Security Basics mailing list archives
Regularly Vulnerability Assessment using QualysGuard - Pro/Cons?
From: André Gasser <andre.gasser () gmx ch>
Date: Fri, 16 Dec 2011 19:54:38 +0100
Hello list, I am writing regarding the commercial QualysGuard Vulnerability Management solution [1]. The last few days I was playing with the QualysGuard Vulnerability Management solution and I must say, that I really like the way it works. It allows you to attach a Qualys box to a network segment and then run regular vulnerability scans inside that environment. Now, I face the problem, that there seem to be many customer around which do not like the way Qualys handles authenticated scans. Since Qualys runs a cloud-based concept, all the access credentials required for doing authenticated scans, are stored in their data centers. For some customers, this is a killer criteria. I understand, that customers do not like the way it is. Since I am no Qualys expert, I would like to hear some opinions from you. If you use Qualys, how do you handle this situation? And if you do not use Qualys, what tools do you use to conduct regular vulnerability assessments? Do you use plain nessus or a tool like this? I think Qualys is a very good tool for running vulnerability assessments on a regularly basis. To be honest, I am not aware of the effective costs of such a Qualys sucscriptions. But isn't that cheaper than sending an auditor to the customers site once a week? Especially if you need to conduct a lot of scans, sending auditors could become very expensive, doesn't it? Because of the problem regarding authenticated scans, we are currently looking for products who do not store credentials in the cloud and which can be used to easily conduct regular vulnerability assessments. I higly appreciate your comments on this. Thanky you very much for your time, André [1] http://www.qualys.com/products/qg_suite/vulnerability_management/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Regularly Vulnerability Assessment using QualysGuard - Pro/Cons? André Gasser (Dec 19)