FORGOT YOUR DETAILS?

Qualys

Qualys, Inc. is a provider of cloud security, compliance and related services for small and medium-sized businesses and large corporations based in Redwood Shores, California. Founded in 1999, Qualys was the first company to deliver vulnerability management solutions as applications through the web using a "software as a service" (SaaS) model, and as of 2013 Gartner Group for the fifth time gave Qualys a "Strong Positive" rating for these services. It has added cloud-based compliance and web application security offerings. Qualys has over 7,700 customers in more than 100 countries, including a majority of the Forbes Global 100.

E-SPIN and Qualys

E-SPIN have actively in promoting Qualys full range of products and technologies as part of the company Vulnerability Management, Penetration Testing and Security Management. E-SPIN is active in provide consulting, supply, training and maintaining Qualys products for the enterprise, government and military customers (or distribute and resell as part of the complete package) on the region E-SPIN do businesses. The enterprise range from corporate, universities, government agencies to IT service providers on data center, security management, security operation center (SOC), vulnerability management, vulnerability assessment center (VAC) and enterprise information security management / operations.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

The Qualys Cloud Platform

The Qualys Cloud Platform consists of  suite of IT security and compliance solutions that leverage shared and extensible core services and a highly scalable multi-tenant cloud infrastructure.

Built on top of Qualys' Infrastructure and Core Services, the Qualys Cloud Suite incorporates the following applications, all of which are delivered via the cloud; there is no new software to deploy or infrastructure to maintain. Each application leverages the same scan data.

Continuous Monitoring

  • Delivers immediate alerts whenever threats or unexpected changes are found in an organization's Internet perimeter – before they turn into breaches.

Vulnerability Management

  • Discovers all devices and applications across the network, at the same time identifying and mitigating the vulnerabilities that make network attacks possible.

Policy Compliance

  • Helps organizations pass security audits and document compliance tied to corporate security policies, laws, and industry regulations, supporting the requirements of both internal and external auditors.

Security Assessment Questionnaire

  • Expands the scope of risk and compliance data beyond technical vulnerabilities to verify that third-party vendors are in compliance with emerging regulatory requirements.

PCI Compliance

  • Provides small and medium-sized businesses with enterprise-level scanning and reporting that's easy to implement and maintain, and enabling large corporations to meet PCI compliance requirements for data protection on a global scale.

Web Application Scanning

  • Provides automated crawling and testing for custom web applications to identify vulnerabilities including for cross-site scripting and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure large numbers of websites.

Web Application Firewall

  • Protects websites against attacks on server vulnerabilities and web app defects. Brings Cloud scalability and simplicity that make it possible to strongly secure web apps against Cross-Site Scripting (XSS), SQL injection, corrupted requests and other attacks in less than 30 minutes.

Malware Detection

  • Proactively scans websites of any size, anywhere in the world, for malware infections and other threats, sending alerts to website owners. Enables businesses to scan and manage a large number of sites, preventing website black listing and brand reputation damage.

SECURE Seal

  • Enables online businesses of all sizes to scan their websites for the presence of malware, network and application vulnerabilities, as well as SSL certificate validation. Merchants can display the Qualys SECURE seal on their website, demonstrating to visitors that the company is committed to security.

Qualys Core Services enable integrated workflows, management and real-time analysis and reporting across all of our IT security and compliance solutions.

Asset Tagging and Management

  • Enables customers to easily identify, categorize and manage large numbers of assets in highly dynamic IT environments and automates the process of inventory management and hierarchical organization of IT assets.

Reporting and Dashboards

  • A highly configurable reporting engine that provides customers with reports and dashboards based on their roles and access privileges.

Questionnaires and Collaboration

  • A configurable workflow engine that enables customers to easily build questionnaires and capture existing business processes and workflows to evaluate controls and gather evidence to validate and document compliance.

Remediation and Workflow

  • An integrated workflow engine that allows customers to automatically generate helpdesk tickets for remediation and to manage compliance exceptions based on customer-defined policies, enabling subsequent review, commentary, tracking and escalation. This engine automatically distributes remediation tasks to IT administrators upon scan completion, tracks remediation progress and closes open tickets once patches are applied and remediation is verified in subsequent scans.

Big Data Correlation and Analytics Engine

  • Provides capabilities for indexing, searching and correlating large amounts of security and compliance data with other security incidents and third-party security intelligence data. Embedded workflows enable customers to quickly assess risk and access information for remediation, incident analysis and forensic investigations.

Alerts and Notifications

  • Creates email notifications to alert customers of new vulnerabilities, malware infections, scan completion, open trouble tickets and system updates.

