Interactively set up IT standards for hardening configurations and complying with relevant regulations.
Define configuration policies required for different environments & assets
Qualys provides a centralized, interactive console for specifying the baseline standards that are required for different sets of hosts. Asset groups are shared across the Qualys platform, so hosts discovered and categorized by business function in Vulnerability Management can automatically have appropriate hardening policies assessed in Policy Compliance.
Use a previously-scanned host as a “golden image”
With Qualys, you can create policies based on a previously-scanned host in minutes. Qualys automatically selects controls and setting values to match the master machine’s “golden image.”
Draw from a built-in library of extensively-used policies certified by CIS
Qualys’ library of built-in policies makes it easy to comply with commonly-adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.
Use SCAP content streams
Qualys can import Security Content Automation Protocol (SCAP) source data stream content to define policies. This simplifies verifying devices for compliance with standards such the US Government Configuration Baseline (USGCB).
Create custom policies via an interactive web-based editor
You can add your own policies quickly with Qualys’ web-based policy editor. Interactively choose which technologies to cover, and organize relevant controls into sections. Each control can reference external standards so that automated policies match up with printed requirements documents.
Import and export policies to share with other subscriptions
Qualys helps you work with partners to enforce common sets of configuration settings. Policies can be exported into XML, given to another Qualys account holder, and then imported.
Select host & app settings to check for each policy.
Interactively choose which configuration settings to monitor
Qualys’ interactive editor automatically organizes controls according to the technologies associated with each policy. Rich searching tools enable relevant controls to be found quickly according to attributes such as name, category, framework, and others.
Test controls immediately without rescanning or reporting
While setting up a control within Qualys, you can immediately test the configuration you’ve specified. This saves you from having to run a new scan or generate a special report each time you edit a control. Qualys even gives you a list of relevant hosts to choose from and shows you what values were gathered.
Select from a rich library of controls for OSes, network devices, databases & apps
Qualys provides an extensive library of more than 15,000 checks, spanning more than 50 technologies. Controls can be filtered and selected according to a variety of attributes, including: description keywords, framework they implement, and category. This library is continually updated by Qualys, making comprehensive policies easy to build.
Monitor the integrity of files and watch for changes
Qualys can monitor arbitrary files on Windows and Unix/Linux hosts for changes so that unexpected modifications can be caught quickly.
Create custom controls without writing code or scripts
Qualys’ controls are easily extended without resorting to programming. On Unix/Linux and Windows hosts, attributes of files and directories can be examined with just a few clicks. On Windows hosts, checks for registry entries, share permissions, and WMI queries can also be added quickly.
See how controls relate to critical frameworks and regulations
Qualys provides context information for each built-in control such as the standards frameworks to which the control applies, including: CIS, COBIT, ISO 17799 & 27001, NIST SP800-53, ITIL v2, HIPAA, FFIEC, NERC-CIP.
Scan and analyze OS and application configurations on each target host.
Scan anywhere from a single console
With Qualys, you can scan systems anywhere from the same console: your perimeter, your internal network, and hosted systems. You can select target hosts by IP address, asset group or IP range. And, since Qualys separates scanning from reporting, you can scan deeply and then create custom reports for each audience the appropriate level of detail.
Scan quickly & efficiently
Qualys is designed to work efficiently and unobtrusively in even the largest global networks. You can use your existing asset groups to select which systems to scan. Internal network scans can be done in parallel using multiple appliances to accelerate scanning and prevent network bottlenecks.
Scan behind your firewall securely with Scanner Appliances managed by Qualys
You can scan your internal networks securely and seamlessly with Qualys Scanner Appliances. These physical devices or virtual machine images (both of which are remotely managed 24x7x365 by Qualys) let you efficiently monitor your internal hosts, network devices, databases and other assets without opening inbound firewall ports or setting up special VPN connections. Qualys even handles complex networks with overlapping private IP address spaces.
Store configuration information offsite with secure audit trails
As a cloud service, Qualys provides a trusted, independent location for securely storing critical configuration information and tamper-resistant audit trails.
Scan on-demand or on a schedule
Qualys gives you the flexibility to scan whenever you want. You can launch scans with a click to manually check desired hosts. Or, schedule recurring scans with specific durations to match your maintenance windows.
Assess deeply with authentication scans
Qualys can securely use authentication credentials to log in to each host, database or web server. For added control, Qualys can pull passwords dynamically from 3rd-party credential management systems and use privilege escalation systems such as “sudo.”
Fix violations and configuration “drift” early — before audits — and manage exceptions centrally.
Catch configuration “drift” while it’s easy to fix
Qualys automates the labor-intensive process of checking settings on each machine in your network. Security configuration assessments that otherwise could only be done quarterly can now be done monthly or weekly. By helping you address violations quickly, before they get too far out of hand, Qualys makes remediation efforts more predictable and avoids last-minute emergencies during audits.
Manage exceptions via a documented approvals process
By eliminating configuration firedrills, Qualys shifts the focus of your efforts to managing exceptions for specific hosts and situations. Qualys provides a documented, repeatable workflow for requesting, evaluating and approving exceptions. Approvals can be temporary, allowing issues to be automatically revisited after a specified length of time.
Know that audits will show compliance, not uncover violations
With Qualys, you can know at any time whether your IT systems are in compliance with configuration mandates. Issues can be resolved early, reducing or eliminating the chances for failed IT audits that could lead to more-intrusive audits in the future or even penalties. Instead, with Qualys, audits validate that you are following the kinds of best practices that reassure auditors.
Customize comprehensive reports to document progress for IT, business executives, risk managers and auditors.
Report anytime, any way — without rescanning
Qualys tracks configuration data across hosts and time, enabling you to use reports to better understand the security of your network. You can draw from a library of built-in reports, change what’s shown or choose different sets of assets — all without having to rescan. Reports can be generated on-demand or scheduled automatically and then shared with the appropriate recipients online, in PDF or CSV.
Compare compliance rates across policies, technologies and assets
Qualys helps you consolidate compliance results in different ways for clear, concise presentation.to executives. Its graphical Scorecard reports allow you to examine multiple policies at once and see how compliance varied across different technologies and groups of assets. It also highlights changes over time, allowing you to track and compare different teams’ progress quickly.
Document that policies are followed & lapses get fixed
Qualys provides a systematic way to document that IT security policies have been defined and implemented. Auditors can quickly see that best practices are being followed and that violations are being found and fixed.
Create different reports for different audiences
Once size does not fit all. With Qualys, you can create custom report templates that communicate the right level of detail in the right way. Present scorecards to executives, connecting security results to business goals. Provide detailed drill-downs to IT teams who are checking into issues.
Enable data-driven risk & compliance management
With Qualys, decisions about risk and compliance management can be based on facts and data rather than guesses and instinct. It provides a continuously up-to-date view of how IT system configurations measure up to requirements and defined baselines.
Share data with GRC systems & other enterprise applications
In addition to helping you share the state of your compliance efforts with other people, Qualys can also provide valuable data programmatically to other systems. Through a comprehensive set of XML-based APIs, your GRC and other compliance applications can obtain up-to-the-minute data about each of your host assets, initiate scans, and perform a variety of other tasks.