Solution / Technology Partners
QualysGuard integration with Access Management solutions provide customers with an alternative to manage credentials used for trusted vulnerability scans and compliance scans, using third party solutions.
Help Desk Ticketing Systems
QualysGuard's Trouble Ticketing system can automatically create trouble tickets for remediation using a robust rules engine. Through the QualysGuard Ticket Notification Engine (TNE) and associated ticketing APIs, QualysGuard can provide a seamless transfer of discovered vulnerabilities with many third-party ticketing. This integration enables enterprises to review vulnerability tickets generated by QualysGuard in their own ticketing systems without impacting operational processes.
QualysGuard integration with IDS/IPS solutions provides customers with an automated way to adjust severity level of incident alerts based on host context information provided by QualysGuard. The joint solution delivers to customers a more accurate assessment of the detected incident facilitating remediation prioritization and ultimately reducing the amount of incident response resources consumed by non-critical or non-relevant incidents.
IT Governance, Risk and Compliance (IT-GRC)
QualysGuard integration with IT-GRC solutions allows customers to automatically import vulnerability or compliance information from QualysGuard into their IT-GRC solution. This allows asset owners to report on vulnerabilities and mis-configurations identified on their assets in one single view. They can then assign ownership to the individual issues, track remediation efforts or accept the associated business risk.
QualysGuard integration with Penetration Testing solutions increases the effectiveness of network security assessments by eliminating the manual step of running a scan before performing penetration testing using multiple interfaces. Customers are provided with an automated way to both scan networks against a comprehensive vulnerability database with QualysGuard and then to safely exploit those same vulnerabilities with a penetration test. The integration reduces the amount of time customers spend collecting data from vulnerability scans and performing penetration testing, while lowering costs and making the remediation process more effective.
QualysGuard Integration with Risk Management provides the automation of the entire risk management process which includes network discovery and vulnerability assessment in one comprehensive view for risk analysis and remediation prioritization. It consolidates vulnerability, configuration, and threat data. The joint solution gives enterprises the ability to model their network topology, determine what vulnerabilities are present on their network and understand which vulnerable systems can actually be accessed. All of this information is used to ultimately measure risk for asset groups and prioritize remediation.
QualysGuard Integration with Security Intelligence solutions provides customers with in-depth information on vulnerabilities, zero-day threats and additional correlation services that allow customers to prioritize patching and remediation efforts.
SIEM (Security Information & Event Management)
QualysGuard integration with SIEM solutions enhances correlation and prioritization of security incidents/events by automating the import and aggregation of endpoint vulnerability assessment data. The integration enables the joint solution to automatically launch on-demand scans based on environment changes or policy compliance rules, prioritize events and provide detailed vulnerability information through one central interface.
Web Application Testing
QualysGuard integration with Web Application Testing solutions increases the effectiveness of web application security assessments by providing the scalability and accuracy of automated scanning with the expertise of trained security resources. Customers benefit from a web application security scan against QualysGuard’s comprehensive vulnerability database, and they also gain value from manual validation of the findings and identification of security issues in web application business logic. The integration reduces the time and resources needed to execute a comprehensive web application security-testing program.
Allgress provides affordable software and professional services that enhance an organization’s ability to see clearly the relationship between IT security and risk to the organization.
Our products and services allow CIOs and CISOs to better plan, analyze, manage, and communicate IT security, and to help business managers better understand the business risk inherent in every security decision as well as the security implications in every business decision. Privately held, Allgress was founded in 2006 and is headquartered in Livermore, California.
Allgress extends QualysGuard functionality to help customers visualize the balance between information security strategy and corporate goals. With Allgress’ interactive reporting capabilities and automated workflows, QualysGuard users can manage the information they need to make strategic security decisions.
ArcSight Enterprise Security Manager (ArcSight ESM) provides a real-time threat management solution. ArcSight's ESM collects QualysGuard vulnerability assessment data via a SmartConnector to enable customers to precisely pinpoint the risk level of certain vulnerabilities in their IT environments.
By correlating this information for real-time monitoring it reduces false positives and provides real-time analysis, visualization, reporting, forensic analysis and incident investigation.