Qualys infrastructure layer, which we refer to a sour Infrastructure, includes the data, data processing capabilities, software and hardware infrastructure and infrastructure management capabilities that provide the foundation for our cloud platform and allow us to automatically scale our Infrastructure and Core Services to scan millions of IPs.

Scalable Capacity
We have designed a modular and scalable infrastructure that leverages virtualization and cloud technologies. This allows our operations team to dynamically allocate additional capacity on-demand across our entire Qualys Cloud Platform to address the growth and scalability of our solutions.

Big Data Indexing and Storage 

Built on top of our secure data storage model, this engine indexes petabytes of data and uses this information in real-time to execute tags or rules to dynamically update IT assets' properties, which are used in various workflows for scanning, reporting and remediation.

Qualys Knowledgeable

Qualys relies on our comprehensive repository, which we refer to as our KnowledgeBase, of known vulnerabilities and compliance controls for a wide range of devices, technologies and applications that powers our security and compliance scanning technology. We update our KnowledgeBase daily with signatures for new vulnerabilities, control checks, validated fixes and improvements.

Managed Sensors 

As a core service of our cloud platform, Qualys sensors make it easy to extend security through your globally distributed environment. These sensors, which can be in the form of appliances or lightweight agents, are remotely deployable, centrally managed and self updating. To scan externally facing systems and web applications, we host and operate a large number of globally distributed physical scanner appliances. To scan internal IT assets, customers can also deploy our scanners, which are available on a subscription basis as physical appliances or downloadable virtual images, within their internal networks. Qualys Cloud Agents can be installed anywhere — including any host such as a laptop, desktop, server or virtual machine. Qualys Cloud Agents extract and consolidate vulnerability and compliance data and update it continuously within the Qualys Cloud Platform for further analysis and correlation, thus providing a continuous view of the security compliance posture of the global network. Our cloud agents and scanner appliances self-update daily in a transparent manner using our automated and proprietary scan management technology. These sensors allow us to scale our cloud platform to continuously scan networked devices and web applications across organizations' networks around the world.

Qualys Sensors, a core service of the Qualys Cloud Platform, make it easy to extend your security throughout your global enterprise. These sensors, which can be in the form of appliances or lightweight agents, are remotely deployable, centrally managed and self updating. They collect the data and automatically beam it up to the Qualys Cloud Platform,

which has the computing power to continuously analyze and correlate the information in order to help you identify threats and eliminate vulnerabilities

PERIMETER SCANNING

Qualys Internet Scanners

Qualys Internet Scanners provide fast and efficient external scanning. Qualys hosts a collection of Internet Scanners optimized to scan publicly facing devices globally via the Internet. In this manner, Qulays scans and processes security audits in parallel for optimum speed of operations. The inference-based scanning engine employs an un-trusted approach for greater accuracy nd scalability, delivering both accurate results and scalable performance.

PERIMETER & INTERNAL SCANNING

Qualys Cloud Agents

Qualys Cloud Agents provide an entirely new security asessment platform that can scale to handle millions of devices. These lightweight agents (3MB) can be installed anywhere- including any host such as a laptop, desktop, server or virtual machine. Qualys Cloud Agents extract and consolidate vulnerability and compliance data and update it continuously within the Qualys Cloud Platform for further analysis and correlation, thus providing a continuous view of the security compliance posture of the global network

INTERNAL SCANNING

Qualys Scanner Appliances

Qualys Scanners are appliance versions of the Internet Remote Scanners. Scanners enable customers to bring Qualys assessment capabilities to their internal networks. Installed in minutes and requiring no maintenance by the user, the hardened Linux appliance needs no special firewall configurations to obtain updates and new vulnerability signatures and perform scan jobs, returning results securely over a standard SSL-encrypted channel.

Qualys Virtual Scanner Appliances

Qualys software-based virtual scanner appliances are qualified to run on many of the most common virtualization and cloud platforms including VMware and Amazon EC2. These virtualized scanners supplement the current hardware-based Qualys Scanner Appliances. Like with the hardware-based scanners, customers can manage the virtual scanners from their Qualys accounts via a secure web interface, where all gathered scan data will be available for reporting and remediation. Installed in minutes and requiring no maintenance by the user, scanners needs no special configurations to obtain updates and new vulnerability signatures.

If interested on the product solution, feel free to contact E-SPIN for project and operation requirement.

