One Platform. One Agent. Complete Compliance for PCI DSS 4.0.
In today’s world, data is power. As an information security leader, I can’t drive accountability without data, and specifically data with a high level of integrity. The Enterprise TruRisk Platform along with its sensors, in particular cloud agents and cloud connectors, give me the single view to manage end-to-end PCI compliance and data security in my organization.Matthias Hoelzli Sr. Manager of Threat & Vulnerability Management, NortonLifeLock
Coverage for more than 97 percent of the PCI DSS 4.0 requirements across asset management, external and internal vulnerability management, payment web app security, secure configuration management, file integrity monitoring, asset discovery, remediation, and PCI ASV questionnaires.
Offering a comprehensive and integrated cloud platform with a single agent, the Qualys Compliance Solution Set provides a holistic view of all assets, including middleware and databases missed by most solutions, to ensure full PCI DSS 4.0 compliance and avoid fines, brand damage, and lawsuits. Qualys Compliance ensures automated discovery and classification for in-scope assets, along with PCI-specific out-of-the-box compliance policies, file integrity monitoring profiles, self-assessment templates, and vulnerability scan profiles, enabling you to assess your card holder data environment within 15 minutes after provisioning.
Qualys Vulnerability Management, Detection, and Response (VMDR) is not included with TotalCompliance and is recommended as a pre-requisite foundational solution to manage CDE cyber risks (Req. 2, 5, 6, 11). It addresses the third goal for a CDE vulnerability management program, and Requirement 11’s need for regularly testing security of CDE systems and networks. VMDR excels at detecting internal and external risks, and efficiently responding to vulnerabilities. It even performs authenticated scans, such as for certificate inventory, which other scanners are unable to do.
Performs continuous vulnerability management using cloud agents or network scanners
Prioritizes vulnerabilities based on real-time threat indicators and your attack surface
Gives your security teams and auditors assurance that your network is completely secured.
Qualys Policy Compliance (PC), included with TotalCompliance, is a cloud service app in the Qualys Cloud Platform that enables continuous assessment of the cardholder data environment. Qualys PC provides a ready-to-use mandate-based template for PCI DSS 4.0 consisting of security checks that automate the assessment of in-scope PCI assets. These checks automatically scan technical secure configuration assessment requirements of the standard.
Assesses, monitors, prioritizes, and reports security-related misconfigurations based on a comprehensive policy library of CIS, DISA, PCI-DSS standards
Provides out-of-the-box PCI compliance policies to assess your environment and automated remediation of compliance issues.
Enables customized policies based on organization-specific baselines, prioritizes based on evidence of exploitation in the wild and the likelihood of exploitation to quickly see which vulnerabilities, assets, and groups of assets are most at risk.
Qualys Patch Management (PM) is included with TotalCompliance and enables automating the entire patching process for operating systems, mobile devices and third-party applications – even for remote devices within the cardholder data environment (Req. 1, 6, 10, 11).Read more
Qualys CyberSecurity Asset Management (CSAM) is included with TotalCompliance, along with External Attack Surface Management (EASM). CSAM provides an accurate, context-rich inventory of all CDE cyber assets to identify security gaps (Req. 2) and CSAM provides full visibility and control of the CDE’s external attack surface (Req. 2, 12).Read more
Qualys PCI Approve Scanning Vendor (ASV) is included with TotalCompliance. PCI DSS requirement 11.2.2 requires quarterly external vulnerability scans that must be performed by an ASV. As an Approved Scanning Vendor (ASV), Qualys has been authorized by the PCI Security Standards Council to conduct the quarterly scans required to show compliance with PCI DSS. Qualys helps you achieve compliance via a streamlined process that also gives you assurance your network is secure.Read more
Qualys File Integrity Monitoring (FIM) included with TotalCompliance, provides “low-noise” CDE integrity monitoring efforts and compliance (Req. 1, 10, 11, 12), including unauthorized modification and change detection that accurately separates false alerts from positive hits and allows for whitelisting.Read more
Qualys Web Application Scanning (WAS) included with TotalCompliance, continuously detects vulnerabilities and misconfigurations of CDE internal and external-facing web applications (Req. 6, 11). This app finds malware in web apps and informs DevOps teams on exposed payment data and other PII.Read more
Qualys Security Assessment Questionnaire (SAQ) is included with TotalCompliance. More than half of all PCI requirements (143 of them) involve merchant reporting of compliance status via PCI Self-Assessment Questionnaires. Qualys SAQ enables you to demonstrate the security measures needed to keep cardholder data secure at your business.Read more