Brinqa provides enterprises and government agencies with governance, risk management, and compliance solutions that enable the continuous improvement of operational and regulatory efficiencies and effectiveness. Brinqa’s offering provides a centralized, fully automated, and re-usable governance, risk and compliance (GRC) platform combined with targeted applications to meet program specific GRC needs.
Brinqa’s QualysGuard connector provides a simple mechanism for importing asset, vulnerability and policy compliance data into Brinqa’s Risk Manager. The integrated Brinqa Risk Manager and QualysGuard Vulnerability Manager solution delivers comprehensive and relevant application risk scoring and automated compliance assurance to your enterprise.
Bee Ware provides organizations of all sizes with the means to fight the increasing threats that can impact their activity while ensuring optimum quality of service and performance.
Bee Ware's i-Suite provides an application firewall (WAF), access control (WAM), tools for auditing and traffic monitoring, a Web Services firewall (WSF), and centralized management that significantly reduces deployment costs. Founded in 2002, Bee Ware is present today in Europe in industry, healthcare, finance, and public services.
Bee Ware and Qualys worked jointly to provide a single solution that combines the Web application protection platform i-Suite with QualysGuard Web Application Scanning (WAS), a Web application vulnerability scanner.
Bee Ware’s i-Suite platform is an all-in-one solution capable of protecting and managing all types of Web applications from a single management console. The Web Application Firewall (WAF), Web Services Firewall (WSF), and Web Access Management (WAM) modules provide security for applications while protecting the information system from external attacks and fraudulent login attempts.
Thanks to this integration, IT teams can now provision QualysGuard WAS in Bee Ware i-Suite in a single click, regardless of the number of applications being protected, and easily identify all Web application vulnerabilities (SQL injection, Cross Site Scripting (XSS), Slowloris, etc.) In addition, it offers a consolidated view of the security policies applied to the application infrastructures (automatic building of white lists, reinforcement of controls on sensitive parameters, etc.)
The Citrix NetScaler Application Firewall secures web applications, prevents inadvertent or intentional disclosure of confidential information and aids in compliance with information security regulations such as PCI-DSS. Application Firewall is available as a standalone security appliance or as a fully integrated module of the NetScaler application delivery solution and is included with Citrix NetScaler, Platinum Edition.
QualysGuard Web Application Scanning (WAS) identifies web application vulnerabilities that can then be used to automatically create rules for the NetScaler Application Firewall to prevent malicious users from exploiting the vulnerabilities. Thanks to this integration, customers can quickly mitigate the vulnerabilities discovered by QualysGuard WAS with NetScaler Application Firewall and reduce the risk exposure of the business supported by the vulnerable web applications.
CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. QualysGuard's integration with CoreImpact automatically imports vulnerability assessment results into the CORE IMPACT management console.
The integration reduces the amount of time security consulting organizations and corporations spend collecting data from vulnerability scans and performing penetration testing, while lowering costs and making the remediation process more effective.
Core Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. Core Security helps more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CoreLabs, the company’s innovative security research center.
The CORE Security and Qualys joint solution proactively identifies critical risks in the context of business objectives, operational processes, and regulatory mandates. Security teams can therefore predict threats and effectively communicate their implications to the line of business.
CA Technologies provides IT management solutions that help customers manage and secure complex IT environments to support agile business services.
CA ControlMinder provides organizations with powerful control over privileged users, reducing the risk of compliance failures or a costly security breach. CA ControlMinder is a comprehensive and mature solution that provides both broad and deep capabilities that include fine-grained user access controls, shared account management for privileged user passwords, UNIX to Active Directory authentication bridging, and user activity reporting.
CA ControlMinder allows enterprises to deploy granular policies on multiple platforms, devices and applications, providing the security and tracking required to secure your critical systems while meeting various compliance requirements, all from a single management console.
Cyber-Ark® Software is a global information security company that specializes in protecting and managing privileged users, applications and highly-sensitive information to improve compliance, productivity and protect organizations against insider threats.
With its award-winning Privileged Identity Management (PIM) and Highly-Sensitive Information Management software, organizations can more effectively manage and govern application access while demonstrating returns on security investments. Cyber-Ark works with more than 700 global customers, including more than 35 percent of the Fortune 50. Headquartered in Newton, Mass., Cyber-Ark has offices and authorized partners in North America, Europe and Asia Pacific.
Hitachi ID Systems
Hitachi ID Systems offers comprehensive identity and access management, privileged access management and password management solutions.
Hitachi ID Privileged Access Manager is a system for securing access to privileged accounts. It works by regularly randomizing privileged passwords on workstations, servers, network devices and applications. Random passwords are encrypted and stored on at least two replicated credential vaults.
Password changes and access disclosure are closely controlled and audited, to satisfy policy and regulatory requirements.
Lieberman Software pioneered the privileged identity management space by releasing the first product to this market in 2001. Since then, the company has regularly updated and expanded its privileged password management solution set while growing its customer base in this vibrant and emerging market.
Enterprise Random Password Manager (ERPM) is the first privileged identity management product that automatically discovers, secures, tracks and audits the privileged account passwords in the cross-platform enterprise.
It provides the accountability of showing precisely who had access to sensitive data, at what time and for what stated purpose. By doing so, ERPM helps prevent unauthorized, anonymous access to an organization’s most crucial proprietary data.
Quest is a global software company offering a broad and deep selection of products that target common IT challenges. More than 100,000 worldwide customers enjoy the simplicity of working with a single vendor who can solve so many IT management pains.
Quest One Privileged Password Manager automates, controls and secures the entire process of granting administrators the credentials necessary to perform their duties. QualysGuard scanner appliances can retrieve the required password for trusted scans from Privileged Password Manager to ensure that access is granted according to established policy, with appropriate approvals and that all actions are fully audited and tracked.
Thycotic Software, founded in 1996, is headquartered in Washington, DC, USA and provides secure enterprise password management solutions. Over 30,000 IT admins worldwide trust Thycotic products to manage their passwords.
With Thycotic's Secret Server, an on-premise web-based vault for storing privileged passwords like Windows local administrator passwords, UNIX root passwords and service account passwords, QualysGuard users benefit from an additional layer of protection and tighter control over their critical passwords. Passwords for QualysGuard authenticated scans are be stored in the Secret Server Password repository and never leave the user's perimeter. Users can also leverage Secret Server's ability to log credential usage, restrict access, and periodically rotate credentials to ensure compliance with corporate policies and regulatory requirements.
D2 Exploitation Pack for CANVAS
Immunity CANVAS is the industry's premier penetration testing platform for security professionals. The Immunity-DSquare Security package leverages Immunity's world renowned exploit development techniques along with the cutting edge exploit plug-ins from DSquare Security.
Immunity and DSquare Security integrate seamlessly with your Qualys experience to provide you with unparalleled situational awareness of penetration testing targets. Using the combination of the CANVAS platform with world class exploit developer partnerships will empower your security team to provide you both a productive and accurate pentesting solution.
F5 helps organizations meet the demands of relentless growth in applications, users, and data.
With F5 solutions in place, businesses gain strategic points of control wherever information is exchanged, from client devices and the network to application servers, data storage, and everything in between.
F5 Networks and Qualys have partnered to help enterprises protect mission-critical applications against cyber threats. The joint solution ensures that vulnerabilities in web applications are identified by QualysGuard Web Application Scanning and are quickly protected against by F5® BIG-IP® Application Security ManagerTM (ASM). IT staff can then correct code without undue haste, cost, compliance violations, or business interruption.
Host Integrity Systems, Professional Services and Unitas™
Host Integrity Systems secures integrity for enterprises through discovery, technology, and governance.
Host Integrity Systems works to ensure and educate compliance to domestic and international data privacy issues; performs risk management for identification and categorization of information assets; and optimizes workflow and governance based on category and priority ensuring the company's most critical assets are handled first resulting in compliance and overall integrity to the business system. Keeping to a company's investments in security and alert management software and systems, Host Integrity Systems' remediation and escalation management system, called Unitas™, integrates to your existing technology to unite these separate systems to provide a close-loop system to better optimize your people resources and to focus on those assets with the highest priority and importance to your business.
The Imperva SecureSphere Web Application Firewall (WAF) protects Web applications and sensitive data against sophisticated attacks such as SQL injection, Cross-Site Scripting (XSS) and brute force attacks, stops online identity theft, and prevents data leaks from applications.
