Uncover forgotten devices & organize your host assets according to
their role in your business.
Find out what’s really in your network
With Qualys, you can quickly determine what’s actually running in the different parts of your network—from your perimeter and corporate network to virtualized machines and cloud services such as Amazon EC2. Uncover unexpected access points, web servers and other devices that can leave your network open to attack.
Visually map your network
Qualys provides a graphical host map that helps you understand your network at a glance.
Assign a business impact to each asset
In Qualys, you can represent the importance of each asset to your overall business. Such metrics enable you to take a risk-based approach to prioritizing your remediation efforts and fix those vulnerabilities that would impact your business the most.
Identify which OS, ports, services and certificates are on each device
For each device on your network, Qualys identifies the operating system, finds open networks ports, determines what services are active on those ports, and itemizes crucial information about certificates that have been installed.
Organize hosts to match the structure of your business
With Qualys, you can arrange hosts into groups that reflect how you manage your business—e.g., by location or region, by business unit or department. Asset groups also give you control over which hosts can be scanned by which users.
New! Continuously monitor your perimeter for unexpected changes
With the optional Qualys Continuous Monitoring service, Qualys becomes your sentinel in the cloud, watching your perimeter for unexpected changes. You can have the appropriate personnel notified immediately whenever new hosts appear, SSL certificates begin to expire, high-severity vulnerabilities get detected and undesired network ports open up, and more.
Dynamically tag assets to automatically categorize hosts
Qualys’ asset tagging lets you automatically select hosts for scanning or reporting according to a wide range of attributes such as network address, open ports, OS, software installed, vulnerabilities found, and more. You can even provide your own custom logic via a concise scripting language.
Scan for vulnerabilities everywhere (perimeter, internal networks,
Amazon EC2) – accurately and efficiently.
Scan anywhere from a single console
With Qualys, you can scan systems anywhere from the same console: your perimeter, your internal network, and cloud environments (such as Amazon EC2). You can select target hosts by IP address, asset group or asset tag. And, since Qualys separates scanning from reporting, you can scan deeply and then create custom reports showing each audience just the level of detail it needs to see.
Scan on-demand or on a schedule
Qualys gives you the flexibility to scan whenever you want. You can launch scans with a click to manually check desired hosts. Or, schedule recurring scans with specific durations to match your maintenance windows. You can even have scans operate continuously to keep constant watch for changes without overloading your network.
Scan quickly & efficiently
Qualys is designed to work efficiently and unobtrusively in even the largest global networks. You can choose specific groups of systems to scan or dynamically select hosts according to criteria you set using Qualys’ asset tags. Scans of internal network asset groups can be done in parallel using multiple appliances to accelerate assessments and prevent network bottlenecks.
Scan behind your firewall securely with Scanner Appliances managed by Qualys
You can scan your internal networks securely and seamlessly with Qualys Scanner Appliances. These physical devices or virtual machine images (both of which are remotely managed 24x7x365 by Qualys) let you efficiently monitor your internal assets without opening inbound firewall ports or setting up special VPN connections.
New! Handle distributed, overlapping networks seamlessly
As the number of locations and functions in your organizations grows, your network will become more complex. With Qualys, you can handle even complex topologies such as overlapping IP address spaces that can arise from company mergers and the connection of independently-managed private subnets.
Assess deeply with authenticated scans
Qualys can securely use authentication credentials to log in to each host and uncover vulnerabilities lurking below the surface of your network. For added control, Qualys can pull credentials dynamically from a password vault and use privilege escalation systems such as “sudo.”
Scan in Amazon EC2 without filling out request forms
Qualys is pre-authorized by Amazon for scanning instances in EC2 or VPC. There’s no hassling with request forms or waiting for approval. You can launch an instance of our Virtual Scanner Appliance AMI and begin scanning your cloud assets right away.
With the industry’s leading vulnerability KnowledgeBase and its thousands of unique checks, the Qualys Cloud Platform performs approximately 3 billion scans per year. Its vulnerability scans, the most difficult type, consistently exceed Six Sigma accuracy, the industry benchmark for high quality. Reliable results free you from chasing after false positives or worrying that you’ll miss important vulnerabilities.
Store configuration information offsite with secure audit trails
As a cloud service, Qualys provides a trusted, independent location for securely storing critical vulnerability information and tamper-resistant audit trails. Qualys automatically flags vulnerabilities that affect PCI compliance and Qualys is an Approved Scanning Vendor for PCI.
Identify the highest business risks using trend analysis, Zero-Day and
Patch impact predictions.
