Accuracy of Scans and Elimination of False Positives and False Negatives
Qualys virtually eliminates the likelihood of generating false positives for all vulnerability scans by developing consistent audits and continuous, automated QA testing of all signatures in the Qualys® KnowledgeBase. Unlike software-based solutions the Qualys Web service architecture enables our R&D staff to automate quality testing and continuously update and enhance vulnerability signatures for accuracy and reliability. Any false positives reported by users are recorded and investigated immediately. Signatures are updated and automatically released to the Qualys scanners within 48-72 hours.
Ongoing analysis and investigation are a critical part of Qualys' false positive elimination process and industry-leading accurancy. This continuous QA process significantly reduces the enterprise's overall resources requirement while enhancing the efficiency of enterprise vulnerability management.
How False Positive Resolution is Ensured
- Incident is reported to Qualys customer support
- Our Support staff works closely with the customer to investigate the incident and escalates it to R&D
- R&D researches the cause of the issue and updates the signature accordingly
- The signature is automatically regression tested and verified in our QA labs
- The updated signature is released to all Qualys Internet and Intranet scanners
- Support follows up with the customer to confirm that the signature is performing correctly
Unlike software-based scanners, availability of the updated signature is not bound to software release cycles that typically require months to deliver updates. This Web service model provides our customers immediate and automatic access to all Qualys enhancements.