Qualys Continuous Monitoring

A New Approach to Proactively Protecting Your Global Perimeter

Qualys Continuous Monitoring (CM) is a next-generation cloud service that gives you the ability to identify threats and monitor unexpected changes in your network before thy turn into breaches. The user can track what happens within their internal environments, anywhere in the world. Qualys Continuous Monitoring brings a new approach to vulnerability management and network security, enabling the user to immediately identify and proactively address potential problems

such as:

  • Unexpected Hosts/OSes
  • Expiring SSL Certificates
  • Inadvertently Open Ports
  • Severe Vulnerabilities
  • Undesired Software

Why Qualys Continuous Monitoring? 

Continuous Monitoring enables customers to have the most comprehensive and up-to-date view of their entire organization.

It detects changes in your network that could be exploited and immediately notifies the IT staff responsible for the affected assets so they can take appropriate action.

Cloud Platform

Global Scalability & Manageability powered by the Qualys Cloud Platform

Continuous Monitoring is designed specifically to be efficient and easy to use. It scales from one to a million users, from a single office to a global network.

 


Immediate deployment
No hardware to set up, always up-to-date

Global scalability
Add new perimeter and internal networks anytime, throughout the world

Multiple, unified solutions
One console for CM, VM and more

Centralized management
Apply alerting policies consistency across all your perimeter systems

Integrated Network Security: The Power of VM, made instantly actionable with CM

Qualys Continuous Monitoring (CM) works together with Qualys Vulnerability Management (VM) to provide true proactive network security. From a single console, user can explore hosts and digital certificates, organize assets by business function or technology, and set up automated, targeted alerts-for systems anywhere in the world. Qualys Cloud Platform keeps everything in sync, avoiding the redundancies and gaps that come with trying to glue together disparate, siloed solutions.

Global Monitoring


Hackers-Eye View of your Perimeter-from the Internet
To stop hackers, the user have to see their perimeter the same way they do-directly from the internet.Continuous Monitoring acts as a sentinel in the cloud: constantly watching your network for changes could leave you exposed

Automated Monitoring of your Global Perimeter
Continuous Monitoring efficiently tracks the systems in your global network, whether they are in one location, located in cloud environments, or spread across the globe. It monitors user critical internal IT assets such as desktops, servers, and other devices.

 

Targeted Alerts

Fine-grained control over when to generate an alert

Continuous Monitoring can tailor alerts to a wide variety of conditions so that the user can watch broadly for general changes or zero in on specific circumstances.

Efficient Alerts, directed to responsible IT staff

Continuous Monitoring gives you control over exactly who receives each alert, so that you can directly notify the most appropriate staff in each circumstance. This fress your security teams from the delays and burdens of waiting for scheduled scanning windows and sifting through long reports

Immediate Insights

Visual dashboard shows you the status of your network at a glance

User can immediately see the big picture on their network with Continuous Monitoring's visual dashboard. A quick overview and graphical representation of recent activity helps you spot anomalies, flag important alerts or hide ones you don't want to see. Then, find particular alerts quickly with rich interactive search, and drill into the details with a simple click.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys Malware Detection (MD)

Protect your online customers from malware infections and safeguard your brand

Qualys Malware Detection (MD) allows organizations to proactively scan their websites for malware, providing automated alerts and in-depth reporting to enable prompt identification and resolution. Qualys MD enables organizations to protect their customers from malware infections and safeguard their brand reputations. Qualys MD enables businesses to scan and manage a large number of sites, preventing website black listing and brand reputation damage.

Organizations that use MD will be able to quickly identify and eradicate malware that could infect their website visitors and lead to loss of data and revenue. MD supports regularly scheduled scanning to monitor websites on an ongoing basis, with email alerts to quickly notify organizations when infections are discovered. Malware infection details are provided so that organizations can take quick action to isolate and remove malware. Built on the world’s leading cloud-based security and compliance platform, Qualys MD requires no special hardware and can be set up with a few simple clicks.

Benefits of Qualys Malware Detection 

Quickly identifies and aredicates malware Monitor your websites at any scale with automated scans
Get immediate notification of zero-day malware detection Cloud-based solution is simple to deploy and use because it requires no software to install and no ongoing maintenance

 

Key Features


Scalable,Accurate Scanning
Gives organizations the ability to scan, identify and remove malware infections from their web properties

  • Uses behavioral analysis for zero-day malware detection
  • Keeps pace with constantly evolving attack vectors
  • Supports regularly scheduled scanning for continuous monitoring of websites
  • Email alerts notify first responders when infections are discovered

Unified Dashboard 
Qualys MD dashboard gives users a comprehensive view of scan activity

  • Shows infected pages and malware infection trends
  • Users can initiate remediation actions directly from the dashboard

