Technology

Vulnerability Management Technology

NorthX is Value Added Service partner to Qualys, and a major reseller of Qualys in Scandinavia.

Qualys is the leading provider of solutions to detect, manage and remediate vulnerabilities in any environment. A feature-rich SaaS platform with a multitude of integration options, the Qualys Cloud Platform is the perfect technology to support your Vulnerability Management program.

An effective vulnerability management program requires effective tooling.
Customers need an integrated solution that will support all stages of the vulnerability lifecycle, from vulnerability detection all the way to risk evaluation and ultimately remediation.

Modern IT environments are both massive and complex. Even smaller organizations have thousands of assets connected to their network, with cloud and container solutions creating a rapidly changing IT landscape.

Staying on top of vulnerabilities is challenging, and effective vulnerability management programs often rely on multiple best-of-breed technologies to detect, log, evaluate, prioritize, assign and report vulnerabilities.

 

Vulnerability management technology landscape

Whether you need a single technology or need to integrate multiple tools, depends on the complexity of the environment and the requirements. Consider this conceptual illustration of a vulnerability management main process:

 

View of generic vulnerability management process flow

 

This same process may be implemented differently in two different scenarios, as exemplified below.

Example A: sub-enterprise

 

Characteristics

  • Relatively few assets (>~3.000 assets) in few categories
  • Relatively static environment
  • Assets are owned by a small group of stakeholders
  • Focus is on identification and mitigation

 

In this case, a single tool like Qualys VMDR will be able to support the entire process.

Appropriately implemented, Qualys can:

  • Integrate with the main asset inventory
  • Contain asset context, such as "Is asset in DMZ?"
  • Identify vulnerabilities in most common technologies (Windows, Linux, Solaris etc.)
  • Track vulnerabilities through their lifecycle
  • Provide real-time threat indicators to assist evaluation and prioritization
  • Report vulnerabilities directly to asset owners
  • Show real-time reports to multiple levels of stakeholders

Example B: enterprise

 

Characteristics

  • Thousands of assets in many categories
  • Dynamic environment, developers deploy assets daily
  • Complex asset owner relationships
  • Focus is on holistic risk management

 

In this case, the architecture will probably involve multiple best-of-breed technologies, such as:

  • A main tool (such as Qualys) to detect and track vulnerabilities in Windows, Linux, network devices etc.
  • Specialized tools to detect vulnerabilities on Mainframe and container platforms
  • Vulnerability management team maintains separate asset inventory derived from multiple data sources
  • Separate threat intel platform to enrich evaluation and prioritization of vulnerabilities
  • Integration to main workflow platform (fx. ServiceNow) to assign and track vulnerability ownership
  • Integration to risk management platform to support risk assessment and tracking
  • Integration with a reporting platform (such as Tableau) to provide integrated reporting to key stakeholders

Comparison of two system landscapes for different purposes

The point is that Qualys has the capabilities to be the only vulnerability management technology in your environment, or in concerted integration with multiple, specialized systems. It all depends on the complexity and requirements.

Whether you need one setup or the other, NorthX can work with your team to design and implement the best solution.

About Qualys

Founded in California in 1999, Qualys is a single-product software provider in the vulnerability management space, and is traded on Nasdaq (QLYS).

Today, Qualys is recognized as a top-three technical vulnerability management vendor.

The Qualys Cloud Platform is a modern software-as-a-service solution, where the backend runs in Qualys’ data centre. For European customers, Qualys is delivered out of the Frankfurt area which alleviate concerns about GDPR and the recent Schrems II ruling.


At the core of Qualys Cloud Platform is Vulnerability Management, Detection and Response: VMDR. VMDR covers most of the functionality required to perform good vulnerability management, including asset discovery and inventory, vulnerability scanning, real-time threat intelligence, scanning of external IP addresses and more.

Visit Qualys.com
Q Background

Our value-add

NorthX is a Value Added Service partner to Qualys, and our role is to make it easy to be a Qualys customer.

Procurement can be complicated, and part of our value-add is to guide and assist you through your procurement-related governance.

Our strategy to become the preferred Qualys partner in the Nordics is to:

  1. Simplify the procurement process for our customers by assisting with complicated, associated elements such as data processing agreements, GDPR considerations, product security assessments and so on

  2. Ease customer implementation of Qualys through highly qualified Qualys consultants and SMEs, and our experience-based project planning framework

  3. Quickly establish value for customers after Qualys implementation, through our Vulnerability Management framework that defines processes and product integrations through all five key vulnerability management areas

If you want to know how Qualys can help you secure your organization, get in touch for a product tour and free trial!