This sounds just like the FusionVM product from CriticalWatch.
http://www.criticalwatch.com/solutions.html
You install their box, which VPNs home. You schedule the assessments
and read the output through their portal.
The reporting is very flexible, it is via a web application, so you
can give a manager an account so he can view just the results for his
machines, etc.
It is also tied in to a ticketing system you can use for remediating the issues.
marc bayerkohler
---------- Forwarded message ----------
Date: Tue, 23 Aug 2005 10:49:26 +0530
From: prasanna.mukundan@wipro.com
To: pen-test@securityfocus.com
Subject: QualysGuard - VA/PT appliance
http://www.qualys.com/products/qgcons/
We have are evaluating an appliance by Qualys, called QualysGuard that
purportedly "enables security auditors to scope and perform detailed
vulnerability assessments anytime, anywhere, using nothing more than a
Web browser."
Has anyone used this appliance? If so could you give me your feedback on
the product?
From what I have seen of it in a couple of days, it seems to initiate a
scan(for s/w vulnerabilities) from the intranet of a network, but sends
the data to the internet/qualys server (and accessed via qualys'
website), which imo while have the regulators and auditors screaming. I
would appreciate if anyone could confirm/correct that.
Thanks,
Prasanna
Confidentiality Notice
The information contained in this electronic message and any
attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential
or privileged information. If
you are not the intended recipient, please notify the sender at Wipro
or Mailadmin@wipro.com immediately
and destroy all copies of this message and any attachments.
