Cloud solution for expanding VM programs with configuration scanning and simplified workflows to address configuration issues
Qualys SCA is an add-on for Qualys Vulnerability Management that lets you assess, report, monitor and remediate security-related configuration issues based on the Center for Internet Security (CIS) benchmark. It supports the latest out-of-the-box CIS benchmark releases of operating systems, databases, applications and network devices.
Accountability for controls
Qualys SCA controls are developed and validated in-house by Qualys security experts and certified by CIS. The controls are optimized for performance, scalability, and accuracy. Qualys SCA can be used in IT environments of any size, from small ones to the largest.
Ease of use
SCA provides CIS assessment via a web-based user interface and delivered via the Qualys Cloud Platform, enabling centralized management with minimal deployment overhead. CIS controls can be selected and customized per an organization’s security policies. This eliminates the cost, resource and deployment issues associated with traditional configuration management software point products.
Remote scanning and auto-discovery of instances
SCA uses the same data collection technologies as Qualys Policy Compliance and VM, allowing for agent or agentless data collection, allowing customers to better safeguard global endpoints, on-premises and cloud assets against today’s evolving cyber threats. SCA also lets organizations integrate security best practices with their DevSecOps environments.
Reports and dashboards
SCA users can schedule assessments, automatically create downloadable reports of configuration issues, and view dashboards for improving their security posture. This brings full circle Qualys SCA’s automation of security best practices behind leading benchmarks, enabling a proactive approach towards digital business security.
Powered by the Qualys Cloud Platform
See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all of their IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.
Centralized & customized
Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption & strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.
Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, no software to install, and no databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.
Scalable and extensible
Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.