Interactive Reporting
Supports powerful analysis and secure distribution of scan results

  • Site, scan and summary reports support multiple formats such as PDF and HTML
  • Encrypted PDF support ensures secure and compatible distribution to web property stakeholders
  • Interactive capabilities let users drill down to view the detailed information they need

Centralized management
Qualys MD supports the creation of user-defined roles and scopes

  • Each organization can create the roles they need to support their user base and aassign appropriate permissions to each role
  • Tags are used to scoep what each user can view
  • Roles and permissions control what actions users can take on the information they can view
Tagging  Tagging is a flexible way to categorize assets in Qualys MD

  • Create tags that represent organizational groups (business units), geography (location) or any other useful category
  • Once assigned to a user, the tag can limit the scope of what the user can view- showing only the assets that share the same tag assigned to the user
Integrated with Qualys WAS   Qualys MD is included with Qualys WAS for comprehensive detection of hidden malware

  • Integration is leveraged by other Qualys applications
  • Automates detection of malware
  • Helps developers and QA assess potential vulnerabilities to malware during application development and testing
  • Data from MD can automatically trigger virtual patching and protection by Qualys WAF

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys Secure Seal

Secure Web Sites from Malware, Eliminate Vulnerabilities & Increase Sales

Qualys SECURE Seal is a new service that allows businesses of all sizes to scan their web sites for the presence of malware, network and web application vulnerabilities, as well as SSL certificate validation. Once a web site passes these four comprehensive security scans, the Qualys SECURE Seal service generates a seal for the merchant to display on their web site demonstrating to online customers that the company is maintaining a rigorous and proactive security program.

Leveraging QualysGuard's award winning scanning technology, Qualys SECURE Seal is the only web site security testing service that extends the ability to scan web site(s) for malware, network and web application vulnerabilities, as well as validating the web site's SSL certificate.

Qualys Secure Seal: What it does

Qualys SECURE Seal takes a 4 pronged approach to determine whether a web site is properly secured:

Core Benefits and Features of Qualys SECURE Seal 

  • Comprehensive scan for malware on externally facing web sites
  • Leverage QualysGuard to identify your web application and network vulnerabilities
  • Reporting that contains verified fixes for remediation
  • All results in one place for faster remediation
  • On demand scanning to verify if vulnerabilities have been remediated properly
  • Demonstratessecurity posture to online shoppers
  • Reduction in shopping cart abandonment
  • Safeguard your brand by helping prevent data breaches

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys Web Application Scanning (WAS)

Continuously discover, catalog and scan web apps for vulnerabilities and website misconfigurations

Qualys Web Application Scanning (WAS) is a cloud-based service that provides automated crawling and testing of custom web applications to identify vulnerabilities  including cross-site scripting (XSS)and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure a large number of websites. It proactively scans websites for malware infections, sending alerts to website owners to help prevent black listing and brand reputation damage

Benefits of Qualys Web Application Scanning (WAS) 

Scale, cut costs and get better results with an automated cloud-based solution Detect, identify, assess, track and remediate OWASP Top 10 risks, WASC threats, CWE weaknesses, and web application CVEs
Find hidden malware with included Qualys MD Free training keeps your team on top of best practices for securing web applications
Integrates with software development lifecycle allowing scans at any tie by developers, QA and security teams with full visibility on web app security Directs Qualys Web Application Firewall to virtually patch with blocking rules, providing developers with time for code repair

Key Features


Scale-Global Scalability and Manageability
As part of the award-winning Qualys Cloud Platform, Qualys WAS helps you truly reduce risk by automatically finding the official and "unofficial" applications that may be hiding in your environment

  • Immediate deployment- no hardware to set up, always up to date
  • Global scalability- add more applications anytime, throught the world
  • Multiple, unified solutions-one console for WAS, WAF, VM and more
  • Centralized management-apply policies consistently across applications
  • XML APIs-publish data to other enterprise systems )e.g: SIEM)

Discover
Automated, Dynamic Deep Scanning Quickly get visibility on vulnerabilities in your web applications with the industry leading scanning solution

  • Application discovery and cataloging- find new and unknown web applications in your network
  • Customizable asset tagging- organize your data and reports with your own labels

Assess
Scan Apps Everywhere, Accurately and Efficiently - Scanning covers all applications on your perimeter and internal networks, remote or mobile devices, and in EC2 and Azure elastic cloud environments

