Qualys Cloud Platform

In my previous organisation (capgemini), I had implemented and used qualys for vulnerability scanning and management. It is very user friendly tool and it has very organised way to manage the scanning asset and option profile as well as reporting service and remediation steps. Can be easily integrated with splunk to get the logs at centralised location to investigate and monitor the status of patching.

We use the Qualys Cloud Platform for three main strands in our information security. Firstly it gives us excellent visibility of internal and external vulnerabilities across our technology estate. This allows us to identify any potential gaps in software patching, and determine whether any vulnerable end-of-life software is installed on any of our physical or virtual devices. Secondly, we use Qualys for scheduling, analysing and managing PCI scans, a requirement of our PCI DSS certification as a Level 1 service provider. Finally, and more and more crucially as we migrate an increasing number of workloads into the cloud, we use the Qualys CloudView product to report on any potential insecure configuration issues across our AWS & Azure estates. Using a single vendor for these three key pieces of functionality enables us to better manage costs, and leverage our existing customer success relationship. Qualys are excellent both at reactive customer support for security incidents or technical queries, and proactively reaching out to us to make sure we're both making the best use of the functionality included in our existing contract and working with us to see if there's anything they can do to help with our emerging and ongoing security challenges and requirements.

We are using Qualys to monitor all our infrastructure residing in both AWS and Azure infrastructure. We also monitor web URLs. This is used by both IT and operations. We periodically run the scans and get the reports and make sure all the systems are in line with our security policies. As a result of this we are able to correct any violation almost immediately especially around the new resources that are continuously created.

Qualys is our main vulnerability management solution, it is responsible for scanning 200+ assets.

We use Qualys as the main vulnerability scanner. It is used to scan the on-premise devices such as servers, switches, etc.
We have several scanners deployed in different locations in order to cover all sites, and scheduled scans that run on a periodic basis.
Qualys helps us to prioritize the mitigation, it includes not only OS patches, but also 3rd party software.

It is being used both across the whole organization, as well as at the department level. It is the platform used. It is used mainly for vulnerability scanning endpoints on the network, and then remediating those vulnerabilities. It is also used by some do do reporting and tracking of vulnerabilities. Internally, we mainly use it to scan individual computers, and well as groups of computers within a certain department. With regards to the vulnerabilities, we can determine if patching is needed on the endpoints.

It addresses the business problem of helping to secure networks from intrusions and vulnerabilities. It helps IT see what computers on the network has vulnerabilities, and offers them an opportunity to remediate those vulnerabilities.

We used the Qualys API and python to create rolling scheduled scans of every 2 weeks for every network for our organization. We first focused on critical and high vulnerabilities with direction to remediate or remove the system within 30 days. We saw a drastic reduction in number of attacks and compromises for systems across the enterprise.

We used Qualysguard to automate testing of our environment for vulnerabilities. We used several groups to run the testing some with longer and more extensive tests. Mostly this was done in two phases, once before a resource was deployed for use and then several times after over duration to ensure any vulnerabilities were caught.