Qualysguard Enterprise

By Cameron Sturdevant  |  Posted 2003-07-14 Print this article Print

Qualysguard Enterprise

Qualysguard Enterprise gained Analysts Choice recognition for its ability to regularly identify the most important vulnerabilities across the widest range of operating systems, applications and infrastructure devices of any of the products we tested. The service costs $19,995 for 64 devices.

QualysGuard Enterprise
Qualys QualysGuard Enterprise service consistently uncovers problems across a wide range of operating systems and applications. The service uses a no-brainer appliance to scan systems behind the firewall and report weaknesses back to a console that users can securely access via the Web. The service is priced at $19,995 for 64 devices.
  • PRO: Fresh threat profiles; accurate reports across a wide range of operating systems, applications and infrastructure devices.

  • CON: Failed to discern all Windows operating systems; costs more than the other products tested.

    Foundstones Foundstone Enterprise Symantecs Symantec Vulnerability Assessment
    During tests, it correctly identified our Solaris server, which was running on a SunFire 280R box, our NetWare 5.0 server and various Red Hat Linux versions running on our MPC LLC (formerly MicronPC) Millennia hardware. The product was a bit sketchy, however, in its coverage of Windows, lumping all our Windows 2000 Server, Windows Server 2003 and Windows XP systems into the same category on its network maps.

    More important, QualysGuard Enterprise correctly profiled the systems and provided us with accurate reports that provided explanations of the problems and suggestions for making fixes.

    The biggest hurdle most IT managers will face when using QualysGuard Enterprise is trust. Unlike the other products in our roundup, QualysGuard is provided only as a service. QualysGuard Enterprise requires that a small appliance be installed on the network, but all the report processing and mapping happens at Qualys. (ISS and Foundstone Inc. also provide service offerings.)

    However, because QualysGuard Enterprise is a service, we never had to worry about keeping our vulnerability definitions up-to-date.

    During tests, eWEEK Labs was impressed with the freshness of Qualys vulnerability watch list. New vulnerabilities were clearly explained, and we appreciated the fact that, in most cases, Qualys went beyond simply republishing the manufacturers usually terse break/fix notes. This was a big difference between QualysGuard Enterprise and the other products tested.

    IT managers who are evaluating vulnerability assessment tools should ask for samples of recent threat updates to judge the tools usefulness. For example, while all the products in our test identified systems that were susceptible to the SQL Slammer worm, only QualysGuard Enterprise flagged the problem with a clear, attention-getting flag. This seemingly simple function could be the difference between busy IT staffers fixing the most vulnerable systems and not.

    As this issue was going to press, Qualys announced a new remediation service. There is a good argument that vulnerability assessment without remediation is a job half-done. While we agree with the sentiment, our recent work with patch management systems indicates that trying to cobble together both kinds of products would result in a complex, probably unmanageable system.

    We recommend IT managers separate assessment and remediation functions. Qualys currently partners with Citadel Security Software Inc.s Hercules remediation tool, as does STAT. For now, we think this is the best way to get the job done.

    Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ ziffdavis.com.

    Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel