Forside Home
Forside Home

Vulnerability Management teknologi

NorthX er certificeret Value Added Service partner med Qualys, og er en af de største Qualys forhandlere i Skandinavien.

Qualys Inc. er i dag den førende leverandør af løsninger til håndtering af sårbarheder på tværs af teknologier. Qualys Cloud Platform kan med mere end 30 specialiserede moduler dække flere teknologier og use cases end noget andet produkt i denne kategori.

Effektiv vulnerability management kræver effektive værktøjer – selvfølgelig. Netværk er komplekse størrelser, og selv små organisationer har nemt flere tusinde enheder på netværket, og cloud og container-løsninger gør deployment og decommission til noget der sker mange gange dagligt.

Vores budskab er derfor at et vulnerability management værktøj (også) skal vurderes, på , hvor godt det fungerer i et normalt systemlandskab. Det gør naturligvis konfigurationen mere kompleks.

 

Ingen værktøjer kan alt, derfor er integration og samspil med de øvrige systemer vigtigt. Og et godt vulnerability management værktøj skal kunne langt mere end at ”scanne”. Det skal kunne støtte og integrere hele vejen igennem vulnerability livscyklussen, fra en vulnerability bliver identificeret til risikovurdering og verificeret afhjælpning.

 

Eksempel: en simpel proces

Om du har brug for et enkelt værktøj eller du har behov for at integrere flere værktøjer, afhænger af hvor komplekst dit miljø er, og hvordan porteføljen af ITSM-værktøjer ser ud.

Nedenfor er et tænkt eksempel på en simpel vulnerability management proces:

Overview of capabilities

 

Denne samme proces kan implementeres forskelligt i to forskellige scenarier, som eksemplificeret nedenfor.

Example A: sub-enterprise

 

Characteristics

  • Relatively few assets (>~3.000 assets) in few categories
  • Relatively static environment
  • Assets are owned by a small group of stakeholders
  • Focus is on identification and mitigation

 

In this case, a single tool like Qualys VMDR will be able to support the entire process.

Appropriately implemented, Qualys can:

  • Integrate with the main asset inventory
  • Contain asset context, such as "Is asset in DMZ?"
  • Identify vulnerabilities in most common technologies (Windows, Linux, Solaris etc.)
  • Track vulnerabilities through their lifecycle
  • Provide real-time threat indicators to assist evaluation and prioritization
  • Report vulnerabilities directly to asset owners
  • Show real-time reports to multiple levels of stakeholders

Example B: enterprise

 

Characteristics

  • Thousands of assets in many categories
  • Dynamic environment, developers deploy assets daily
  • Complex asset owner relationships
  • Focus is on holistic risk management

 

In this case, the architecture will probably involve multiple best-of-breed technologies, such as:

  • A main tool (such as Qualys) to detect and track vulnerabilities in Windows, Linux, network devices etc.
  • Specialized tools to detect vulnerabilities on Mainframe and container platforms
  • Vulnerability management team maintains separate asset inventory derived from multiple data sources
  • Separate threat intel platform to enrich evaluation and prioritization of vulnerabilities
  • Integration to main workflow platform (fx. ServiceNow) to assign and track vulnerability ownership
  • Integration to risk management platform to support risk assessment and tracking
  • Integration with a reporting platform (such as Tableau) to provide integrated reporting to key stakeholders

Comparison of two system landscapes for different purposes

The point is that Qualys has the capabilities to be the only vulnerability management technology in your environment, or in concerted integration with multiple, specialized systems. It all depends on the complexity and requirements.

Whether you need one setup or the other, NorthX can work with your team to design and implement the best solution.

Our value-add

NorthX is a Value Added Service partner to Qualys, and our role is to make it easy to be a Qualys customer.

Procurement can be complicated, and part of our value-add is to guide and assist you through your procurement-related governance.

Our strategy to become the preferred Qualys partner in the Nordics is to:

  1. Simplify the procurement process for our customers by assisting with complicated, associated elements such as data processing agreements, GDPR considerations, product security assessments and so on

  2. Ease customer implementation of Qualys through highly qualified Qualys consultants and SMEs, and our experience-based project planning framework

  3. Quickly establish value for customers after Qualys implementation, through our Vulnerability Management framework that defines processes and product integrations through all five key vulnerability management areas

If you want to know how Qualys can help you secure your organization, get in touch for a product tour and free trial!

About Qualys

Founded in California in 1999, Qualys is a single-product software provider in the vulnerability management space, and is traded on Nasdaq (QLYS).

Today, Qualys is recognized as a top-three technical vulnerability management vendor.

The Qualys Cloud Platform is a modern software-as-a-service solution, where the backend runs in Qualys’ data centre. For European customers, Qualys is delivered out of the Frankfurt area which alleviate concerns about GDPR and the recent Schrems II ruling.


At the core of Qualys Cloud Platform is Vulnerability Management, Detection and Response: VMDR. VMDR covers most of the functionality required to perform good vulnerability management, including asset discovery and inventory, vulnerability scanning, real-time threat intelligence, scanning of external IP addresses and more.

Visit Qualys.com
Q Background

Get in touch and book your product tour