Search

Easy to use, efficient and open XML APIs enable developers to seamlessly integrate the Qualys security and compliance suite into their own applications.

Find a Technology Partner

Qualys is integrated with leading security solutions and technologies in these spaces:

Access Management

Qualys integration with Access Management solutions provide customers with an alternative to manage credentials used for trusted vulnerability scans and compliance scans, using third party solutions.

+
+
+
+
+
+

Help Desk Ticketing Systems

Qualys' Trouble Ticketing system can automatically create trouble tickets for remediation using a robust rules engine. Through the Qualys Ticket Notification Engine (TNE) and associated ticketing APIs, Qualys can provide a seamless transfer of discovered vulnerabilities with many third-party ticketing. This integration enables enterprises to review vulnerability tickets generated by Qualys in their own ticketing systems without impacting operational processes.

+

IDS/IPS

Qualys integration with IDS/IPS solutions provides customers with an automated way to adjust severity level of incident alerts based on host context information provided by Qualys. The joint solution delivers to customers a more accurate assessment of the detected incident facilitating remediation prioritization and ultimately reducing the amount of incident response resources consumed by non-critical or non-relevant incidents.

+
+

IT GRC

Qualys integration with IT-GRC solutions allows customers to automatically import vulnerability or compliance information from Qualys into their IT-GRC solution. This allows asset owners to report on vulnerabilities and mis-configurations identified on their assets in one single view. They can then assign ownership to the individual issues, track remediation efforts or accept the associated business risk.

+
+
+
+
+
+
+
+

Penetration Testing

Qualys integration with Penetration Testing solutions increases the effectiveness of network security assessments by eliminating the manual step of running a scan before performing penetration testing using multiple interfaces. Customers are provided with an automated way to both scan networks against a comprehensive vulnerability database with Qualys and then to safely exploit those same vulnerabilities with a penetration test. The integration reduces the amount of time customers spend collecting data from vulnerability scans and performing penetration testing, while lowering costs and making the remediation process more effective.

+
+

Risk Management

Qualys Integration with Risk Management provides the automation of the entire risk management process which includes network discovery and vulnerability assessment in one comprehensive view for risk analysis and remediation prioritization. It consolidates vulnerability, configuration, and threat data. The joint solution gives enterprises the ability to model their network topology, determine what vulnerabilities are present on their network and understand which vulnerable systems can actually be accessed. All of this information is used to ultimately measure risk for asset groups and prioritize remediation.

+
+
+
+
+
+
+
+
+
+
+
+
+

Security Intelligence

Qualys Integration with Security Intelligence solutions provides customers with in-depth information on vulnerabilities, zero-day threats and additional correlation services that allow customers to prioritize patching and remediation efforts.

+
+
+
+

Server Configuration Management

+

SIEM

Qualys integration with SIEM solutions enhances correlation and prioritization of security incidents/events by automating the import and aggregation of endpoint vulnerability assessment data. The integration enables the joint solution to automatically launch on-demand scans based on environment changes or policy compliance rules, prioritize events and provide detailed vulnerability information through one central interface.

+
+
+
+
+
+
+
+
+
+
+

Web Application Firewall

+
+
+
+

Web Application Testing

Qualys integration with Web Application Testing solutions increases the effectiveness of web application security assessments by providing the scalability and accuracy of automated scanning with the expertise of trained security resources. Customers benefit from a web application security scan against Qualys’ comprehensive vulnerability database, and they also gain value from manual validation of the findings and identification of security issues in web application business logic. The integration reduces the time and resources needed to execute a comprehensive web application security-testing program.

+
Access Management

CA Technologies

http://www.ca.com/

CA Technologies provides IT management solutions that help customers manage and secure complex IT environments to support agile business services.

CA ControlMinder provides organizations with powerful control over privileged users, reducing the risk of compliance failures or a costly security breach. CA ControlMinder is a comprehensive and mature solution that provides both broad and deep capabilities that include fine-grained user access controls, shared account management for privileged user passwords, UNIX to Active Directory authentication bridging, and user activity reporting.

CA ControlMinder allows enterprises to deploy granular policies on multiple platforms, devices and applications, providing the security and tracking required to secure your critical systems while meeting various compliance requirements, all from a single management console.

Access Management

CyberArk®

http://www.cyberark.com/

CyberArk® Software is a global information security company that specializes in protecting and managing privileged users, applications and highly-sensitive information to improve compliance, productivity and protect organizations against insider threats.

With its award-winning Privileged Identity Management (PIM) and Highly-Sensitive Information Management software, organizations can more effectively manage and govern application access while demonstrating returns on security investments. CyberArk works with more than 700 global customers, including more than 35 percent of the Fortune 50. Headquartered in Newton, Mass., CyberArk has offices and authorized partners in North America, Europe and Asia Pacific.

Access Management

Hitachi ID Systems

http://www.hitachi-id.com/

Hitachi ID Systems offers comprehensive identity and access management, privileged access management and password management solutions.

Hitachi ID Privileged Access Manager is a system for securing access to privileged accounts. It works by regularly randomizing privileged passwords on workstations, servers, network devices and applications. Random passwords are encrypted and stored on at least two replicated credential vaults.

Password changes and access disclosure are closely controlled and audited, to satisfy policy and regulatory requirements.

