View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 17, 2005

Qualys sets up compliance guards

Qualys has built new policy compliance features into its vulnerability management system that will allow security administrators to tie together their vulnerability scanning management and security auditing practices, so as to be seen to be meeting regulatory demands.

By CBR Staff Writer

The system will run security controls and audit networks to determine security or regulatory compliance and will drive reports for Sarbanes-Oxley, HIPAA and GLBA. It comes with a software development kit for compiling other compliance reports.

It will produce a variety of standard or custom-built compliance reports at the push of a button, said Gerhard Eschelbeck, CTO of the vulnerability-management vendor. We have extended the use of XML-based APIs to allow the creation of compliance reports, but the system can also draw on an application library of 15 samples. The latest version of QualysGuard is also SDP-compliant and endorsed by MasterCard.

By June 30, 2005, the credit card operator MasterCard will insist that all online merchants processing transactions totaling $125,000 a month comply with its Site Data Protection, SDP, program, a process that ensures web merchants are protecting themselves against hacker intrusions.

The SDP-compliant version of QualysGuard is intended to help online merchants evaluate the security of their web sites that store MasterCard account data. SDP’s components help identify and alert merchants of web site weaknesses, vulnerabilities, and security gaps. Once identified, SDP’s tools help merchants take appropriate correction action before hackers exploit their sites. Part of compliance testing involves a rigorous evaluation cycle controlled and managed by MasterCard that spans a wide range of web servers, firewalls and operating systems.

In addition to new compliance capabilities, QualysGuard 4.0 includes a new executive dashboard to simplify security management. The security executive dashboard provides a view of the entire network on a single screen that lets administrators first identify and then dig into network sore spots, said Eschelbeck. Version 4 also takes in a free-form custom query tool that lets administrators search the database on vulnerabilities, ahead of launching a scan against a vulnerability.

Subscriptions to the Enterprise version of QualysGuard start at $17,000 for new customers. It is priced according to the number of devices scanned irrespective of the number of scans carried out.

Qualys claims to have more than 1,600 subscribers to QualysGuard, which is sold as an on-demand automated managed service.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.