Qualys offers versions of its vulnerability services to enterprises, small and medium-sized businesses, security consultants, and managed service providers like IBM. That MSP version allows partner companies to offer QualysGuard hosted scanning from their own web sites. Watchguard Technologies Inc, the low-end firewall appliance vendor, was one of the first to use this service.
QualysGuard automates the process of identifying and fixing network security vulnerabilities. The system is a combination of a hosted web service and behind-the-firewall appliances. It scans devices for 3,000 security holes and configuration errors that could be exploited by attackers.
IBM wraps its managed security services around the security management, hardware, software and applications needed to shield a 24×7 hosting environment from attack. It will install, configure and manage firewall devices in a company’s own data center, or can connect into a virtual service architecture, capable of dispensing firewall capacity on demand. In the same way, Qualys will work with IBM to deliver on-demand vulnerability management services to IBM’s managed security services customers.
IBM clients can also opt to share an IBM-provided redundant firewall configuration, various virus alert services, host intrusion, and network intrusion services with other IBM customers.
Like Symantec, IBM has the ability to offer customers a software-based security, as well as a wide range of on-site and off-site managed security services. IBM Global Services prefers to remain neutral, pushing products that compete directly with its software division, according to the customer’s needs.
That said, IBM Global Services has already set up an alliance with VeriSign Inc for the delivery of managed PKI services, and unveiled a plan to work together to promote security standards for web services, including XKMS (XML Key Management Specification) and SAML (Security Assertion Markup Language). IBM said it plans to embed XKMS and use the SAML within its Tivoli Policy Director security management offering. IBM Global Services also offers MessageLabs Inc’s technology as part of its managed email security service. That service is designed to filter emails for viruses, spam, and inappropriate content.
Qualys vulnerability data integrates well with the new wave of security information management systems from four of the leading vendors in that space.
The company has said it has inked different deals with ArcSight, GuardedNet, netForensics and Network Intelligence, all of which offer administrators ways to view security event data aggregated from the output of multiple network devices and tools. The integrations will allow users of these SIM systems to review attack data alongside their vulnerability profiles as provided by Qualys’ scans, giving them a better chance of making an accurate risk analysis before taking action.
