- What is the Qualys Consultant model?
- Who can use the Qualys Consultant model?
- Can consultants scan their own company networks?
- Can continuous services be provided with Consultant Professional Unlimited?
- Can consultants provide a client-driven scanning service?
- Can clients of consultants have access to the Qualys Cloud Platform?
- Can Consultant customers submit external scans for PCI ASV validation?
- What is the difference between Consultant and Consultant Professional?
What is the Qualys Consultant model?
Qualys Consultant is used for engagement-based services such as, but not limited to, vulnerability and security program assessments.
Who can use the Qualys Consultant model?
Qualys Consultant can be used by IT and Security auditors, individual consultants and consulting firms that provide 3rd party assessments.
Can consultants scan their own company networks?
Per the Qualys Consultant Service User Agreement, Qualys Consultant subscriptions cannot be used for scanning the network or any associated network of the company that purchased the subscription.
Can continuous services be provided with Consultant Professional Unlimited?
Qualys Consultant Professional Unlimited is to be used for ad-hoc or professional services engagements – not managed or continuous services. Consultant companies should resell Qualys to provide continuous managed services to their customers.
Can consultants provide a client-driven scanning service?
If Consultant customers want to provide a portal to their clients for requesting a specific type of scan (Vulnerability, Web Application, Policy Compliance, etc.) they must purchase Qualys Consultant Professional (QCP) Pay per Scan package(s) alongside the API. QCP Unlimited is restricted to engagement-based scanning.
Can clients of consultants have access to the Qualys Cloud Platform?
No clients of the Qualys Consultant customer should be provided direct or indirect access to the consultant’s Qualys Cloud Platform instance or have any type of user account. The Qualys API should not be used to create a custom portal for clients to have access to features.
Can Consultant customers submit external scans for PCI ASV validation?
Consultant customers are direct customers of Qualys, who is an approved ASV vendor, but the clients of the Qualys Consultant customer are not; therefore, consultants are not permitted to submit external scans for Qualys PCI ASV validation on behalf of their clients.
What is the difference between Consultant and Consultant Professional?
Qualys Consultant provides you the ability to scan any host with a local virtual scanner that you can deploy on your own laptop. Qualys Consultant Professional provides you the ability to use our Qualys Cloud Platform to scan external hosts and also scan internal networks by deploying virtual or physical scanners to any customer without having the limitations of your own laptop.