QualysGuard Spots, Reports Flaws

By Cameron Sturdevant  |  Posted 2003-04-07 Print this article Print

Hardware/service combo tailors analysis and guards data.

Qualys Inc.s QualysGuard Intranet Scanner is worthy of serious consideration when IT managers need to assess vulnerabilities in their network infrastructure.

QualysGuard, which became available last month, combines a $2,995 hardware appliance with a subscription service that analyzes data collected from any device with an IP address. The cost of an annual subscription that allows an unlimited number of scans varies widely: 64 IP addresses are priced at $19,995 ($312 per address), whereas 256 addresses cost $44,995 ($176 per address).

In eWeek Labs test network, every one of our Novell Inc. NetWare, Microsoft Corp. and Sun Microsystems Inc. servers had a range of problems that QualysGuard picked up during its first sweep. Interestingly, when we took our network down over the weekend so that none of the exposures would result in a compromise of our test network, QualysGuard reported problems were "fixed." QualysGuard made this determination based on a comparison of a report that showed a vulnerability one day and the absence of that vulnerability the next.

Even with this slight confusion, QualysGuard quickly mapped the network and pointed out a large number of vulnerabilities in a neat report that also graded the problems on a scale from 1 (low impact) to 5 (urgent). This version enabled us to create reports tailored to show only vulnerabilities in specific devices.

For example, we created a report that included our NetWare file servers so that they were separated from the Sun and Microsoft servers that were also running in the testbed. QualysGuard identified 29 vulnerabilities, which was not surprising because we had not applied any fixes to the NetWare 5.1 system.

As we applied security fixes, vulnerabilities (such as Novell management portal accessibility) were closed and reported fixed by QualysGuard.

In this version, report data is normalized to the Common Vulnerabilities and Exposures list of standardized names (see www.cve.mitre.org for more information). Security administrators who are already using this popular site to categorize vulnerabilities and security exposures can easily fit QualysGuard scans into their workflow. Where possible, QualysGuard reports link to reliable documentation about vulnerabilities, so IT managers can take steps to evaluate and fix these problems.

The vulnerability assessment field is crowded with competitors. Among them are Internet Security Systems Inc.s Internet Scanner and the open-source Nessus, from The Nessus Project. The biggest difference is that QualysGuard analyzes data off-site and makes reports available to administrators via a Web interface.

The QualysGuard system generates strong passwords and sends them via an encrypted e-mail to the IT administrator. No one at Qualys can access the password files, and all vulnerability data is stored in an encrypted database. We believe Qualys has taken the necessary steps to protect data, but IT managers should make this line of questioning a part of their presales check of the company.

Senior Analyst Cameron Sturdevant can be contacted at cameron_sturdevant@ziffdavis.com.

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel