QualysGuard Enterprise (2007)

Vulnerability management

Gold Award:

QualysGuard Enterprise (2007)

QualysGuard Enterprise (2007)

Readers applauded vulnerability management gold medal winner QualysGuard Enterprise's ability to identify vulnerabilities quickly and accurately.

QualysGuard--which identifies potential network exploits and audits networks for compliance--also received high marks for being easy to install, configure and administer. Respondents praised QualysGuard Enterprise for the breadth of applications and devices with which it works; vendor service and support; and ROI, which most respondents rated "excellent" or "good."

Survey respondents weren't as effusive about QualysGuard's ability to integrate with threat management systems, with many rating that feature "good" or "fair."

QualysGuard Enterprise 5.0, which was announced in February at RSA Conference 2007 and went into general release last month, boasts a revamped GUI; accelerated scanning through parallelization of scanner appliances; enhanced reporting features; and the ability to track scanning usage by business unit, according to company officials.

The new release "enables us to do things better and faster by utilizing an AJAX framework," says Amer Deeba, chief marketing officer at Qualys. He says the AJAX (Asynchronous JavaScript and XML) technology enables Web pages to be more responsive by exchanging small amounts of data with back-end servers, so that an entire Web page does not have to be reloaded each time a user makes a change. The technology is said to increase the speed with which the page renders, as well as its interactivity and usability.

CISOs inundated with information about the array of threats and potential threats want a product that can pare down the onslaught, Deeba says. "The new release filters out that overload of data and narrows it down to what is most important based on your role within the organization," he says. Rather than Qualys indicating "12 million problems, you only see what is relevant to you, based on your privileges."

While noting that Qualys management has been "thinking a lot" about the juncture between scanning for weaknesses and remediating them, Deeba says the company prefers "to remain a third-party auditor, where we can come in and audit you and give you full configuration and vulnerability information."

Qualys' other offerings include a product designed to measure PCI compliance, one aimed at security consultants, and several others.

View all Vulnerability management