We use Qualys as a way to paint a picture of security and feed it to our executives — right up to the CEO. The reports give senior executives a concise, real-time view into eBay's security risks and measure change in those risks as we implement security measures. The reports also provide us with the data we need for budgeting security resources.
Senior Manager, Information Security, eBayRead Case Study
To a cyber criminal, vulnerabilities on a network are hidden, high-value assets. These vulnerabilities are targets for exploitation. They can result in unauthorized entry into a network, can expose confidential information, provide fuel for stolen identities, trigger theft of business secrets, violate privacy provisions of laws and regulations, or paralyze business operations.
Vulnerabilities have plagued operating systems and software applications from the earliest days of computing. They used to be rare, but now you read about successful attacks via the Internet almost every day. Universal connectivity provided by this global pathway gives hackers and criminals easy access to an organization's network and computing resources. When network-attached devices are running without current security updates, these unpatched devices are immediately vulnerable to a variety of exploits. Every business is susceptible if network vulnerabilities are not identified and fixed.
Securing the Network with Vulnerability Management
Network vulnerabilities don't go away by themselves. Their detection, removal, and control require vulnerability management. VM, as it's called, entails more than simply running a scanner to detect common weaknesses. Scanning is an essential element of VM, but processes for ensuring network security also entail other technologies and workflow. A comprehensive solution for network security must address the big picture:
- Identify and fix faults in the software that affect network security, performance, or functionality.
- Continuously address new security threats, such as by updating software patches and antivirus signatures.
- Change software configurations to make them less susceptible to attacks (such as worms, bots, etc.).
- Enable the effective improvement and management of network security risks.
- Document the state of security for audit and compliance with laws, regulations, and business policy.
Fulfilling these requirements for network security is nearly impossible to do manually. That's why a solution for network security should use automation to speed VM processes and eliminate the potential for overlooking vulnerabilities caused by human error.
How Qualys Helps Secure Your Network
Qualys' on-demand solutions for vulnerability management provide an automated way to identify vulnerabilities, track remediation, reduce network security risks, and reporting necessary to meet IT policy compliance requirements. These solutions include Qualys VM, a software-a-as-service (SaaS) solution for comprehensive network vulnerability management.
By continuously and proactively monitoring all network access points, Qualys dramatically reduces security managers' time researching, scanning and fixing network exposures and enables financial services to eliminate network vulnerabilities before they can be exploited. Driven by the most comprehensive vulnerability KnowledgeBase in the industry, Qualys identifies software and configuration security gaps and provides the immediate insight needed to keep your systems secure.
And because Qualys' Vulnerability Management, Policy Compliance, and Web Application Scanning solutions are delivered as an on-demand web service, it achieves this at a fraction of the cost associated with traditional software.
Insightful, easy-to-grasp reports for both business and technical managers means the entire organization knows the security and compliance status at any given time. While, pre-built and fully customizable reporting capabilities provides a straightforward substantiation of security and compliance levels to internal auditing teams and external regulators.