Effektiv vulnerability management kræver effektive værktøjer – selvfølgelig. Netværk er komplekse størrelser, og selv små organisationer har nemt flere tusinde enheder på netværket, og cloud og container-løsninger gør deployment og decommission til noget der sker mange gange dagligt.
Vores budskab er derfor at et vulnerability management værktøj (også) skal vurderes, på , hvor godt det fungerer i et normalt systemlandskab. Det gør naturligvis konfigurationen mere kompleks.
Ingen værktøjer kan alt, derfor er integration og samspil med de øvrige systemer vigtigt. Og et godt vulnerability management værktøj skal kunne langt mere end at ”scanne”. Det skal kunne støtte og integrere hele vejen igennem vulnerability livscyklussen, fra en vulnerability bliver identificeret til risikovurdering og verificeret afhjælpning.
Om du har brug for et enkelt værktøj eller du har behov for at integrere flere værktøjer, afhænger af hvor komplekst dit miljø er, og hvordan porteføljen af ITSM-værktøjer ser ud.
Nedenfor er et tænkt eksempel på en simpel vulnerability management proces:
Denne samme proces kan implementeres forskelligt i to forskellige scenarier, som eksemplificeret nedenfor.
Example A: sub-enterprise
Characteristics
In this case, a single tool like Qualys VMDR will be able to support the entire process.
Appropriately implemented, Qualys can:
Example B: enterprise
Characteristics
In this case, the architecture will probably involve multiple best-of-breed technologies, such as:
The point is that Qualys has the capabilities to be the only vulnerability management technology in your environment, or in concerted integration with multiple, specialized systems. It all depends on the complexity and requirements.
Whether you need one setup or the other, NorthX can work with your team to design and implement the best solution.
NorthX is a Value Added Service partner to Qualys, and our role is to make it easy to be a Qualys customer.
Procurement can be complicated, and part of our value-add is to guide and assist you through your procurement-related governance.
Our strategy to become the preferred Qualys partner in the Nordics is to:
If you want to know how Qualys can help you secure your organization, get in touch for a product tour and free trial!
Founded in California in 1999, Qualys is a single-product software provider in the vulnerability management space, and is traded on Nasdaq (QLYS).
Today, Qualys is recognized as a top-three technical vulnerability management vendor.
The Qualys Cloud Platform is a modern software-as-a-service solution, where the backend runs in Qualys’ data centre. For European customers, Qualys is delivered out of the Frankfurt area which alleviate concerns about GDPR and the recent Schrems II ruling.
At the core of Qualys Cloud Platform is Vulnerability Management, Detection and Response: VMDR. VMDR covers most of the functionality required to perform good vulnerability management, including asset discovery and inventory, vulnerability scanning, real-time threat intelligence, scanning of external IP addresses and more.