  • Scalable, high-accuracy progressive scanning saves time, keeps focus on what matters most
  • Authenticated scanning to automatically log in to test like a real user
  • Supports Selenium to enable complex authentication or workflow sequences for better scan coverage
  • MultiScan, scheduled and ondemand scanning provides scalable scans exactly when you want them
  • Malware detection finds hidden malware before it attacks your users
  • Incorporated penetration testing data keeps web application testing data in one place for integrated analysis

Prioritize
Identify the Highest Business Risks and Take Action Scan and analyze OS and application configurations on each target host

  • Industry standars reporting zeros in on OWASP Top 10 risks
  • Highly customized reporting provides the big picture and drills into the details
  • Unified, interactive dashboard lets you understand the security of your web applications at a glance
Protect Rapidly Harden Web Apps with Integrated WAF Fix violationsand configuration "drift" early-before audits-and manage exceptions centrally

  • Complete web security with QualysWeb Application Firewall integration, which shares scan data with other security systems
  • Extensive APIs integrate scan data into other security systems
Integrate  Leverage all your web application Vulnerability Data - The open architechture of Qualys WAS enhances penetration testing with APIs and SDKs

  • Integrate penetration testing data from Burp Suite with vulnerability scan data from Qualys
  • Integrated data and analysis provides more comprehensive web security assessments

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys Web Application Firewall (WAF)

Scalable, simple, powerful way to continuously stop web attacks and prevent data breaches

Qualys Web Application Firewall (WAF) is a next-generation cloud-based service that brings an unparelleled combination of scalability and simplicity to web application security. Its automated, adaptive approach lets you quickly and more efficiently block attacks on web server vulnerabilities, prevent disclosure of sensitive information, and control where and when your applications are accessed. Built on the world's leading cloud-based security and compliance platform, Qualys WAF complements the global scalability of Qualys Web Application Scanning (WAS). Together, they make identfying and mitigating web application risks seamless-whether you have a dozen apps or thousands. Qualys WAF can be deplyed in minutes, supports SSL/TLS, an ddoesn't require special expertise to use. It delivers a new level of web application security and compliance while freeing you from the substantial cost, resource and deployment issues associated with traditional products


Benefits of Qualys Web Application Firewall (WAF) 

Maintain uptime by complementing network DDoS defenses with protection from HTTP-based attacks Simplify compliance by addressing mandates for web application firewalls such as PCI DSS 6.6
Cut costs of application security by reducing time, effort and cost of securing web applications Prevent breaches by hardening web applications against current and emerging threats
Scales with ease to accommodate hundreds or thousands of web applications

 


Key Features

 


Platform-Global Scalability and Manageability
As a part of the award-winning Qualys Cloud Platform, Qualys WAF helps you instantly deploy security filtering and virtual patches to reinforce your web applications

  • Immediate deployment on multiple virtual or cloud environments
  • Global scalability-ad more applictions anytime, throughout the world
  • Multiple, unified solutions- one console for WAS, WAF, VM and more
  • Centralized management- apply policies consistently accross applications
  • XML APIs - pulish data to other enterprise systems (e.g: SIEM)

Integrated Web App Security- Detect with WAS, Protect with WAF
Qualys WAF works together with Qualys Web Application Security (WAS) to provide true, integrated web application security

  • Single console for detection of web application vulnerabilities with WAS, and rapid protection from attack with WAF
  • Platform keeps everything in sync-avoid redundancies and gaps that come with trying to glue together separate, siloed solutions

Fast Cloud Deployment-for Public or Private Cloud Applications
Get benefits of the cloud for web application security.

  • No special hardware to buy or maintain.
  • Deploy virtual machine images of Qualys WAF appliances alongside web applications.
  • Works in public or private cloud environments, including Amazon EC2 and VMware vCenter.
  • Scales seamlessly for adding new applications quickly and transparently.
  • Application traffic stays in your environment to minimize latency and allow retention of control

Protection
Virtual Patching and Event Response Create “virtual patch” rules to address Qualys WAS findings,enable rapid resolution of false positives, and customize security rules for your environment.

  • Easy-to-use, adaptive security policies are always up to date.
  • Customizable protection against current and future threats.
  • Protection against clickjacking, cross-site scripting (XSS), and other browser-based attacks.
  • Blocking access from prohibited networks.
  • Preventing transmission of sensitive content or files.
Information Provide your security team with continuous application security monitoring for accurate insight into risks affecting your web applications, and a clear path to remediating those vulnerabilities before a breach occurs.