Access Management

Lieberman Software

http://www.liebsoft.com/

Lieberman Software pioneered the privileged identity management space by releasing the first product to this market in 2001. Since then, the company has regularly updated and expanded its privileged password management solution set while growing its customer base in this vibrant and emerging market.

Enterprise Random Password Manager (ERPM) is the first privileged identity management product that automatically discovers, secures, tracks and audits the privileged account passwords in the cross-platform enterprise.

It provides the accountability of showing precisely who had access to sensitive data, at what time and for what stated purpose. By doing so, ERPM helps prevent unauthorized, anonymous access to an organization's most crucial proprietary data.

Access Management

Quest

http://www.quest.com/

Quest is a global software company offering a broad and deep selection of products that target common IT challenges. More than 100,000 worldwide customers enjoy the simplicity of working with a single vendor who can solve so many IT management pains.

Quest One Privileged Password Manager automates, controls and secures the entire process of granting administrators the credentials necessary to perform their duties. Qualys scanner appliances can retrieve the required password for trusted scans from Privileged Password Manager to ensure that access is granted according to established policy, with appropriate approvals and that all actions are fully audited and tracked.

Access Management

Thycotic Software

http://www.thycotic.com/

Thycotic Software, founded in 1996, is headquartered in Washington, DC, USA and provides secure enterprise password management solutions. Over 30,000 IT admins worldwide trust Thycotic products to manage their passwords.

With Thycotic's Secret Server, an on-premise web-based vault for storing privileged passwords like Windows local administrator passwords, UNIX root passwords and service account passwords, Qualys users benefit from an additional layer of protection and tighter control over their critical passwords. Passwords for Qualys authenticated scans are be stored in the Secret Server Password repository and never leave the user's perimeter. Users can also leverage Secret Server's ability to log credential usage, restrict access, and periodically rotate credentials to ensure compliance with corporate policies and regulatory requirements.

Help Desk Ticketing Systems

Qualys Ticket Notification Engine

Qualys has built a highly customizable ticket notification engine (TNE) provided as RPM packages, which sends SMTP messages to in-house ticketing systems or third-party applications such as CA Service Center, BMC Magic Service Desk, HP Service Desk, Bugzilla, and others that can support SMTP as a way to open new trouble tickets.

Using Qualys' own APIs, the TNE can be configured to present all tickets or only a select few to designated individuals based on specific criteria defined by the user.

IDS/IPS

HP TippingPoint

http://www8.hp.com/us/en/software-solutions/network-security/index.html

HP TippingPoint network security solutions deliver actionable threat intelligence to protect against zero day vulnerabilities, unknown threats and targeted attacks in real time with virtual patching from Digital Vaccine® Labs (DVLabs); unparalleled visibility and analytics to provide the insight and context needed to drive informed security decisions; and operational simplicity through flexible physical and virtual deployment options that are easy to set up and manage with out-of-the-box recommended settings to provide immediate and ongoing threat protection.

HP TippingPoint's Enterprise Vulnerability Remediation (eVR) feature enhances customers' visibility into their networks so they can take immediate action on the vulnerabilities in their network. Qualys customers who leverage TippingPoint solutions can import vulnerability scan results into the TippingPoint Security Management System (SMS) to correlate the CVEs from the scan to the CVEs of the TippingPoint Digital Vaccine filters. Customers will receive policy adjustment recommendations tuned against their specific deployment that will reduce administration time, increase security coverage, reduce unnecessary notifications and provide a big picture view into their overall security posture.

IDS/IPS

Sourcefire 3D System

http://www.sourcefire.com/

Sourcefire, Inc. (Nasdaq:FIRE), is a world leader in cybersecurity. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risk. Sourcefire's IPS and real-time adaptive security solutions provide security for the real world of dynamic networks and escalating threats.

Today, the names Sourcefire and Snort® have grown synonymous with innovation and cybersecurity.

The award-winning Sourcefire 3D® System is a Real-time Adaptive Security solution that leverages Snort, the de facto standard for intrusion detection and prevention (IDS/IPS). One of the core components of the 3D System is Sourcefire RNA® (Real-time Network Awareness). RNA passively aggregates network intelligence and presents a real-time inventory of operating systems, applications, and potential vulnerabilities on the network. The 3D System imports Qualys scan data into the RNA host database, providing a unique combination of "always-on" passive discovery and accurate vulnerability scanning. Users can quickly determine if a host is vulnerable to a given exploit, saving valuable analysis time. The 3D System can automatically initiate a Qualys scan whenever it detects a new host or application, minimizing the risk that hosts with critical vulnerabilities are connected with the network.

IT GRC

Agiliance

http://www.agiliance.com/

Agiliance is the leading independent provider of Integrated Risk Management solutions for Governance and Security programs. Agiliance RiskVision is automating how Global 2000 companies and government agencies achieve continuous monitoring of big data across financial, operations, and IT domains to orchestrate incident, threat, and vulnerability actions in real time. Its real-time risk analysis optimizes business performance and enables better investment decisions.

The Agiliance and Qualys joint solution combines vulnerability and asset data from Qualys with RiskVision's real-time business and security data to provide customers with an always-on, always-current view of their security risk postures. This gives security response teams instant feedback on remediation effectiveness to more efficiently meet stringent security policies and regulatory compliance mandates.

IT GRC

Allgress

http://www.allgress.com/

Allgress provides affordable software and professional services that enhance an organization's ability to see clearly the relationship between IT security and risk to the organization.

Our products and services allow CIOs and CISOs to better plan, analyze, manage, and communicate IT security, and to help business managers better understand the business risk inherent in every security decision as well as the security implications in every business decision. Privately held, Allgress was founded in 2006 and is headquartered in Livermore, California.

Allgress extends Qualys functionality to help customers visualize the balance between information security strategy and corporate goals. With Allgress' interactive reporting capabilities and automated workflows, Qualys users can manage the information they need to make strategic security decisions.

IT GRC

LockPath

http://www.lockpath.com

LockPath addresses the increasingly complex issues of regulatory compliance and risk management in a simple, cost effective way. Its innovative software correlates security information from multiple data sources with current regulations and policies to gauge risk and provide actionable insight.

IT GRC

MetricStream

http://www.metricstream.com

MetricStream is a market leader in Enterprise wide Governance, Risk and Compliance (GRC) Solutions used by global corporations like Pfizer, Philips, NASDAQ, UBS, SanDisk, Fairchild Semiconductor, Constellation Energy, Cummins and several others.

MetricStream IT-GRC Solution integrates with Qualys Vulnerability Management (VM) provides a single robust framework to automatically monitor and capture all asset and network vulnerabilities, and route them through a systematic process of investigation and remediation.

The MetricStream solution has been integrated with Qualys VM through MetricStream's intelligent connectors, or Infolets, which also enable seamless integration with SIEM, Log Management, Problem Management, Operations and Asset Management systems.

MetricStream GRC Platform is empowering customers to facilitate a holistic and sustainable top-down, risk driven intelligence by integrating Business, Security and IT-GRC on a common architecture.

IT GRC

Modulo

http://www.modulo.com/

Modulo is a market leader for IT Governance, Risk and Compliance management (ITGRC). Modulo Risk Manager provides organizations with the tools they need to automate the processes required for assessing security and attaining regulatory compliance. Modulo partnered with Qualys to integrate Modulo Risk Manager with Qualys.

The combined offering provides global companies with a comprehensive security risk and compliance management solution.

The Modulo Risk Manager software automatically receives vulnerabilities and misconfiguration data collected through Qualys scans. This data is aggregated in the Modulo Risk Manager allowing users to easily view the data, providing better tracking, risk assessment and compliance documentation.

IT GRC

RSA Archer Technologies

http://www.emc.com/security/rsa-archer-governance-risk-compliance/index.htm

RSA Archer Technologies is a leading provider of automated enterprise risk and compliance management solutions. Archer leverages the Qualys API to import detailed scan reports into the Archer Threat Management solution.

This allows clients to link Qualys scans with other business-critical data such as vulnerability information from threat feeds (VeriSign® iDefense®, Symantec and Cisco®), asset information from the Archer Asset Management solution, and policies and authoritative sources from the Archer Policy Management solution. By linking this information within Archer, clients can reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls.

IT GRC

Rsam

http://www.rsam.com

Rsam is a leading provider of Governance, Risk and Compliance (GRC) solutions that seamlessly integrates business criticality, regulatory assessment data, vulnerabilities and findings to deliver enterprise-wide visibility, oversight and assurance. Rsam integrates with both Qualys VM and Qualys PC products.

Joint customers leverage Qualys VM via Rsam to pull in vulnerability scan results for a clearer view of GRC status. Pulling in Qualys PC data enables customers to measure compliance checks results against a broader risk and compliance picture.

Through this integration customers are able to quickly track vulnerabilities, non-compliance items, related remediation plans and timeframes, and create dashboards and metrics in Rsam to gain visibility into the company's global risk and compliance posture.

IT GRC

TraceSecurity

http://www.tracesecurity.com/

As the leading pioneer in cloud-based information security solutions, TraceSecurity provides risk management and compliance solutions for organizations that need to protect critical data or meet IT security mandates. With a unique combination of people, processes and technology, TraceSecurity gives decision makers a holistic view of their security posture and enables them to achieve effective data protection and automatic compliance.

TraceSecurity's award-winning solution, TraceCSO, enables Qualys users to manage their vulnerability scan results within TraceCSO's centralized interface and then use that data throughout TraceCSO's risk management, IT auditing and GRC solutions. By streamlining and assuring effective IT GRC management, TraceSecurity dramatically reduces the complexities of every-changing threats and technology — and empowers organizations to better pursue their strategic objectives.

Penetration Testing

Core Security

http://www.coresecurity.com/

Core Security
CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. Qualys' integration with CoreImpact automatically imports vulnerability assessment results into the CORE IMPACT management console.

The integration reduces the amount of time security consulting organizations and corporations spend collecting data from vulnerability scans and performing penetration testing, while lowering costs and making the remediation process more effective.

Penetration Testing

D2 Exploitation Pack for CANVAS

http://www.d2sec.com/

Immunity CANVAS is the industry's premier penetration testing platform for security professionals. The Immunity-DSquare Security package leverages Immunity's world renowned exploit development techniques along with the cutting edge exploit plug-ins from DSquare Security.

Immunity and DSquare Security integrate seamlessly with your Qualys experience to provide you with unparalleled situational awareness of penetration testing targets. Using the combination of the CANVAS platform with world class exploit developer partnerships will empower your security team to provide you both a productive and accurate pentesting solution.

