OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: QualysGuard - VA/PT appliance

From: Norman Girard (norman.girardgmail.com)
Date: Wed Aug 24 2005 - 01:48:22 CDT


That's actually true.

The intranet appliance sits on your internal network and perform
vulnerability assessment. All the data are centralized and store in
the Qualys SOC.

I know that many security people have a kind of emotional issue with
the ASP model but the Qualys SOC is more secure than any local DB.
Data are stored encrypted and are decrypted on the fly with a secret
key stored as an environment variable. This secret key is also
decrypted with your login credentials when opening your session.
Nobody, even the Qualys DB admin, can see your results at all.

This model is great for scalability, information update and data
centralization.

I worked for the company for few years during the past and they are
definitely the leader in that space.

On 8/23/05, David Dischler <david.dischlergmail.com> wrote:
> I worked for a Network Security Assessment company in the past (sales)
> and encountered many customers who used QualysGuard. To be honest, most
> were not pleased with not only the quality for the price, but some of
> the "Handcuffs" they encountered based on functionality. I would
> recommend looking into TraceSecurity's product TraceAssess. They can be
> reached at http://tracesecurity.com/products/trace-assess.php. The
> software package they offer works the same way in that it is web-based,
> but it allows for On-Demand and/or Scheduled Internal/External VA's and
> has a Patch add-on (also web-based) for quick reference to patch
> links/information. It runs on simple requirements (hardware speaking)
> and very simple setup. It has been a while since I worked there, but
> when I did, the prices were pretty competitive.
>
> P.S. In case you are wondering, I have moved from the Dark Side (sales)
> and now have my own IT business, so this is a suggestion made with some
> technical background ;)
>
> David
>
> Gonenc, Ozan wrote:
>
> >I've recently been in touch with Qualys.
> >
> >What you state is correct for the contractor's license. The actual scan engine is located at Qualys. Even if you are conducting testing from an internal network. The appliance simply serves as a proxy for the Qualys remote engine.
> >
> >Cheers,
> >
> >Ozan
> >
> >______________________________
> >Ozan Gonenc, B.Sc, ITIL, GCIH
> >Senior IT Security Consultant
> >AEPOS Technologies Corporation
> >200-200 Rue Montcalm
> >Gatineau, Quebec J8Y 3B5
> >(819) 772-8522 (W)
> >(819) 772-0449 (F)
> >http://www.aepos.com
> >
> >
> >
> >
> >-----Original Message-----
> >From: prasanna.mukundanwipro.com [mailto:prasanna.mukundanwipro.com]
> >Sent: August 23, 2005 01:19
> >To: pen-testsecurityfocus.com
> >Subject: QualysGuard - VA/PT appliance
> >
> >
> >
> >http://www.qualys.com/products/qgcons/
> >
> >We have are evaluating an appliance by Qualys, called QualysGuard that
> >purportedly "enables security auditors to scope and perform detailed
> >vulnerability assessments anytime, anywhere, using nothing more than a
> >Web browser."
> >
> >
> >Has anyone used this appliance? If so could you give me your feedback on
> >the product?
> >
> >>From what I have seen of it in a couple of days, it seems to initiate a
> >scan(for s/w vulnerabilities) from the intranet of a network, but sends
> >the data to the internet/qualys server (and accessed via qualys'
> >website), which imo while have the regulators and auditors screaming. I
> >would appreciate if anyone could confirm/correct that.
> >
> >
> >Thanks,
> >Prasanna
> >
> >
> >
> >
> >
> >
> >Confidentiality Notice
> >
> >
> >The information contained in this electronic message and any attachments to this message are intended
> >for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
> >you are not the intended recipient, please notify the sender at Wipro or Mailadminwipro.com immediately
> >and destroy all copies of this message and any attachments.
> >
> >
> >
>