QualysGuard's Web application vulnerability scanners combined with Imperva's SecureSphere WAF secures critical business applications and significantly reduces the need for costly emergency fix and test cycles. Organizations using QualysGuard can scan their Web applications for vulnerabilities and then import the scan results into SecureSphere WAF. SecureSphere WAF can instantly mitigate the imported vulnerabilities using a "virtual patch", limiting the window of exposure and business impact.Integration Datasheet
LogRhythm delivers the visibility, insight and situational awareness needed for cyber threat defense, detection and response, compliance automation and assurance, and operational intelligence and optimization. LogRhythm uniquely analyzes and manages network, host, file and user activity data in a highly scalable, integrated solution.
LogRhythm leverages QualysGuard’s open platform and APIs to integrate accurate and timely vulnerability data into LogRhythm’s SIEM 2.0 platform. LogRhythm’s advanced correlation and pattern recognition engine incorporates vulnerability data imported directly from Qualys and automatically prioritizes real-time alerts so that organizations can understand which security threats are the most critical and can respond accordingly.
LockPath addresses the increasingly complex issues of regulatory compliance and risk management in a simple, cost effective way. Its innovative software correlates security information from multiple data sources with current regulations and policies to gauge risk and provide actionable insight.
MetricStream is a market leader in Enterprise wide Governance, Risk and Compliance (GRC) Solutions used by global corporations like Pfizer, Philips, NASDAQ, UBS, SanDisk, Fairchild Semiconductor, Constellation Energy, Cummins and several others.
MetricStream IT-GRC Solution integrates with QualysGuard® Vulnerability Management (VM) provides a single robust framework to automatically monitor and capture all asset and network vulnerabilities, and route them through a systematic process of investigation and remediation.
The MetricStream solution has been integrated with QualysGuard VM through MetricStream’s intelligent connectors, or Infolets, which also enable seamless integration with SIEM, Log Management, Problem Management, Operations and Asset Management systems.
MetricStream GRC Platform is empowering customers to facilitate a holistic and sustainable top-down, risk driven intelligence by integrating Business, Security and IT-GRC on a common architecture.
Modulo is a market leader for IT Governance, Risk and Compliance management (ITGRC). Modulo Risk Manager™ provides organizations with the tools they need to automate the processes required for assessing security and attaining regulatory compliance. Modulo partnered with Qualys to integrate Modulo Risk Manager with QualysGuard.
The combined offering provides global companies with a comprehensive security risk and compliance management solution.
The Modulo Risk Manager software automatically receives vulnerabilities and misconfiguration data collected through QualysGuard scans. This data is aggregated in the Modulo Risk Manager allowing users to easily view the data, providing better tracking, risk assessment and compliance documentation.
NetForensics Security Information Management (SIM) provides decision support for compliance, risk management and business continuity. QualysGuard and netForensics integration provides a centralized solution for correlation, log aggregation, threat analysis, incident response and forensic investigation with the additional value of providing valuable context for the threatened host.
QualysGuard vulnerability details are displayed on demand for any hosts under attack or being investigated by netForensics. This allows users to quickly match attacks and misuse to a host's vulnerabilities as part of the investigation and mitigation process.
Novell Sentinel delivers visibility into an enterprise's network automating the monitoring of an enterprise's IT controls for effectiveness to detect and resolve threats in real time–before they affect the enterprise's business.
By collecting the results of QualysGuard's vulnerability scans and correlating it with the user's intrusion detection sentinel (IDS) data, Sentinel's Exploit Detection functionality can instantly tell the Sentinel user if their infrastructure is at high risk from incoming exploits/malware.
Q1 Labs QRadar
Q1 Labs QRadar goes beyond traditional security information/event management (SIEM) to create a command-and-control center. QRadar combines, analyzes and manages an unequalled set of surveillance data–network behavior, security events, vulnerability profiles and threat information–to empower enterprises to manage business operations on their networks efficiently from a single console.
QualysGuard integration with QRadar provides vulnerability information that is used in powerful analysis of network assets and network activity, resulting in a more intelligent assessment of your network and potential threats to it.
