See Resources

The Six Sigma technique is well-suited to improving the quality of vulnerability scanning. This sophisticated, multi-step process requires commitment across the entire organization to achieve the desired results. Comparing quality levels over time against the volume of scans conducted shows whether a vulnerability management system can be relied upon even as its usage grows.

In the twelve months ending in December 2016, the Qualys Cloud Platform performed over 3 billion security and compliance scans, while keeping defect levels low:

Qualys Scanning Accuracy Chart

Qualys exceeds six-sigma accuracy by combining Cloud technology with finely-tuned business processes to anticipate and avoid problems at each stage in the vulnerability scanning process:

Potential Problem How Qualys
Prevents the Problem

Scanners Improperly Provisioned

Vulnerability scanners are complex combinations of software, databases, and networking technology that need to work seamlessly together.

Qualys is a pure Cloud-based platform that is heavily optimized for use with complex networks. It is professionally administered 24x7x365 in data centers around the world and requires no purchases, setup or maintenance of servers, databases or software by customers.

Devices Not Scanned Realistically

Scanning Internet-facing systems from inside a corporate network can present an inaccurate view of what attackers will encounter.

Qualys combines Internet-based scans for external perimeter devices with internal scans from remotely-managed scanning appliances to provide a seamless view of your systems — on the Internet, in your corporate network, or in the Cloud.

Device Crashes

Some devices have hardware or operating systems that are sensitive to scanning and can fail when pushed beyond their limits.

Qualys automatically adjusts its scans according to how devices react to avoid overloading them.

Device OSes Misidentified

Devices with unusual configurations (esp. hardened appliances) can be tricky to identify correctly.

Qualys has spent more than 10 years tuning its recognition algorithms and is constantly updating them to handle new devices and OS versions.

Service Crashes on Devices

Sometimes a network service on a device may stop functioning after a scan even if the device itself keeps running.

Qualys tailors each scan to the OS that is detected and dynamically adjusts the intensity of scanning to avoid overloading services on the device.

False Negatives

Scanners that aren’t kept up-to-date can miss potential risks.

Qualys continually updates its KnowledgeBase of vulnerability definitions to address new and evolving threats. All customers swiftly benefit from new vulnerabilities found anywhere in the world.

False Positives

Scanners that aren’t tuned properly or that have inaccurate vulnerability definitions may flag issues that aren’t true risks.

Qualys automatically tests all vulnerability definitions before they’re deployed, as well as while they’re active, to verify that definitions are up-to-date. In addition, Qualys enables users to flag vulnerability definitions they think need adjusting. Such requests are immediately investigated by Qualys’ worldwide team of engineers and are typically resolved in less than 72 hours — often even within the same day.

The Bottom Line

Qualys goes beyond simply identifying vulnerabilities; it also helps you download the particular vendor fixes and updates needed to address each vulnerability. This patch-centric approach helps you prioritize which problems to address first and frees you from having to weed through long, repetitive lists of issues.

The impact of Qualys’ Six Sigma accuracy is directly reflected in the low rate of issues that get submitted to Qualys Customer Support. The number of scans that are free of defects remain well above Six Sigma levels.

Six Sigma Chart

With Qualys’ high accuracy, your IT, security and compliance teams can efficiently focus their efforts on reducing risk, not just finding it. That’s what true Vulnerability Management is all about.

Qualys Cloud Platform

& Integrated Suite of Security & Compliance Applications

There’s nothing to install or maintain. Grow with your business!

  • Qualys AssetView Badge AssetView Search millions of IT assets in seconds, wherever they reside. Learn More
  • Qualys Vulnerability Management Badge Vulnerability
    Recognized as the market leader in vulnerability management. Learn More
  • Qualys Continuous Monitoring Badge Continuous
    Always-on, automated monitoring of your global network. Learn More
  • Qualys ThreatPROTECT Badge ThreatPROTECT Quickly visualize and prioritize security threats at-a-glance. Take action on the threats that matter most. Learn More
  • Qualys Web Application Scanning Badge Web Application
    Discover, catalog and scan all of your web apps for vulnerabilities and website misconfigurations. Learn More
  • Qualys Web Application Firewall Badge Web Application
    Continuously stop web attacks and prevent data breaches on your applications. Learn More
  • Qualys Malware Detection Badge Malware
    Protect your online customers from malware infections and safeguard your brand. Learn More
  • Qualys Secure Seal Badge SECURE
    The most comprehensive website security seal on the Internet. Learn More
  • Qualys Policy Compliance Badge Policy
    Pass security audits and document compliance to both internal and external auditors. Learn More
  • Qualys Security Assessment Questionnaire Badge Security Assessment
    Assess business risk with automated campaigns. Learn More
  • Qualys PCI Compliance Badge PCI
    A quick, cost effective way to achieve PCI Compliance by yourself. Qualys is an Approved Scanning Vendor. Learn More
  • Sign up for a Free Trial

    There’s nothing to install or download

Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Free Trial & Tools
Popular Topics