  • Visual dashboard shows status at a glance. It summarizes events that occurred, when they occurred, and where they came from, to help teams spot unusual patterns.
  • Interactive insights into potential threats. A variety of attributes helps you assess severity and search for unusual activity.
  • Detailed understanding of each threat. Investigate suspicious activity by drilling into your data and the Qualys KnowledgeBase for actionable insight.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

 

Qualys Vulnerability Management (VM)

Continuously detect and protect against attacks whenever and wherever they appear

Qualys Vulnerability Management (VM) is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches. Built on the world’s leading cloud-based security and compliance platform, Qualys VM frees you from the substantial cost, resource and deployment issues associated with traditional software products. Known for its fast deployment, unparalleled accuracy and scalability, as well as its rich integration with other enterprise systems, Qualys VM is relied upon by thousands of organizations throughout the world.

Benefits of Qualys Vulnerability Management 

Accurate, prioritized results Scalable solution for comprehensive security coverage of all networks and devices
Continuous monitoring improves vicibility & remediation of vulnerabilities to reduce your organization's risk posture Lowers cost of ensuring security & compliance
Low impact on IT staff for deployment, management and use for scanning & remediation

Capabilities:

Qualys VM is the industry’s most advanced, scalable and extensible solution for continuous vulnerability management and compliance. Its capabilities are powered by the Qualys Cloud Platform.

  • Scales up globally on demand and is deployed from a public or private cloud fully managed by Qualys.
  • Continuously scans, accurately identifies vulnerabilities, prioritizes them and helps you protect IT assets on premise, remote or mobile, or in EC2 and Azure elastic cloud environments.
  • Executive Dashboard provides a summary of overall security posture and instant access to details about remediation.
  • As a cloud-based solution, Qualys VM is always up to date.
  • Integrates with other systems via Qualys APIs.
  • End-to-end encryption and strong role-based access controls keep your security data private.
  • Centrally manages user logins with SAML-based enterprise Single Sign On.
  • Comprehensive, flexible reporting provides rolebased visibility on security – including automatic security documentation for compliance auditors.

Key Features


Discover
Qualys VM uncovers new or forgotten devices and uses dynamic tagging to organize your host assets by role to the business.

  • Accurate, prioritized results.
  • Visually maps every device and application on the network.
  • Details each device by OS, ports, services and certificates.
  • Continuously monitors everything to keep you in control of security

Assess
Qualys VM accurately and efficiently scans for vulnerabilities everywhere.

  • Scanning provides accurate, prioritized results.
  • Includes devices and applications on perimeter and internal networks, and elastic cloud networks.
  • Scanning is on demand or scheduled – even continuously to keep abreast of the latest threats

Prioritize
Identify the highest business risks using trend analysis, zero-day and patch impact predictions. Our KnowledgeBase puts critical issues into context. Qualys VM helps you spot trends, see what’s changed and accurately predict which hosts are at risk – even for zero-day attacks.

Remediate
Monitors vulnerabilities and their remediation process. Qualys VM keeps track of everything so your team can work efficiently and stay in control.

  • Automatically assigns remediation tickets and manages exceptions.
  • Provides lists of patches by priority for each host and manages exceptions.
  • Integrates with existing IT ticketing systems.
Inform Customized comprehensive role-based reports document progress for IT, business executives and auditors.

  • Lets you report anytime, anywhere – without rescanning.
  • Provides context & insight, not just a data dump.
  • Shows ongoing progress with your vulnerability management goals.
  • XML-based APIs integrate reporting data with GRC, SIEM, ERM, IDS and other security and compliance systems.

Extend Vulnerability Management with Alerts:

Continuous Monitoring Targeted alerts from continuous monitoring are immediately directed to the appropriate staff for accelerated responses. This frees your teams from the delay of waiting for scheduled scanning windows and sifting through long reports. The continuous monitoring feature immediately and proactively identifies critical security issues such as:

  • Unexpected hosts/OSes.
  • Expiring SSL certificates.
  • Inadvertently open ports and services.
  • Severe vulnerabilities on hosts or in applications.
  • Undesired software on perimeter systems.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys Policy Compliance (PC)

Automates security configuration  assessments to reduce risks and for continuous compliance

Qualys Policy Compliance (PC) is a cloud service that performs automated security configuration assessments on IT systems throughout your network. It helps yo to reduce risk and continuously comply with internal policies and external regulations. Built on the world's leading cloud-based security and compliance platform, Qualys PC frees you from the substantial cost, resource and deployment issues with traditional software products. Known for its fast deployment, ease of use, unparelled scalability, and rich integration with enterprise GRC systems, Qualys PC is relied upon by leading companies around the world

Benefits of Qualys Policy Compliance

Achieve and document compliance by finding and prioritizing configuration lapses to stay in continuous compliance Integrate PC into your processes by sharing configuration data with your GRC, ticketing and help desk applications to centralize information and assign tasks
Know the true risk posture by seeing security configuration issues accurately, in one place Cut compliance costs by reducing the effort and time required to assess your systems throughout your organization

Key Features


Qualys Cloud Platform
Revolutionize both security and compliance with the industry’s most integrated, scalable and extensible cloud platform.

