This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."
Download it now to read this article plus other related content.
QualysGuard Security and Compliance Suite|
| Enterprise Edition, $25,000/ year; Express Edition, $2,500
"The product approach requires individual purchases of the license at each location, purchasing a platform to load licenses on and administration of that platform, then the care and feeding of it," says Victor Hsiang, director of TransUnion's information security architecture group. "With the service approach, from a corporate perspective, we can pick up the cost of Qualys and absorb the business units into the whole process."
He says certifications that would have taken days take minutes.
Qualys, known for its vulnerability management service, is building a more comprehensive security suite, starting with the recently announced Policy Compliance 1.0 module, which allows automated scans and reporting mapped to numerous security frameworks. Qualys will add a Customizable Audit Service, NAC Service for Unmanaged Devices and Web Application Scanning Manager in Q4.
Hsiang will beta test the Policy Compliance module at TransUnion, and expects it to integrate with his group's program of using the vulnerability management service and a central database to certify systems through a cycle of vulnerability scanning, ticketing and remediation.
"We won't have to reinvent the wheel; the compliance module fits into the architecture we've developed for tracking and fixing vulnerabilities," says Hsiang.
This was first published in June 2008