Re: Vulnerability Assessment Scanner qualysguard

["Perry, Jeff" <perry () KU EDU>]

Anand,
 
We just recently completed a project to test and acquire new vuln scan
systems for our campus.  I briefly looked at Qualys as that is what our
third party auditing firm uses (and thus we've seen a lot of Qualys
reports).  A major concern of our team was the SAAS (software as a
service) nature of the product.  I.e. they store and maintain your all
you scan data (or so we've been told by many people).  Our concern there
was that we use the scan data for many things and integrate scan data in
to other tools/products (such as asset systems and SIM systems for
correlation).  We also have multiple way we do scans (inside, outside,
through firewall, behind firewall) and wanted the flexibility of a
system we could integrate easily and still have that flexibility.  That
said, in the end, we did not trial the product in-house.  If you want to
converse about what we chose and why send me an email.  Sorry to reply
to list, your message didn't contain your email address.
 
Best of luck,
 
Jeff Perry
Manager, Security Services and Operations
IT Security Office
The University of Kansas
perry () ku edu

 
________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade
Sent: Wednesday, February 04, 2009 3:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vulnerability Assessment Scanner qualysguard



 

 We are looking to deploy a Vulnerability Management scanning solution
and potentially looking at the qualys-guard on demand system taking into
consideration of ease of deployment and maintenance.  I would like to
know if any other universities have evaluated/deployed this solution and
feedback on the same.

 

Thanks,

Anand

 

Anand Malwade

Seton Hall University