The mapping functionality of QualysGuard is feature of QualysGuard that can be used without limitation - even
for customers with a limited number of scans. The purpose of mapping is for network discovery since accurate inventories
of assets are a crucial step in understanding network topology and identifying potential entry points where vulnerabilities
could be exploited by hackers.
By identifying rogue systems as they appear on the network, administrators can maintain security policies and prevent attacks
from entering via these unauthorized systems. QualysGuard's network mapping feature provides a visual representation of the
entire network and identifies all devices that are live and respond to network traffic. Information gathered in this discovery
phase is collected and immediately available for stand-alone or differential reports.
QualysGuard's has the unique capability to produce a full inventory and map report of a corporate network and compare it to a
specified baseline consisting of IP ranges or specific DNS configuration. This allows QualysGuard subscribers to specify what
their approved network assets are supposed to look like (perimeter and internal network) and then be able to map and report
exceptions to it. By regularly monitoring the network and providing differential analysis, administrators can prevent
unauthorized systems from being added to the network. Without such differential analysis, security personnel will need to
have an intrinsic and detailed knowledge of the network which is an impossible task - especially, in distributed enterprise
environments.
QualysGuard dynamic map reports automate the identification/analysis process and allow users to quickly identify systems that
have been added or removed from their networks or detect devices that have been maliciously placed on their networks without
proper authorization. The entire network mapping process can be automated to occur on a regular basis and differential
reports from the base line can be generated with a push of a button (see report below).
Figure 1: QualysGuard Differential Map Reports
(Click to enlarge)
Additionally, email alerts will notify the user at the end of each map with a summary status of any changes to the network for
further investigation. The email below shows an example of a notification which summarizes that 34 new devices were found.
Figure 2: QualysGuard Email Notification for Maps
In summary, Map reports in QualysGuard allow users to compare the results of saved network maps and identify any changes.
Users can run an unlimited number of maps. Users can compare the results of two saved maps (or compare the results of one
map to a list of approved IP addresses) and generate dynamic map reports in HTML, XML, and PDF formats to accomplish any
of the following:
 |
1) |
|
Identify hosts that have been added or removed from the network
|
| |
2) |
|
Detect devices that have been placed on your network without authorization
|
| |
3) |
|
Sort data from saved map reports
|
| |
4) |
|
Filter the range of IPs included in the map report |
If you have any questions about your account,
please contact us at
support@qualys.com or toll free at (US: 1 (866) 801 6161, EMEA: +33 (0) 1 44 17 00 41)