  • Deliver & manage multiple solutions from a single environment
  • Deploy immediately from a public or private cloud – fully managed by Qualys and always up-to-date.
  • Scales up globally, on demand.
  • Centralize discovery of host assets for multiple types of assessments.
  • Organize host asset groups to match the structure of your business.

Define Policies 
Interactively set up IT standards for hardening configurations and complying with relevant regulations.

  • Define configuration policies required for different environments and assets.
  • Draw from a built-in library of extensively used policies certified by CIS, including COBIT, ISO, NIST, ITIL, HIPAA, FFIEC, NERC-CIP and User Defined Regulatory Cross Reference.
  • Create custom policies via an interactive web-based editor.
  • Use a previously-scanned host as a “golden image.”
  • Use SCAP content streams.
  • Import and export policies to share with other subscriptions.

Specify Controls
Select host and application settings to automatically check for each policy.

  • Interactively choose which configuration settings to monitor.
  • Select from a rich library of controls for OSes, network devices, databases and applications.
  • Create custom controls without writing code or scripts.
  • Test controls immediately without rescanning or reporting.
  • Monitor the integrity of files and watch for changes.
  • See how controls relate to critical frameworks and regulations.

Assess
Scan and analyze OS and application configurations on each target host.

  • Scan anywhere on premise, or in private or public clouds from a single console.
  • Scan behind your firewall securely with Scanner Appliances managed by Qualys.
  • Scan quickly and efficiently on demand or on a schedule.
  • Store configuration information offsite with secure audit trails.
  • Assess deeply with authenticated scans.
Remediate Fix violations and configuration “drift” early – before audits – and manage exceptions centrally.

  • Catch configuration “drift” while it’s easy to fix.
  • Manage exceptions via a documented approvals process.
  • Be confident that audits will show compliance, not uncover violations.
 Inform Customize comprehensive reports to document progress for IT, business executives, risk managers and auditors.

  • Report any time, any place – without rescanning.
  • Document that policies are followed and lapses get fixed.
  • Enable data-driven risk and compliance management.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Qualys PCI Compliance

Cloud-based solution to help merchants and service providers quickly comply with PCI DSS

Qualys Malware PCI Compliance (PCI) provides businesses, online merchants and Member Service Providers the easiest, most cost-effective and highly-automated way to achieve compliance with the Payment Card Industry Data Security Standard. Known as PCI DSS, the standard provides organizations the guidance they need to ensure that payment cardholder information is kept secure from possible security breaches. Qualys PCI draws upon the same highly accurate scanning infrastructure and technology as Qualys’ flagship solution, Qualys Vulnerability Management – used by thousands of organizations around the world to protect their networks from the security vulnerabilities that make attacks against networks possible.

Simplify PCI Compliance via the Cloud

Qualys is an Approved Scanning Vendor

Qualys is approved by the PCI Council to help you fulfill quarterly network and application scanning requirements of PCI DSS. Delivered via our cloud platform, Qualys PCI is the most accurate, easiest-to-use solution for PCI compliance testing, reporting and submission. Qualys PCI enables merchants and Member Service Providers to automatically submit the PCI self-assessment questionnaires to acquiring banks, and conduct network and web application security scans to efficiently identify and eliminate security vulnerabilities

Note: even if your organization is not a typical “merchant,” it is required to comply with PCI DSS if it processes, stores or transmits payment card data. See PCI DSS for merchant and service provider levels and validation actions required for compliance.


STEP 1:
Deploy – Up & Scanning in Minutes
As part of the award-winning Qualys Cloud Platform, Qualys PCI enables merchants and service providers of any size to deploy immediately and attain compliance as quickly as possible.

  • Immediate deployment – no hardware to set up, always up-to-date.
  • Global scalability – add more security applications anytime, throughout the world.
  • Multiple, unified solutions – one console for PCI, VM, WAS and more.
  • Centralized management applies policies consistently across applications.

STEP 2:
Scan – Achieve PCI Compliant Status and Secure Your Network
Through Qualys PCI, achieving PCI compliance status becomes a streamlined process that also provides the assurance that your network is highly secure.

