Prasanna,
I have used this for one of our assessments. Makes your life so much
easier for initial scanning for vulnerabilities. We did have some
false alarms, but over all the client was very satisfied by the
reports.
It is true that they store the reports on their servers. The appliance
has to be connected to the same network for which the assessment is
being done. The appliance has an SSL connection to their huge storage
with several layers of security. Outbound 443 is open on any network.
Also, you can connect to your qualys appliance from any where. You
basically login to their servers which has the SSL connection already
established to your appliance. They claim that the data is not
accessible by any one except us what so ever. There is a pretty good
explanation on their website showing the entire process. But if you
guys have problem storing the data on their servers, I would think
again. It is the convenience, user management and accuracy that makes
Qualys more attractive solution than others.
Hope this helps.
On 8/23/05, marc bayerkohler <lists.marc@gmail.com> wrote:
This sounds just like the FusionVM product from CriticalWatch.
http://www.criticalwatch.com/solutions.html
You install their box, which VPNs home. You schedule the assessments
and read the output through their portal.
The reporting is very flexible, it is via a web application, so you
can give a manager an account so he can view just the results for his
machines, etc.
It is also tied in to a ticketing system you can use for remediating the
issues.
marc bayerkohler
---------- Forwarded message ----------
Date: Tue, 23 Aug 2005 10:49:26 +0530
From: prasanna.mukundan@wipro.com
To: pen-test@securityfocus.com
Subject: QualysGuard - VA/PT appliance
http://www.qualys.com/products/qgcons/
We have are evaluating an appliance by Qualys, called QualysGuard that
purportedly "enables security auditors to scope and perform detailed
vulnerability assessments anytime, anywhere, using nothing more than a
Web browser."
Has anyone used this appliance? If so could you give me your feedback on
the product?
From what I have seen of it in a couple of days, it seems to initiate a
scan(for s/w vulnerabilities) from the intranet of a network, but sends
the data to the internet/qualys server (and accessed via qualys'
website), which imo while have the regulators and auditors screaming. I
would appreciate if anyone could confirm/correct that.
Thanks,
Prasanna
Confidentiality Notice
The information contained in this electronic message and any
attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential
or privileged information. If
you are not the intended recipient, please notify the sender at Wipro
or Mailadmin@wipro.com immediately
and destroy all copies of this message and any attachments.
