Qualys sets up compliance guards

Qualys has built new policy compliance features into its vulnerability management system that will allow security administrators to tie together their vulnerability scanning management and security auditing practices, so as to be seen to be meeting regulatory demands.

The system will run security controls and audit networks to determine security or regulatory compliance and will drive reports for Sarbanes-Oxley, HIPAA and GLBA. It comes with a software development kit for compiling other compliance reports.

It will produce a variety of standard or custom-built compliance reports at the push of a button, said Gerhard Eschelbeck, CTO of the vulnerability-management vendor. We have extended the use of XML-based APIs to allow the creation of compliance reports, but the system can also draw on an application library of 15 samples. The latest version of QualysGuard is also SDP-compliant and endorsed by MasterCard.

By June 30, 2005, the credit card operator MasterCard will insist that all online merchants processing transactions totaling $125,000 a month comply with its Site Data Protection, SDP, program, a process that ensures web merchants are protecting themselves against hacker intrusions.

The SDP-compliant version of QualysGuard is intended to help online merchants evaluate the security of their web sites that store MasterCard account data. SDP’s components help identify and alert merchants of web site weaknesses, vulnerabilities, and security gaps. Once identified, SDP’s tools help merchants take appropriate correction action before hackers exploit their sites. Part of compliance testing involves a rigorous evaluation cycle controlled and managed by MasterCard that spans a wide range of web servers, firewalls and operating systems.

In addition to new compliance capabilities, QualysGuard 4.0 includes a new executive dashboard to simplify security management. The security executive dashboard provides a view of the entire network on a single screen that lets administrators first identify and then dig into network sore spots, said Eschelbeck. Version 4 also takes in a free-form custom query tool that lets administrators search the database on vulnerabilities, ahead of launching a scan against a vulnerability.

Subscriptions to the Enterprise version of QualysGuard start at $17,000 for new customers. It is priced according to the number of devices scanned irrespective of the number of scans carried out.

Qualys claims to have more than 1,600 subscribers to QualysGuard, which is sold as an on-demand automated managed service.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing