YOU ARE HERE: HOMEQualys solution requirement seizing questionnaire

Qualys solution requirement seizing questionnaire

Qualys is cloud based application based on software as a service (SaaS) offering basis.

  1. For the first technical and commercial is are you are ready for Cloud? (if No, no need to proceed further)
  2. If answer for yes for item 1. Then may select either shared cloud (just connect thru web browser to Qualys hosted infrastructure securely) or private cloud (this is more expensive, as it basically mean duplicate entire Qualys cloud infrastructure into entire server rack of cloud application put inside customer premises, usually commercial viable for very big engagement case only).
  3. Since it is cloud based, it need to allow Qualys externally accessible for the asset intent to be scan. If can not reach, then may require either physical/virtual local scanner appliance to perform local scan or maybe use of “agent” install into those host and provide the scan information to the Cloud centre dashboard.
  4. IP count will be crucial for determine where it is start for the subscription and maximum it can be subscribe with. In general Express Lite for max 256 IP. Express for 256 – 5000 IP. Enterprise for unlimited.

Functionality and modules requirement:

IT Security

  1. Vulnerability Management (VM) how many internal IP ? how many external IP?
  2. Threat Protection (TP) how many internal IP?

  3. Continuous Monitoring (CM) how many internal IP? how many External IP?

  4. Indication of Compreise (IoC) how many internal IP?

  5. API? Qualys API access require to use with other 3rd party app?
  6.  Zero-Day Service? (ie Analysis and automated altering for zero-day threats based on Version iDefense) (yes or no)


Web Application security

7. Web app scanning (WAS) how many IP or Url for website?

8. Web app firewall (WAF) how many IP or Url for website?


Compliance monitoring

9. Policy compliance (PC) how many internal IP?

10. PCI Compliance (PCI) how many external IP?

11. File integrity monitoring (FIM) how many internal IP?

12. Security configuration assessment (SCA) how many internal IP?

13. Security Assessment Questionnaire (SAQ) how many user to conduct questionnaire?


Asset Management

14. Asset Inventory (AI) how many IP?

15. CMDB Sync (Sync) how many IP to sync to ServiceNow CMDB ?