is, and whether or not they are associated with any vulnerabilities. With the optional Qualys Continuous Monitoring, you can even have appropriate personnel notified automatically whenever certificates on your critical perimeter devices approach their expiration so that you can prevent any loss of service.

Put Critical Issues Into Context With The Industry’s Leading KnowledgeBase

Qualys separates reporting from scanning, enabling you to use a wide range of filters to explore your vulnerability findings. You can look for specific types of vulnerabilities and use criteria from Qualys’s KnowledgeBase such as severity, business risk, CVSS scores, existence of exploits or malware, and whether patches are available.

See Which Hosts Need Updates After Patch Tuesday

With Qualys’ constantly-updated KnowledgeBase, you can quickly determine which hosts will need which patches when vendors release updates each month.

Spot Trends, See What’s Changed

With Qualys, instead of looking at a single snapshot of your network, you can look at how vulnerabilities have impacted your systems over time and where things are headed. You can look at what’s changed through differential analysis, or drill into different sets of assets, all without having to re-scan.

Predict Which Hosts are at Risk For Zero-Day Attacks

With the optional Qualys Zero-Day Risk Analyzer, you can immediately know which systems are at risk when new Zero-Day threats emerge. Up-to-the-minute intelligence from VeriSign iDefense enables Qualys to alert you even before patches are publicly available so that you can take appropriate mitigating action.

Keep Track of Vulnerabilities & Actions Taken

Qualys tracks the disposition of each vulnerability on each host over time. This helps you document the actions taken in response to each vulnerability and monitor the effectiveness of your remediation efforts.

Automatically Assign Remediation Tickets

With Qualys’ remediation ticketing, you can have tickets generated automatically whenever vulnerabilities are found. You can set criteria for assigning tickets, with deadlines, to the appropriate personnel. Comprehensive ticket-tracking reports provide the history of each ticket as well as a holistic view across sets of tickets.

Create Per-host Patch Lists

Qualys’s Patch Report gives you a consolidated list of which hosts need which patches. It also identifies where to get vendors’ official patches so that you can keep your systems up-to-date and know where to apply your resources.

Integrate with Existing IT Ticketing Systems

Qualys can automatically create and close tickets in select 3rd-party IT ticketing systems.

Manage Exceptions

For times when a vulnerability might be riskier to fix than to leave alone, Qualys allows you to suspend reporting on particular vulnerabilities to avoid distracting you from more serious threats. Exceptions can be set to automatically expire after a period of time so that deferred vulnerabilities don’t get lost and can be reviewed later.