Risk Management

Agiliance

http://www.agiliance.com/

Agiliance is the leading independent provider of Integrated Risk Management solutions for Governance and Security programs. Agiliance RiskVision is automating how Global 2000 companies and government agencies achieve continuous monitoring of big data across financial, operations, and IT domains to orchestrate incident, threat, and vulnerability actions in real time. Its real-time risk analysis optimizes business performance and enables better investment decisions.

The Agiliance and Qualys joint solution combines vulnerability and asset data from Qualys with RiskVision's real-time business and security data to provide customers with an always-on, always-current view of their security risk postures. This gives security response teams instant feedback on remediation effectiveness to more efficiently meet stringent security policies and regulatory compliance mandates.

Risk Management

Algosec

http://www.algosec.com/

AlgoSec is the market leader for security policy management, enabling organizations to simplify and automate security operations in evolving data centers and networks. The AlgoSec Security Management Suite integrates with Qualys Vulnerability Management (VM) to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers.

Risk Management

Bay Dynamics

http://baydynamics.com/

Bay Dynamics® is the market leader in cyber risk predictive analytics providing actionable visibility into organizations’ cybersecurity blind spots, complete with business risks and threats. The company’s purpose-built Risk Fabric® platform assembles and correlates relevant data from existing tools in a novel patented way to provide actionable cyber risk insights, before it’s too late. Bay Dynamics enables some of the world’s largest organizations to understand the state of their cybersecurity posture, including contextual awareness of what their insiders, vendors and bad actors are doing, which is key to effective cyber risk management.

Bay Dynamics Risk Fabric integration with Qualys enables organizations to effectively manage cyber risk and maintain a healthy cybersecurity posture. Bay Dynamics Risk Fabric Platform with its user behavior and predictive analytics approach, assembles and correlates relevant vulnerability and compliance data from Qualys along with other existing tools to provide actionable insights into cybersecurity blind spots. The integration is seamlessly enabled by an out-of-the-box connector. Bay Dynamics Risk Fabric and Qualys work together to provide visibility into critical threats and help prioritize response based on comprehensive threat visibility.

Risk Management

Brinqa

http://www.brinqa.com/

Brinqa provides enterprises and government agencies with governance, risk management, and compliance solutions that enable the continuous improvement of operational and regulatory efficiencies and effectiveness. Brinqa's offering provides a centralized, fully automated, and re-usable governance, risk and compliance (GRC) platform combined with targeted applications to meet program specific GRC needs.

Brinqa's Qualys connector provides a simple mechanism for importing asset, vulnerability and policy compliance data into Brinqa's Risk Manager. The integrated Brinqa Risk Manager and Qualys Vulnerability Manager solution delivers comprehensive and relevant application risk scoring and automated compliance assurance to your enterprise.

Risk Management

Core Security

http://www.coresecurity.com/

Core Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. Core Security helps more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CoreLabs, the company's innovative security research center.

The CORE Security and Qualys joint solution proactively identifies critical risks in the context of business objectives, operational processes, and regulatory mandates. Security teams can therefore predict threats and effectively communicate their implications to the line of business.

Risk Management

FireMon

http://www.firemon.com/

FireMon is the industry leader in providing enterprises, government and managed services providers with advanced security management solutions that deliver deeper visibility and tighter control over their network security infrastructure.

The integrated FireMon solution suite — Security Manager, Policy Planner and Risk Analyzer — enables customers to identify network risk, proactively prevent access to vulnerable assets, clean up firewall policies, automate compliance, strengthen security throughout the organization, and reduce the cost of security operations.

Risk Management

Host Integrity Systems, Professional Services and Unitas

http://hostintegritysystems.com/

Host Integrity Systems secures integrity for enterprises through discovery, technology, and governance.

Host Integrity Systems works to ensure and educate compliance to domestic and international data privacy issues; performs risk management for identification and categorization of information assets; and optimizes workflow and governance based on category and priority ensuring the company's most critical assets are handled first resulting in compliance and overall integrity to the business system. Keeping to a company's investments in security and alert management software and systems, Host Integrity Systems' remediation and escalation management system, called Unitas, integrates to your existing technology to unite these separate systems to provide a close-loop system to better optimize your people resources and to focus on those assets with the highest priority and importance to your business.

Risk Management

Kenna

https://www.kennasecurity.com/

Kenna is a software-as-a-service Vulnerability and Risk Intelligence platform that accurately measures risk and prioritizes remediation efforts before an attacker can exploit an organization's weaknesses. Kenna automates the correlation of vulnerability data, threat data, and zero-day data, analyzing security vulnerabilities against active Internet breaches so that InfoSec teams can prioritize remediations and report on their overall risk posture.

Kenna supports the Qualys vulnerability management solution right out-of-the-box, making it easy to consume the latest Qualys scan data. Kenna adds real-time context using threat intelligence data sources such as AlienVault OTX, Dell CTU, Metasploit, ExploitDB and Verisign iDefense. Contextualizing vulnerabilities with what is happening this minute in the real-world allows you to automatically identify weaknesses based on your unique environment, allowing you to save massive amounts of time in your vulnerability management process.