QualysGuard Ticket Notification Engine
Qualys has built a highly customizable ticket notification engine (TNE) provided as RPM packages, which sends SMTP messages to in-house ticketing systems or third-party applications such as CA Service Center, BMC Magic Service Desk, HP Service Desk, Bugzilla, and others that can support SMTP as a way to open new trouble tickets.
Using QualysGuard's own APIs, the TNE can be configured to present all tickets or only a select few to designated individuals based on specific criteria defined by the user.
RedSeal's solutions enable companies to quantify overall security, assess critical areas of risk and validate that their security infrastructure successfully stops attacks.
Integration of Redseal SRM with QualysGuard gives enterprises the ability to model their network topology, determine what vulnerabilities are present on their network and understand which vulnerable systems can actually be accessed based upon the network traffic filtering policies. All of this information is used to ultimately measure risk for asset groups and prioritize remediation.
The integration of Risk I/O with QualysGuard gives enterprises the ability to identify vulnerabilities across every layer of their technology stack, to manage the remediation of these vulnerabilities, and to gauge their overall vulnerability management performance.
Risk I/O supports the QualysGuard vulnerability management solution right out of the box, making it easy to connect the vulnerability data with asset information for better prioritization, and dramatically shrink the time from detection to close. As a simple out-of-the-box connector, it enables users to pull in their latest vulnerability scan data directly from QualysGuard and aggregate, correlate and risk rank them across their entire set of security vulnerabilities.
RSA Archer Technologies
RSA Archer Technologies is a leading provider of automated enterprise risk and compliance management solutions. Archer leverages the QualysGuard API to import detailed scan reports into the Archer Threat Management solution.
This allows clients to link QualysGuard scans with other business-critical data such as vulnerability information from threat feeds (VeriSign® iDefense®, Symantec™ and Cisco®), asset information from the Archer Asset Management solution, and policies and authoritative sources from the Archer Policy Management solution. By linking this information within Archer, clients can reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls.
The RSA enVision platform is designed to give organizations a single, integrated 3-in-1 log management solution for Security Information and Event Management to simplify compliance; enhance the efficiency and effectiveness of security operations and risk mitigation; and optimize IT and network operations.
The RSA enVision platform provides automated collection, analysis, alerting, auditing, reporting and storage of IT log data.
RSA, The Security Division of EMC, helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's technology, business and industry solutions help organizations bring trust to millions of user identities, the activities that they perform and the data that is generated.
Rsam is a leading provider of Governance, Risk and Compliance (GRC) solutions that seamlessly integrates business criticality, regulatory assessment data, vulnerabilities and findings to deliver enterprise-wide visibility, oversight and assurance. Rsam integrates with both QualysGuard VM and QualysGuard PC products.
Joint customers leverage QualysGuard VM via Rsam to pull in vulnerability scan results for a clearer view of GRC status. Pulling in QualysGuard PC data enables customers to measure compliance checks results against a broader risk and compliance picture.
Through this integration customers are able to quickly track vulnerabilities, non-compliance items, related remediation plans and timeframes, and create dashboards and metrics in Rsam to gain visibility into the company's global risk and compliance posture.
Skybox View® is an integrated family of Security Risk Management applications. QualysGuard integration with Skybox Security Risk Management (SRM) provides real-time updates of asset vulnerability data.
As new hosts and vulnerabilities are discovered by QualysGuard, this information becomes immediately available in Skybox View's network model, and automatically evaluated in the attack simulation and risk calculation engine.
The StillSecure Enterprise Integration Framework includes a set of APIs that extend VAM capabilities, allowing users to import and export data into and out of VAM. This provides an interface framework for integrating VAM with existing IT systems. Using the Qualys connector, organizations can easily import devices scanned by Qualys into VAM for management.
Through the integration, joint StillSecure and Qualys customers can better manage their organization's risk by proactively identifying, tracking, and managing the repair of critical network vulnerabilities. Organizations importing QualysGuard data into VAM adopt an auditable workflow process that focuses remediation efforts on the highest priority devices before they are exploited.
Sourcefire 3D System
Sourcefire, Inc. (Nasdaq:FIRE), is a world leader in cybersecurity. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risk. Sourcefire's IPS and real-time adaptive security solutions provide security for the real world of dynamic networks and escalating threats.