Track vulnerabilities as they appear, are fixed, or reappear
Qualys uses the data in each scan to track vulnerabilities over time—when they appear and are fixed, as well as whether they reappear later.
Monitor certificates deployed throughout your network
Qualys finds and tracks certificates that are deployed in your network. You can see in one place which certs are about to expire, which hosts they are used on, what their key size is, and whether or not they are associated with any vulnerabilities. With the optional Qualys Continuous Monitoring, you can even have appropriate personnel notified automatically whenever certificates on your critical perimeter devices approach their expiration so that you can prevent any loss of service.
Put critical issues into context with the industry’s leading KnowledgeBase
Qualys separates reporting from scanning, enabling you to use a wide range of filters to explore your vulnerability findings. You can look for specific types of vulnerabilities and use criteria from Qualys’s KnowledgeBase such as severity, business risk, CVSS scores, existence of exploits or malware, and whether patches are available.
See which hosts need updates after Patch Tuesday
With Qualys’ constantly-updated KnowledgeBase, you can quickly determine which hosts will need which patches when vendors release updates each month.
Spot trends, see what’s changed
With Qualys, instead of looking at a single snapshot of your network, you can look at how vulnerabilities have impacted your systems over time and where things are headed. You can look at what’s changed through differential analysis, or drill into different sets of assets, all without having to re-scan.
Predict which hosts are at risk for Zero-Day Attacks
With the optional Qualys Zero-Day Risk Analyzer, you can immediately know which systems are at risk when new Zero-Day threats emerge. Up-to-the-minute intelligence from VeriSign iDefense enables Qualys to alert you even before patches are publicly available so that you can take appropriate mitigating action.
Monitor vulnerabilities over time, assign tickets, and manage exceptions.
Keep track of vulnerabilities and actions taken
Qualys tracks the disposition of each vulnerability on each host over time. This helps you document the actions taken in response to each vulnerability and monitor the effectiveness of your remediation efforts.
Automatically assign remediation tickets
With Qualys’ remediation ticketing, you can have tickets generated automatically whenever vulnerabilities are found. You can set criteria for assigning tickets, with deadlines, to the appropriate personnel. Comprehensive ticket-tracking reports provide the history of each ticket as well as a holistic view across sets of tickets.
Create per-host patch lists
Qualys’s Patch Report gives you a consolidated list of which hosts need which patches. It also identifies where to get vendors’ official patches so that you can keep your systems up-to-date and know where to apply your resources.
Integrate with existing IT ticketing systems
Qualys can automatically create and close tickets in select 3rd-party IT ticketing systems.
For times when a vulnerability might be riskier to fix than to leave alone, Qualys allows you to suspend reporting on particular vulnerabilities to avoid distracting you from more serious threats. Exceptions can be set to automatically expire after a period of time so that deferred vulnerabilities don’t get lost and can be reviewed later.
Customize comprehensive reports to document progress for IT,
business executives and auditors.
Report anytime, anywhere — without rescanning
Qualys’ ability to track vulnerability data across hosts and time lets you use reports interactively to better understand the security of your network. You can draw from a library of built-in reports, change what’s shown, how data is presented, and choose different sets of assets—all without having to rescan.
Create different reports for different audiences
One size does not fit all. With Qualys, you can create custom report templates that communicate the right level of detail for each recipient. Present scorecards to executives, connecting security results to business goals. Give patch reports to Operations staff, telling them exactly which hosts need which updates. Provide detailed drill-downs to IT teams who are researching particular issues.
Verify, document and share status and results automatically
With Qualys, you can easily record and share the results of your vulnerability management program. Reports can be generated on-demand or scheduled automatically and then shared with the appropriate recipients online, in PDF or CSV.
Provide context & insight, not just data
Qualys helps you understand the impact that each vulnerability could have on your network. Its extensive KnowledgeBase provides information and context about each vulnerability (such as CVSS scores, relevance to PCI, threat details, active exploits and potential solutions). Trends and predictions allow you to see beyond individual data points, and patch reports let you focus on the most important actions.
Show ongoing progress against vulnerability management objectives
Best practices in security go beyond looking at simple counts of open vulnerabilities because the rates at which new vulnerabilities are found and patches are released are constantly changing. Qualys helps you meaningfully track progress over time with metrics such as the number of fixable vulnerabilities that remain unpatched for more than 90 days.
Share data with other security & compliance systems
Qualys can provide valuable data programmatically to other applications through a comprehensive set of XML-based APIs. Your GRC, SIEM, ERM, IDS and other security and compliance systems can obtain up-to-the-minute data about each of your host assets, initiate scans, and perform a variety of other tasks.