With QualysGuard alone, delivered as a SaaS, there would be security risks, but giving Qualys access to the passwords within Cyber-Ark ensures security. Privileged credentials are not only securely protected, but also periodically changed to meet corporate security policies and comply with regulations.
The integration with Cyber-Ark makes the scanning process more useful and effective, said Charles Kolodgy, research vice president for secure products at IDC. "If you don't have credentials you can't do a deep scan of the machine. For many vulnerability assessments you want to be able to look at components of the machine that are only available if you have access to the machine," Kolodgy said. "It is a nice way to manage these credentials so, in addition to the benefits from the scanning, the organization will also have the opportunity to improve the management of such device rights."
IBM has recently begun offering a hosted vulnerability assessment tool, which would put it in competition with Qualys, said Scott Crawford, research director at the research firm Enterprise Management Associates. However, Qualys has the first-to-market advantage in this space.
Offering authenticated scanning with Qualys and Cyber-Ark is the best way to deliver a comprehensive view of a customer's IT assets in order to identify misconfigurations, missing patches and other security issues, added Philippe Courtot, chairman and CEO for Qualys. A version of QualysGuard integrated with Cyber-Ark is available now in production, said Perradeau. Pricing specifics were not immediately available.