Penetration Testing mailing list archives
Re: QualysGuard - VA/PT appliance
From: David Dischler <david.dischler () gmail com>
Date: Tue, 23 Aug 2005 18:04:29 -0400
I worked for a Network Security Assessment company in the past (sales) and encountered many customers who used QualysGuard. To be honest, most were not pleased with not only the quality for the price, but some of the "Handcuffs" they encountered based on functionality. I would recommend looking into TraceSecurity's product TraceAssess. They can be reached at http://tracesecurity.com/products/trace-assess.php. The software package they offer works the same way in that it is web-based, but it allows for On-Demand and/or Scheduled Internal/External VA's and has a Patch add-on (also web-based) for quick reference to patch links/information. It runs on simple requirements (hardware speaking) and very simple setup. It has been a while since I worked there, but when I did, the prices were pretty competitive.
P.S. In case you are wondering, I have moved from the Dark Side (sales) and now have my own IT business, so this is a suggestion made with some technical background ;)
David Gonenc, Ozan wrote:
I've recently been in touch with Qualys. What you state is correct for the contractor's license. The actual scan engine is located at Qualys. Even if you are conducting testing from an internal network. The appliance simply serves as a proxy for the Qualys remote engine. Cheers, Ozan ______________________________ Ozan Gonenc, B.Sc, ITIL, GCIH Senior IT Security Consultant AEPOS Technologies Corporation 200-200 Rue Montcalm Gatineau, Quebec J8Y 3B5 (819) 772-8522 (W) (819) 772-0449 (F) http://www.aepos.com -----Original Message----- From: prasanna.mukundan () wipro com [mailto:prasanna.mukundan () wipro com] Sent: August 23, 2005 01:19 To: pen-test () securityfocus com Subject: QualysGuard - VA/PT appliance http://www.qualys.com/products/qgcons/ We have are evaluating an appliance by Qualys, called QualysGuard that purportedly "enables security auditors to scope and perform detailed vulnerability assessments anytime, anywhere, using nothing more than a Web browser." Has anyone used this appliance? If so could you give me your feedback on the product?From what I have seen of it in a couple of days, it seems to initiate ascan(for s/w vulnerabilities) from the intranet of a network, but sends the data to the internet/qualys server (and accessed via qualys' website), which imo while have the regulators and auditors screaming. I would appreciate if anyone could confirm/correct that. Thanks, Prasanna Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or Mailadmin () wipro com immediately and destroy all copies of this message and any attachments.
Current thread:
- QualysGuard - VA/PT appliance prasanna.mukundan (Aug 23)
- AW: QualysGuard - VA/PT appliance Engelke, Stephan (Aug 24)
- <Possible follow-ups>
- RE: QualysGuard - VA/PT appliance Gonenc, Ozan (Aug 23)
- Re: QualysGuard - VA/PT appliance David Dischler (Aug 23)
- Re: QualysGuard - VA/PT appliance Norman Girard (Aug 24)
- Re: QualysGuard - VA/PT appliance David Dischler (Aug 23)
- QualysGuard - VA/PT appliance marc bayerkohler (Aug 23)
- RE: QualysGuard - VA/PT appliance Richard Zaluski (Aug 24)
- Re: QualysGuard - VA/PT appliance NewYork User (Aug 24)
- Re: QualysGuard - VA/PT appliance Stefano Zanero (Aug 24)
- Re: QualysGuard - VA/PT appliance Julio Uricari (Aug 24)
- Re: QualysGuard - VA/PT appliance Gary Nichols (Aug 24)
- Re: Re: QualysGuard - VA/PT appliance tervanp (Aug 24)
- RE: QualysGuard - VA/PT appliance prasanna.mukundan (Aug 26)