Kenna groups assets for easy monitoring, measurement and reporting on risk. Dashboard reports can be used to visualize your exposure at-a-glance and track the your risk trend over time. And rather than basing your exposure on vulnerability counts, visualize your trending risk in real time. When everyone in your organization has access to the same view of your risk, communicating and understanding your risk posture is simple.

Kenna also matches available patches with vulnerabilities in your environment and helps you prioritize which remediations will truly make an impact. Find out what to fix first (and why), and make remediation decisions backed by analytical rigor to take meaningful actions.

Remediate vulnerabilities that provide the greatest reduction in risk based on real-world threat intelligence, not just internal weaknesses with Kenna. Know the exact "fix" to give your Development team and confirm proper remediation and prove your actions with data.

Risk Management

NopSec

http://www.nopsec.com

NopSec, Inc is an industry leader in aggregating, normalizing and enriching vulnerability data to help organizations visualize and optimize the vulnerability remediation workflow in a resource constrained world.

NopSec's Unified VRM solution enables security teams to forecast the risk reduction associated with IT remediation tasks, allowing companies to leverage data analytics to make intelligent decisions on where to apply precious resources. Founded by industry veterans, NopSec was named "Top Tech Innovators" by Dell SecureWorks and "Emerging Vendors" for the security sector by CRN.

Risk Management

RedSeal

http://www.redseal.net/

RedSeal's solutions enable companies to quantify overall security, assess critical areas of risk and validate that their security infrastructure successfully stops attacks.

Integration of RedSeal SRM with Qualys gives enterprises the ability to model their network topology, determine what vulnerabilities are present on their network and understand which vulnerable systems can actually be accessed based upon the network traffic filtering policies. All of this information is used to ultimately measure risk for asset groups and prioritize remediation.

Risk Management

RSA Archer Technologies

http://www.emc.com/security/rsa-archer-governance-risk-compliance/index.htm

RSA Archer Technologies is a leading provider of automated enterprise risk and compliance management solutions. Archer leverages the Qualys API to import detailed scan reports into the Archer Threat Management solution.

This allows clients to link Qualys scans with other business-critical data such as vulnerability information from threat feeds (VeriSign® iDefense®, Symantec and Cisco®), asset information from the Archer Asset Management solution, and policies and authoritative sources from the Archer Policy Management solution. By linking this information within Archer, clients can reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls.

Risk Management

Skybox View

http://www.skyboxsecurity.com/

Skybox View® is an integrated family of Security Risk Management applications. Qualys integration with Skybox Security Risk Management (SRM) provides real-time updates of asset vulnerability data.

As new hosts and vulnerabilities are discovered by Qualys, this information becomes immediately available in Skybox View's network model, and automatically evaluated in the attack simulation and risk calculation engine.

Risk Management

TraceSecurity

http://www.tracesecurity.com/

As the leading pioneer in cloud-based information security solutions, TraceSecurity provides risk management and compliance solutions for organizations that need to protect critical data or meet IT security mandates. With a unique combination of people, processes and technology, TraceSecurity gives decision makers a holistic view of their security posture and enables them to achieve effective data protection and automatic compliance.

TraceSecurity's award-winning solution, TraceCSO, enables Qualys users to manage their vulnerability scan results within TraceCSO's centralized interface and then use that data throughout TraceCSO's risk management, IT auditing and GRC solutions. By streamlining and assuring effective IT GRC management, TraceSecurity dramatically reduces the complexities of every-changing threats and technology — and empowers organizations to better pursue their strategic objectives.

Security Intelligence

Kenna

https://www.kennasecurity.com/

Kenna is a software-as-a-service Vulnerability and Risk Intelligence platform that accurately measures risk and prioritizes remediation efforts before an attacker can exploit an organization's weaknesses. Kenna automates the correlation of vulnerability data, threat data, and zero-day data, analyzing security vulnerabilities against active Internet breaches so that InfoSec teams can prioritize remediations and report on their overall risk posture.

Kenna supports the Qualys vulnerability management solution right out-of-the-box, making it easy to consume the latest Qualys scan data. Kenna adds real-time context using threat intelligence data sources such as AlienVault OTX, Dell CTU, Metasploit, ExploitDB and Verisign iDefense. Contextualizing vulnerabilities with what is happening this minute in the real-world allows you to automatically identify weaknesses based on your unique environment, allowing you to save massive amounts of time in your vulnerability management process.

Kenna groups assets for easy monitoring, measurement and reporting on risk. Dashboard reports can be used to visualize your exposure at-a-glance and track the your risk trend over time. And rather than basing your exposure on vulnerability counts, visualize your trending risk in real time. When everyone in your organization has access to the same view of your risk, communicating and understanding your risk posture is simple.

Kenna also matches available patches with vulnerabilities in your environment and helps you prioritize which remediations will truly make an impact. Find out what to fix first (and why), and make remediation decisions backed by analytical rigor to take meaningful actions.

Remediate vulnerabilities that provide the greatest reduction in risk based on real-world threat intelligence, not just internal weaknesses with Kenna. Know the exact "fix" to give your Development team and confirm proper remediation and prove your actions with data.

Security Intelligence

Lumeta

http://www.lumeta.com/

Lumeta's network situational awareness platform is the authoritative source for enterprise network infrastructure and cybersecurity analytics. Lumeta recursively indexes a network to provide an accurate cybersecurity posture of network architecture and network segmentation policies, violations and vulnerabilities.