  • Easy-to-follow step-by-step approach & compliance tips.
  • Required quarterly scans are automatically completed; scan as often as you like.
  • User-friendly interface, online help and 24x7x365 email/telephone support ensures success in understanding and achieving PCI compliance.
  • Scans all assets on-premise and in private, public or hybrid clouds.
Also Scans Web Apps – to Meet PCI DSS Requirement 6.6 This requirement now specifies that organizations maintain secure web applications. The Qualys PCI Web Application Scanning module provides users an automated tool for evaluating web applications before and after development ensuring that applications are built and maintained in a secure way. The WAS module allows users to:
  • Scan vulnerability types within any application (built or customized in-house or purchased).
  • Crawl web applications.
  • Identify cross-site scripting vulnerabilities.
  • Isolate SQL injection attacks.
  • Conduct authenticated and unauthenticated scans.

STEP 3:
Remediate – Quickly Solve Security Threats with Detailed Remediation Instructions
PCI DSS also requires businesses to perform a network security scan every 90 days on all Internet facing networks and systems. To achieve compliance, businesses must identify and remediate all critical vulnerabilities detected during the scan. Qualys PCI:

  • Automates and greatly simplifies scanning and remediation.
  • Provides easy-to-use reporting of vulnerabilities that will cause you to fail PCI DSS.
  • Uses the Qualys Cloud Platform for accurately scanning vulnerabilities.
  • For each vulnerability discovered, Qualys PCI provides detailed instructions with links to verified patches for rapid remediation.
STEP 4:

Submit – Auto-Submit Compliance Status Directly to Acquiring Bank 

Once you have met the validation actions, the Qualys PCI “auto-submission” feature completes the compliance process.

  • Automatically submits compliance status directly to your acquiring banks.
  • Download PCI compliance reports in PDF to submit to your acquiring bank(s) or to assist in remediation efforts.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may required for your operation or project needs.

Vulnerability Management. Continuously detect and protect against attacks, anytime, anywhere. The industry’s most advanced, scalable and extensible solution for vulnerability management. Features Highlights Agent-based detection In addition to our scanners, VM also works with the groundbreaking Qualys Cloud Agents, extending its network coverage to assets that can’t be scanned. The lightweight, all-purpose, self-updating agents reside
Qualys Asset Inventory Product Overview

Qualys Asset Inventory Product Overview

Asset Inventory. Maintain full, instant visibility of all your global IT assets. Feature Highlights Continuous discovery and 2-second visibility Asset Inventory constantly gathers information on all assets, listing installed software, existing vulnerabilities and hardware details. Clicking on an asset record lets you see all the details Asset Inventory has collected about it. A powerful search
Qualys vulnerability information for IBM QRadar SIEM is popular being ask topic. Beside make use of the free application develop by Qualys for QRadar. QRadar can retrieve vulnerability information from the Qualys API or through a download of a scan reports from a QualysGuard appliance. This article will be address co customer who had Qualys and
Qualys App for QRadar Security Intelligence Platform
Qualys App for QRadar Security Intelligence Platform combines IT asset and vulnerability data with real-time analytics in a single dashboard. Since 14-Feb-2017, Qualys launched a new Qualys App for IBM’s QRadar Security Intelligence Platform that allows customers to visualise their network IT assets and vulnerabilities in real-time. The app haps teams produce continuous vulnerability and
E-SPIN and VisiWave

E-SPIN and Qualys

Qualys Qualys, Inc. is a provider of cloud security, compliance and related services for small and medium-sized businesses and large corporations based in Redwood Shores, California. Founded in 1999, Qualys was the first company to deliver vulnerability management solutions as applications through the web using a “software as a service” (SaaS) model, and as of
Tagged under: , ,
Rise of Docker and Application Container Security Platform - App Container vs VM
Rise of Docker and Application Container Security Platform – App Container vs VM Application Container Security, or more proper term Docker Security and Container Security Platform. When it comes to security, anything new is usually bad news, since you and your organization is not well prepare for it and legacy infrastructure and protection technology not
E-SPIN Qualys Vulnerability Management Meets Application Security for 1 Oct to 31 Dec 2017 E-SPIN is please to bring over highly demand market leading Qualys Vulnerability Management (VM) Product Portfolio Licensing Subscription cross over Application Security (AppSec) in region we do business. Effective from 1st October 2017 to 31st December 2017. For selective product line
WhatsUpGold IP Address Manager Technical Overview by E-SPIN
Indication of Compromise. Qualys Cloud Platform to deliver threat hunting, detect suspicious activity, and confirm the presence of known and unknown malware for devices both on and off the network. From Qualys IOC’s single console, you can monitor current and historical system activity for all on-premise servers, user endpoints, and cloud instances — even for
TOP