Network Computingwww.networkcomputing.com

	Issue TOC Print full article Print this page E-Mail this URL Discuss this article Flame the author     In this article Introduction Wants & Needs Foundstone Enterprise and FoundScan Engine 2.6 Qualys QualysGuard Intranet Scanner Harris Corp. STAT Scanner Professional Edition 5 eEye Digital Security Retina Network Security Scanner Vigilante.com SecureScan NX 2.6.50 SAINT 4.3 nCircle Network Security IP360 Vulnerability Management System 5.3 Other Products Reviewed How We Tested Web Links Report Card

Qualys' internal scanning appliance is a gateway to its Internet-based scanning service. This setup is very similar to that of nCircle's IP360, where several scanning appliances reference a single management server for all configuration and vulnerability information. However, the management and aggregation server resides on Qualys' system, not at the customer location.

Organizations install the QualysGuard appliances inside their enterprises and administer them from the Internet-based interface. The gateway device simply makes outgoing SSL-encrypted requests to Qualys' servers, asking if there are any jobs to perform. If the appliance finds a job, it downloads it, and away it goes. In a nutshell, nothing is stored on the QualysGuard internal appliance. Scan requests, reports and even scan signatures reside on Qualys' network. Although this might seem like a strange model, it means you never have to worry about attack-signature updates. Because of its design, this system is an excellent choice for large enterprises wanting to deploy scanners throughout their networks.

Qualys' reports can be customized, and its vulnerability detection was acceptable, though we hope to see better coverage in the future. Tiered user privileges can be tailored to an organization's demands, and user preferences can be adjusted for dead-host scans, load-balancer detection and even password brute-forcing. To add a layer of device segregation, network hosts can be separated into groups, enabling security administrators to create itemized reports based on business criticality, for example.