Cookie Settings
Operationally Necessary Cookies
Analytics Cookies
Advertising Cookies
GLOSSARY
The Qualys vulnerability scanner is an advanced cybersecurity tool used to identify and quantify software security vulnerabilities. The Qualys vulnerability scanner is sold commercially around the world, and Qualys helps users prioritize these vulnerabilities, triage them, and then remediate them before they are exploited by threat actors.
Qualys is also used to scan for vulnerabilities in deployed web applications. The Qualys Web Application Scanner (QWAS) is used to target web application vulnerabilities. QWAS may target based upon the use of the Open Web Application Security Project Top 10 list. The OWASP Top 10 list categorizes and prioritizes the most dangerous risks faced by web applications. The Qualys Web Application Scanner finds these vulnerabilities, including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF) and URL redirection.
Qualys VM is a cloud-based service that provides visibility into where IT systems might be vulnerable to threats. Qualys VM provides continuous vulnerability management and supports compliance. Qualys VM helps to continuously identify threats and monitor changes in your network that could become data breaches.
Key Features and Functions
Qualys VM supports discovery of even forgotten devices and helps your internal teams better organize host assets. Qualys VM discovery helps your team determine what is actually running in the different parts of the network. This can include hybrid environments from your perimeter and corporate network to Amazon EC2 cloud services.
Agent-based architecture.
Qualys VM also supports Qualys Cloud Agents, which extends network coverage to assets that can’t be easily scanned. The agents reside on the assets they monitor. Nothing else is required. Vulnerabilities are found faster, and generally with minimal network impact.
Expansive visibility.
Qualys VM continuously scans and identifies vulnerabilities with very high accuracy. This provides important protection for IT assets on premises, in the cloud and in mobile devices. The Qualys VM dashboard displays an overview of security posture and more. Qualys VM generates custom, role-based reports for multiple stakeholders. This can include the automated production of important security documentation for compliance auditors
Hybrid vulnerability management.
In the wake of the digital transformation, Qualys VM brings vulnerability management for hybrid IT environments that include on-premise, cloud, and mobile deployments.
Broad scanning capabilities and flexibility.
Systems can be scanned from one console. Targets may include your perimeter, your internal network, and cloud environments. Qualys VM separates scanning activity from reporting. You can create custom reports that segment data by the intended viewer audience. This includes:
Risk triage.
Qualys VM helps identify the highest business risks using trend analysis, Zero-Day and Patch impact predictions. Other capabilities include:
Remediate vulnerabilities.
Custom reporting.
Custom reporting can generally be done anytime without re-scanning. Qualys VM uses a library of built-in reports. You can change what’s shown or choose different sets of assets without having to re-scan. Reports can be generated on demand or scheduled automatically and then shared with the appropriate recipients online and in a variety of formats. Other capabilities include:
Other Qualys VM features.
Visibility.
Qualys VM provides full clarity into data center assets, identifies their vulnerabilities, prioritizes remediation and assesses IT compliance. On-premises, at endpoints or in the cloud, the Qualys Cloud Platform sensors are always on which provides continuous 2-second visibility of all your IT assets. Remotely deployable, centrally managed and self-updating, the sensors come as physical or virtual appliances, or lightweight agents.
Continuous protection.
Qualys VM continuously monitors your environment, and flags traffic anomalies and compromise indicators. Qualys Cloud Platform provides an end-to-end solution, minimizing the cost and complexities that come with managing multiple security vendors. The Qualys Cloud Platform also automatically gathers and analyzes security and compliance data in a scalable, state-of-the-art backend, and provisioning additional cloud apps.
Prioritize result management.
Qualys VM features a flexible and highly functional data analysis, correlation, and reporting engine. The Qualys Cloud Platform is accessible directly in the browser and does not require the use of plugins. This includes a single-pane-of-glass user interface for all applications and lets the organization customize dashboards, drill down into critical details, and generate necessary reports for teammates and auditors.
Low total cost of ownership (TCO).
No capital expenditures, extra human resources or infrastructure or software is required to deploy and manage Qualys VM.
Alert-driven response to threats.
Qualys’ Cloud Agent technology and Qualys Continuous Monitoring service lets teams proactively address potential threats whenever new vulnerabilities appear, and then Qualys generates real-time alerts on a timely basis.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.