Lumeta IPsonar provides a point-in-time view of every IP connected device on a network, resulting in comprehensive visibility of the entire routed infrastructure and confirmation that all assets are under security management. It provides an authoritative census of attached devices for vulnerability scanning. IPsonar also identifies inbound and outbound leak paths.

Integration of Lumeta IPsonar with Qualys Vulnerability Management (VM) brings together comprehensive network visibility and vulnerability scanning of devices, enabling a more complete picture of security posture within an organization's enterprise and, therefore, an improved ability to quickly remediate identified risk.

The plugin compares IP addresses discovered by IPsonar against those known/subscribed by Qualys VM, creating an asset group of previously unknown IPs in Qualys VM for future scanning.

Security Intelligence

RiskSense

https://risksense.com/

RiskSense® is a Security Analytics and Threat Prioritization Platform, that continuously ingests massive amounts of data from multiple security tools and threat feeds to quickly identify relevant vulnerabilities, and determine the severity of advanced attacks (exploits and malware), and provides solutions to fix the most critical vulnerabilities and change the overall threat landscape.

RiskSense can detect most subversive threats by fusing advance machine learning techniques and visual analytics. It provides contextual awareness and addresses current security issues through a compartmentalized and siloed approach.

The powerful combination of RiskSense with Qualys allows uncover hidden threats and resolve them before a data breach can occur.

The versatile and flexible scanning capabilities of the Qualys Cloud Platform combined with the powerful data aggregation and visual analytics of RiskSense, allows organizations to quickly identify vulnerabilities across the entire infrastructure, assess risk and manage their remediation all within an easy to use web interface. This integration provides an immediate and up-to- date security stance of the entire enterprise.

Security Intelligence

Verisign iDefense

https://www.verisigninc.com/en_US/cyber-security/index.xhtml

VeriSign® iDefense® Security Intelligence Services deliver actionable intelligence related to vulnerabilities, malicious code and geopolitical threats to protect enterprise IT assets and critical infrastructure from attack.

iDefense leverages an extensive intelligence gathering network, proven methodology and highly skilled security analysts that span seven specialized intelligence teams to deliver deep analysis that goes well beyond the basic notification of a threat.

VeriSign® iDefense® Integration Service for Qualys VM

The iDefense security intelligence data is integrated with Qualys VM to enable customers with the ability to correlate iDefense vulnerability reports with Qualys scan data against IT assets to prioritize vulnerabilities based on severity, business criticality and relevance to the organization. This integration capability, available on the iDefense portal, helps security teams prioritize patch deployments and remediation efforts particularly between full vulnerability scan cycles of their environments.

Server Configuration Management

BMC

http://www.bmc.com/

BMC Intelligent Compliance closes the SecOps gap that separates Security from Operations teams and prevents companies from achieving their goals around Governance, Risk and Compliance (GRC). Intelligent Compliance provides end-to-end automation of discovery, audit, remediation and governance to reduce risk, improve enforcement and free personnel to focus on achieving the strategic goals of the business.

Together with Qualys, the Intelligent Compliance joint solution addresses the gap through a combination of security and compliance audit data from Qualys Vulnerability Management (VM) with the associated action from BMC BladeLogic Server Automation to remediate the vulnerability. The integration solution helps reduce the window of exposure to vulnerabilities, increase the speed and frequency of audits, and lower the cost of audit and remediation.


  • Reduce the Window of Exposure to Vulnerabilities — remediate vulnerabilities through automation
  • Avoid Downtime — make remediation actions predictable and minimize both planned and unplanned outages
  • Increase Speed and Frequency of Audits — run automated audits frequently as needed, or even on-demand, without impacting other operational activities
  • Stay Compliant with Industry Regulations — take advantage of audit and remediation content for common policies
  • Lower the Cost of Audit and Remediation — automate previously manual actions
SIEM

ArcSight ESM

http://www.arcsight.com/

ArcSight Enterprise Security Manager (ArcSight ESM) provides a real-time threat management solution. ArcSight's ESM collects Qualys vulnerability assessment data via a SmartConnector to enable customers to precisely pinpoint the risk level of certain vulnerabilities in their IT environments.

By correlating this information for real-time monitoring it reduces false positives and provides real-time analysis, visualization, reporting, forensic analysis and incident investigation.

SIEM

Bee Ware

http://www.bee-ware.net/

Bee Ware provides organizations of all sizes with the means to fight the increasing threats that can impact their activity while ensuring optimum quality of service and performance.

Bee Ware's i-Suite provides an application firewall (WAF), access control (WAM), tools for auditing and traffic monitoring, a Web Services firewall (WSF), and centralized management that significantly reduces deployment costs. Founded in 2002, Bee Ware is present today in Europe in industry, healthcare, finance, and public services.

Bee Ware and Qualys worked jointly to provide a single solution that combines the Web application protection platform i-Suite with Qualys Web Application Scanning (WAS), a Web application vulnerability scanner.

Bee Ware's i-Suite platform is an all-in-one solution capable of protecting and managing all types of Web applications from a single management console. The Web Application Firewall (WAF), Web Services Firewall (WSF), and Web Access Management (WAM) modules provide security for applications while protecting the information system from external attacks and fraudulent login attempts.

Thanks to this integration, IT teams can now provision Qualys WAS in Bee Ware i-Suite in a single click, regardless of the number of applications being protected, and easily identify all Web application vulnerabilities (SQL injection, Cross Site Scripting (XSS), Slowloris, etc.) In addition, it offers a consolidated view of the security policies applied to the application infrastructures (automatic building of white lists, reinforcement of controls on sensitive parameters, etc.)

SIEM

BlackStratus

http://www.blackstratus.com/

BlackStratus Security Information Management (SIM) provides decision support for compliance, risk management and business continuity. Qualys and BlackStratus integration provides a centralized solution for correlation, log aggregation, threat analysis, incident response and forensic investigation with the additional value of providing valuable context for the threatened host.

Qualys vulnerability details are displayed on demand for any hosts under attack or being investigated by BlackStratus. This allows users to quickly match attacks and misuse to a host's vulnerabilities as part of the investigation and mitigation process.

SIEM

LogRhythm

http://logrhythm.com/

LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company's award-winning platform unifies next-generation SIEM, log management, network and endpoint forensics, and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides innovative compliance automation and assurance, and enhanced IT intelligence.

LogRhythm leverages Qualys' open platform and APIs to integrate accurate and timely vulnerability data into LogRhythm's Security Intelligence Platform. LogRhythm's advanced analytics incorporate vulnerability data imported directly from Qualys and automatically prioritize real-time alerts so that organizations can understand which security threats are the most critical and can respond accordingly.

SIEM

NetIQ Sentinel

https://www.netiq.com/

NetIQ Sentinel delivers visibility into an enterprise's network automating the monitoring of an enterprise's IT controls for effectiveness to detect and resolve threats in real time—before they affect the enterprise's business.

By collecting the results of Qualys' vulnerability scans and correlating it with the user's intrusion detection sentinel (IDS) data, Sentinel's Exploit Detection functionality can instantly tell the Sentinel user if their infrastructure is at high risk from incoming exploits/malware.

SIEM

Q1 Labs QRadar

http://www.q1labs.com/

Q1 Labs QRadar goes beyond traditional security information/event management (SIEM) to create a command-and-control center. QRadar combines, analyzes and manages an unequalled set of surveillance data—network behavior, security events, vulnerability profiles and threat information—to empower enterprises to manage business operations on their networks efficiently from a single console.

Qualys integration with QRadar provides vulnerability information that is used in powerful analysis of network assets and network activity, resulting in a more intelligent assessment of your network and potential threats to it.

SIEM

RSA NetWitness for Logs

http://www.emc.com/security/rsa-netwitness/rsa-netwitness-for-logs.htm

RSA NetWitness for Logs delivers an innovative fusion of hundreds of network and log-event data sources with external threat intelligence. Enterprises now have the broad, robust, and high-speed visibility into critical information needed to help detect today's targeted, dynamic, and stealthy attack techniques.

NetWitness for Logs provides a basis for a single, intuitive SIEM user interface presenting an unprecedented view of organizational activity across even more of the IT infrastructure.

About RSA

RSA, The Security Division of EMC, helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's technology, business and industry solutions help organizations bring trust to millions of user identities, the activities that they perform and the data that is generated.

SIEM

Splunk

http://www.splunk.com/

The Qualys App for Splunk® Enterprise, when installed on Splunk Enterprise, provides security analytics that give businesses much needed insight into potential threats enabling faster detection by prioritizing vulnerability and event data. It also provides the ability to transform vulnerability data into customized, dynamic reports and dashboards to help identify and respond to the most critical threats in the perimeter.

The Qualys App for Splunk Enterprise accesses data from Qualys Vulnerability Management (VM) through the Qualys Cloud Platform API that, when installed on Splunk Enterprise, can provide a single view of security and compliance data analytics. The app streamlines the importing of the Qualys vulnerability and KnowledgeBase data into Splunk Enterprise. Within Splunk Enterprise, the app provides a vulnerability dashboard containing a variety of summary charts, including top hosts affected, most prevalent vulnerabilities, IP lookup, IPs matching a given vulnerability, as well as remediation status and trending data. The dashboard also includes preconfigured searches and reports, and can also be configured to display data in formats and aggregations that match the enterprise's needs.

SIEM

StillSecure VAM

http://www.stillsecure.com/

The StillSecure Enterprise Integration Framework includes a set of APIs that extend VAM capabilities, allowing users to import and export data into and out of VAM. This provides an interface framework for integrating VAM with existing IT systems. Using the Qualys connector, organizations can easily import devices scanned by Qualys into VAM for management.

Through the integration, joint StillSecure and Qualys customers can better manage their organization's risk by proactively identifying, tracking, and managing the repair of critical network vulnerabilities. Organizations importing Qualys data into VAM adopt an auditable workflow process that focuses remediation efforts on the highest priority devices before they are exploited.

SIEM

Symantec

http://www.symantec.com/

Symantec Security Management System (SSMS) provides a scalable, high-performance solution for centralized logging, alerting and reporting. The vulnerabilities identified by Qualys scans can be viewed within Symantec Enterprise Security Architecture (SESA) and correlated to other security alerts in Symantec Incident Manager.

SESA is the security platform that powers the Symantec Security Management System. Symantec Incident Manager correlates security events in real time across disparate security technologies and network tiers to identify, prioritize and coordinate the resolution of security incidents.

SIEM

TriGeo SIM

http://www.trigeo.com/

TriGeo SIM is a SIEM appliance that automatically identifies and responds to network attacks, suspicious behavior and policy violations.

Designed specifically for the needs of the mid market, TriGeo SIM is unique in its ability to actively defend the network with hundreds of highly targeted correlation rules and active responses that include the ability to quarantine, block, route and control services, processes, accounts, privileges and more.

Trigeo correlates security events with vulnerabilities reported by Qualys to provide critical insight that delivers customers both situational awareness and actionable information with enterprise-wide visibility from the perimeter to the endpoint.

Web Application Firewall

Bee Ware

http://www.bee-ware.net/

Bee Ware provides organizations of all sizes with the means to fight the increasing threats that can impact their activity while ensuring optimum quality of service and performance.

Bee Ware's i-Suite provides an application firewall (WAF), access control (WAM), tools for auditing and traffic monitoring, a Web Services firewall (WSF), and centralized management that significantly reduces deployment costs. Founded in 2002, Bee Ware is present today in Europe in industry, healthcare, finance, and public services.

Bee Ware and Qualys worked jointly to provide a single solution that combines the Web application protection platform i-Suite with Qualys Web Application Scanning (WAS), a Web application vulnerability scanner.

Bee Ware's i-Suite platform is an all-in-one solution capable of protecting and managing all types of Web applications from a single management console. The Web Application Firewall (WAF), Web Services Firewall (WSF), and Web Access Management (WAM) modules provide security for applications while protecting the information system from external attacks and fraudulent login attempts.

Thanks to this integration, IT teams can now provision Qualys WAS in Bee Ware i-Suite in a single click, regardless of the number of applications being protected, and easily identify all Web application vulnerabilities (SQL injection, Cross Site Scripting (XSS), Slowloris, etc.) In addition, it offers a consolidated view of the security policies applied to the application infrastructures (automatic building of white lists, reinforcement of controls on sensitive parameters, etc.)

Web Application Firewall

Citrix Netscaler

http://www.citrix.com/

The Citrix NetScaler Application Firewall secures web applications, prevents inadvertent or intentional disclosure of confidential information and aids in compliance with information security regulations such as PCI-DSS. Application Firewall is available as a standalone security appliance or as a fully integrated module of the NetScaler application delivery solution and is included with Citrix NetScaler, Platinum Edition.

Qualys Web Application Scanning (WAS) identifies web application vulnerabilities that can then be used to automatically create rules for the NetScaler Application Firewall to prevent malicious users from exploiting the vulnerabilities. Thanks to this integration, customers can quickly mitigate the vulnerabilities discovered by Qualys WAS with NetScaler Application Firewall and reduce the risk exposure of the business supported by the vulnerable web applications.

Web Application Firewall

F5

http://www.f5.com

F5 helps organizations meet the demands of relentless growth in applications, users, and data.

With F5 solutions in place, businesses gain strategic points of control wherever information is exchanged, from client devices and the network to application servers, data storage, and everything in between.

F5 Networks and Qualys have partnered to help enterprises protect mission-critical applications against cyber threats. The joint solution ensures that vulnerabilities in web applications are identified by Qualys Web Application Scanning and are quickly protected against by F5® BIG-IP® Application Security Manager (ASM). IT staff can then correct code without undue haste, cost, compliance violations, or business interruption.

Web Application Firewall

Imperva SecureSphere

http://www.imperva.com/

The Imperva SecureSphere Web Application Firewall (WAF) protects Web applications and sensitive data against sophisticated attacks such as SQL injection, Cross-Site Scripting (XSS) and brute force attacks, stops online identity theft, and prevents data leaks from applications.

Qualys' web application vulnerability scanners combined with Imperva's SecureSphere WAF secures critical business applications and significantly reduces the need for costly emergency fix and test cycles. Organizations using Qualys can scan their Web applications for vulnerabilities and then import the scan results into SecureSphere WAF. SecureSphere WAF can instantly mitigate the imported vulnerabilities using a "virtual patch", limiting the window of exposure and business impact.

Web Application Testing

iViZ Security

http://www.ivizsecurity.com/

iViZ Security is the industry's premier cloud-based penetration testing service for web applications. Unlike consultants who are expensive, iViZ delivers consultant-grade quality testing in a SaaS-based, cost-effective subscription model. iViZ provides a "Zero False Positives Guarantee" and advanced business logic testing by leveraging its patent pending "hybrid approach" that integrates automation with manual testing by security experts. More than 300 customers worldwide use iViZ for greater quality, scalability and cost effectiveness.

Qualys and iViZ have partnered to combine the highly automated testing of Qualys Web Application Scanning (WAS) with iViZ Penetration Testing Technology and comprehensive manual testing to effectively protect websites and web applications against possible attacks. The iViZ service will provide a Zero False Positive Guarantee and Business Logic Testing covering 100% of the Web Application Security Consortium (WASC) classes.

The solution is aimed at solving the problem of the significant shortage of trained security professionals that organizations need to hire and retain to secure their web applications. Automated scanning with false positive removal and Business Logic Testing will help organizations solve the problem of scaling security testing without hiring additional people.

Become a Technology Partner

Become an Integration Partner Qualys XML APIs
Qualys Solutions
Qualys Community
Free Trial & Tools
Free Trial

Nothing to install!

1 (800) 745 4355