Penetration Testing mailing list archives
Re: QualysGuard - VA/PT appliance
From: NewYork User <newyorkuser () gmail com>
Date: Wed, 24 Aug 2005 09:47:03 -0400
Prasanna, I have used this for one of our assessments. Makes your life so much easier for initial scanning for vulnerabilities. We did have some false alarms, but over all the client was very satisfied by the reports. It is true that they store the reports on their servers. The appliance has to be connected to the same network for which the assessment is being done. The appliance has an SSL connection to their huge storage with several layers of security. Outbound 443 is open on any network. Also, you can connect to your qualys appliance from any where. You basically login to their servers which has the SSL connection already established to your appliance. They claim that the data is not accessible by any one except us what so ever. There is a pretty good explanation on their website showing the entire process. But if you guys have problem storing the data on their servers, I would think again. It is the convenience, user management and accuracy that makes Qualys more attractive solution than others. Hope this helps. On 8/23/05, marc bayerkohler <lists.marc () gmail com> wrote:
This sounds just like the FusionVM product from CriticalWatch. http://www.criticalwatch.com/solutions.html You install their box, which VPNs home. You schedule the assessments and read the output through their portal. The reporting is very flexible, it is via a web application, so you can give a manager an account so he can view just the results for his machines, etc. It is also tied in to a ticketing system you can use for remediating the issues. marc bayerkohler ---------- Forwarded message ---------- Date: Tue, 23 Aug 2005 10:49:26 +0530 From: prasanna.mukundan () wipro com To: pen-test () securityfocus com Subject: QualysGuard - VA/PT appliance http://www.qualys.com/products/qgcons/ We have are evaluating an appliance by Qualys, called QualysGuard that purportedly "enables security auditors to scope and perform detailed vulnerability assessments anytime, anywhere, using nothing more than a Web browser." Has anyone used this appliance? If so could you give me your feedback on the product?From what I have seen of it in a couple of days, it seems to initiate ascan(for s/w vulnerabilities) from the intranet of a network, but sends the data to the internet/qualys server (and accessed via qualys' website), which imo while have the regulators and auditors screaming. I would appreciate if anyone could confirm/correct that. Thanks, Prasanna Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or Mailadmin () wipro com immediately and destroy all copies of this message and any attachments.
Current thread:
- QualysGuard - VA/PT appliance prasanna.mukundan (Aug 23)
- AW: QualysGuard - VA/PT appliance Engelke, Stephan (Aug 24)
- <Possible follow-ups>
- RE: QualysGuard - VA/PT appliance Gonenc, Ozan (Aug 23)
- Re: QualysGuard - VA/PT appliance David Dischler (Aug 23)
- Re: QualysGuard - VA/PT appliance Norman Girard (Aug 24)
- Re: QualysGuard - VA/PT appliance David Dischler (Aug 23)
- QualysGuard - VA/PT appliance marc bayerkohler (Aug 23)
- RE: QualysGuard - VA/PT appliance Richard Zaluski (Aug 24)
- Re: QualysGuard - VA/PT appliance NewYork User (Aug 24)
- Re: QualysGuard - VA/PT appliance Stefano Zanero (Aug 24)
- Re: QualysGuard - VA/PT appliance Julio Uricari (Aug 24)
- Re: QualysGuard - VA/PT appliance Gary Nichols (Aug 24)
- Re: Re: QualysGuard - VA/PT appliance tervanp (Aug 24)
- RE: QualysGuard - VA/PT appliance prasanna.mukundan (Aug 26)