Home | news.qualys.com | laws.qualys.com |

Qualys.jp | Contact Us | Search

Contact

Trials

Free 14-Day Trial: Risk free, no commitment.
No software to download.

Free One Time Scan: Scan 1 publicly facing IP.
Identify network assets.
Scan systems for vulnerabilities.

Guides & Whitepapers

Effective Vulnerability Management: Learn how to proactively secure your network with vulnerability management & policy compliance

Effective Remediaton Of Vulnerabilities & Policy Compliance: Get the facts on how to reduce risk and prevent attacks

7 Steps To Achieve, Measure & Prove Risk Reduction: Get the essential aspects of putting into place a measurable and sustainable vulnerability management program

More >

Immunize your network from security threats, by eliminating their targets - Network Vulnerabilities

To succeed in today's marketplace, networks must be safe, open, and interconnected making it easy to exchange information with customers, suppliers and business partners around the globe. Without proper management, however, these same network efficiencies can pose serious security risks.

Present-day information security threats such as Internet Worms, Denial of Service attacks, viruses, and other intrusions are more sophisticated, frequent, and dangerous than ever before. Moreover, the dramatic increase in vulnerabilities discovered, along with the speed at which new threats are created make this challenge even steeper. Measuring and managing network risk is a significant challenge for companies of all sizes.

Additional defense solutions such as firewalls, antivirus software and intrusion detection systems are necessary layers of security, but are incapable of proactively detecting network vulnerabilities and cannot reliably prevent attacks. Today's attacks bypass these layers of protection and directly target network weaknesses.

Vulnerability management is a critical component of any security infrastructure because it enables proactive detection and remediation of security vulnerabilities. Security professionals that use vulnerability management tools are able to correct weaknesses before they are exploited and no longer rely solely on defensive security measures to protect themselves. According to the Yankee Group, frequent and thorough vulnerability management is a best practice every company should follow.

Vulnerability Management Lifecycle

The rate at which new security vulnerabilities are being discovered continues to increase and the time it takes to develop and share exploits for those vulnerabilities (in the form of manual exploits, worms, viruses and Trojans) continues to decrease. As a result, it is no longer sufficient for organizations to perform yearly or even quarterly network audits.

According to the Yankee Group's Best Security Practices, organizations should perform vulnerability management on a daily or weekly basis. Vulnerability management is a lifecycle process consisting of six steps:

QualysGuard Vulnerability Management Lifecycle

Discover

Discover all assets across the network, and identify host details including operating system and open services.

Prioritize Assets

Manage your network by categorizing assets into groups or business units.
Assign a business value to asset groups based on its criticality to your business operation.

Assess

Determine a baseline risk profile so you can focus on eliminating risks based on asset criticality.
Identify security vulnerabilities on a regular automated schedule.

Report

Measure the level of business risk associated with your assets according to your security policies.
Trend overall security posture over time.

Remediate

Prioritize and fix vulnerabilities by business risk.

Verify

Verify the elimination of threats through follow-up audits.

Screenshots

Solution: QualysGuard

QualysGuard automates all steps of the vulnerability management lifecycle process allowing organizations to strengthen the security of their networks and conduct automated security audits to ensure compliance with external regulations and internal corporate policies.

As an on demand solution, QualysGuard can be deployed in a matter of hours anywhere in the world, providing customers an immediate view of their security and compliance posture. QualysGuard is the widest deployed security on demand solution in the world, performing over 150 million IP audits per year.

Click to view

Key features of QualysGuard:

Discover and prioritize all network assets

Identify all network devices and software applications that reside within your infrastructure, and identify host details including operating system and open services.

Proactively identify and fix security vulnerabilities

Safely and accurately detect and eliminate the vulnerabilities that make network attacks possible.

Manage and reduce business risk

Reduce risk by automating vulnerability identification and prioritizing remediation based on mission critical systems and high-severity vulnerabilities.

Ensure compliance with laws, regulations and corporate security policies

Document regulatory compliance via automated agent-less auditing, tamper resistant audit trails and the certainty that comes with third-party assessment.

Achieve compliance with Payment Card Industry (PCI) Data Security Standard

Achieve PCI compliance status with QualysGuard's testing and compliance application.