Today, the names Sourcefire and Snort® have grown synonymous with innovation and cybersecurity.
The award-winning Sourcefire 3D® System is a Real-time Adaptive Security solution that leverages Snort, the de facto standard for intrusion detection and prevention (IDS/IPS). One of the core components of the 3D System is Sourcefire RNA® (Real-time Network Awareness). RNA passively aggregates network intelligence and presents a real-time inventory of operating systems, applications, and potential vulnerabilities on the network. The 3D System imports QualysGuard scan data into the RNA host database, providing a unique combination of "always-on" passive discovery and accurate vulnerability scanning. Users can quickly determine if a host is vulnerable to a given exploit, saving valuable analysis time. The 3D System can automatically initiate a QualysGuard scan whenever it detects a new host or application, minimizing the risk that hosts with critical vulnerabilities are connected with the network.
Symantec™ Security Management System (SSMS) provides a scalable, high-performance solution for centralized logging, alerting and reporting. The vulnerabilities identified by QualysGuard scans can be viewed within Symantec Enterprise Security Architecture (SESA) and correlated to other security alerts in Symantec Incident Manager.
SESA is the security platform that powers the Symantec Security Management System. Symantec Incident Manager correlates security events in real time across disparate security technologies and network tiers to identify, prioritize and coordinate the resolution of security incidents.
TriGeo SIM is a SIEM appliance that automatically identifies and responds to network attacks, suspicious behavior and policy violations.
Designed specifically for the needs of the mid market, TriGeo SIM is unique in its ability to actively defend the network with hundreds of highly targeted correlation rules and active responses that include the ability to quarantine, block, route and control services, processes, accounts, privileges and more.
Trigeo correlates security events with vulnerabilities reported by QualysGuard to provide critical insight that delivers customers both situational awareness and actionable information with enterprise-wide visibility from the perimeter to the endpoint.
VeriSign® iDefense® Security Intelligence Services deliver actionable intelligence related to vulnerabilities, malicious code and geopolitical threats to protect enterprise IT assets and critical infrastructure from attack.
IDefense leverages an extensive intelligence gathering network, proven methodology and highly skilled security analysts that span seven specialized intelligence teams to deliver deep analysis that goes well beyond the basic notification of a threat.
iDefense Exclusives into QualysGuard VM
The integration of iDefense with QualysGuard offers 2 new services to customers. Through the first of these services, iDefense has made its iDefense Exclusives security vulnerability data available through QualysGuard VM. Availability of iDefense Exclusives enables Qualys to create scan signatures for zero-day vulnerabilities. This enhancement to QualysGuard VM offers security teams more efficient and accurate risk mitigation capability against zero-day threats and vulnerabilities.
VeriSign® iDefense® Integration Service for QualysGuard® VM
Additionally, the iDefense security intelligence data is integrated with QualysGuard VM to enable customers with the ability to correlate iDefense vulnerability reports with Qualys scan data against IT assets to prioritize vulnerabilities based on severity, business criticality and relevance to the organization. This integration capability, available on the iDefense portal, helps security teams prioritize patch deployments and remediation efforts particularly between full vulnerability scan cycles of their environments.
iViZ Security is the industry's premier cloud-based penetration testing service for web applications. Unlike consultants who are expensive, iViZ delivers consultant-grade quality testing in a SaaS-based, cost-effective subscription model. iViZ provides a "Zero False Positives Guarantee" and advanced business logic testing by leveraging its patent pending "hybrid approach" that integrates automation with manual testing by security experts. More than 300 customers worldwide use iViZ for greater quality, scalability and cost effectiveness.
Qualys and iViZ have partnered to combine the highly automated testing of QualysGuard Web Application Scanning (WAS) with iViZ Penetration Testing Technology and comprehensive manual testing to effectively protect web sites and web applications against possible attacks. The iViZ service will provide a Zero False Positive Guarantee and Business Logic Testing covering 100% of the Web Application Security Consortium (WASC) classes.
The solution is aimed at solving the problem of the significant shortage of trained security professionals that organizations need to hire and retain to secure their web applications. Automated scanning with false positive removal and Business Logic Testing will help organizations solve the problem of scaling security testing without hiring additional people.