The Architecture Consists of:
Web User Interface
The Web User Interface provides secure access to QualysGuard at any time, from anywhere. From a standard Web browser users can launch scans, examine vulnerability trends, access fix information and track vulnerability tickets.
Secure Operations Centers (SOCs)
Qualys SOCs provide secure storage and processing of vulnerability data on an n-tiered architecture of load-balanced application servers. High availability, continuously monitored safe datacenters host physically and logically secure databases with encrypted data storage.
The KnowledgeBase contains the intelligence that powers QualysGuard's comprehensive on-demand network security audits and vulnerability management. Qualys updates the KnowledgeBase daily with signatures for new vulnerabilities, validated fixes and signature improvements. Continuous automated updates ensure QualysGuard Web service users that they are always testing for the latest vulnerabilities.
Internet Remote Scanners
QualysGuard's Internet Scanners provide fast and efficient external scanning. Qualys hosts a collection of Internet Scanners optimized to scan publicly facing devices globally via the Internet. In this manner, QualysGuard scans and processes security audits in parallel for optimum speed of operations. The inference-based scanning engine employs an un-trusted approach for greater accuracy and scalability, delivering both accurate results and scalable performance.
QualysGuard Scanners for Internal Scanning
- QualysGuard Scanner Appliance
QualysGuard Scanners are appliance versions of the Internet Remote Scanners. Scanners enable customers to bring QualysGuard's assessment capabilities to their internal networks. Installed in minutes and requiring no maintenance by the user, the hardened Linux appliance needs no special firewall configurations to obtain updates and new vulnerability signatures and perform scan jobs, returning results securely over a standard SSL-encrypted channel.
- QualysGuard Virtual Scanner Appliance
QualysGuard’s software-based virtual scanner appliances are qualified to run on many of the most common virtualization and cloud platforms including VMware and Amazon EC2. These virtualized scanners supplement the current hardware-based QualysGuard Scanner Appliances. Like with the hardware-based scanners, customers can manage the virtual scanners from their QualysGuard accounts via a secure web interface, where all gathered scan data will be available for reporting and remediation. Installed in minutes and requiring no maintenance by the user, scanners needs no special configurations to obtain updates and new vulnerability signatures.
QualysGuard Data Security
The QualysGuard Web service is the first and only solution to encrypt vulnerability data end-to-end, ensuring the data is secure at any time so only customers have access to the scan data. Two-factor RSA SecurID authentication is also available for enterprise customers seeking advanced user authentication in accessing the QualysGuard service. QualysGuard's data security has undergone an annual SSAE 16 SOC 1 Type II audit and a comprehensive penetration test from trusted third parties confirming the security of the architecture.