Cybersecurity_

Vulnerability management systems



We offer IT systems vulnerability/weakness detection services (vulnerability tests) based on QualysGuard technology.

 

The service is available in annual subscription for a defined number of IP addresses or specific Web applications. We also offer single vulnerability scans with scanning option selection.

 

QualysGuard is a service which does not require any hardware or software purchases.

It substantially simplifies and automates vulnerability management in complex corporate network environments. QualysGuard keeps listing the networked resources (so that it is impossible to hide a "foreign" device with a separate IP address), detecting non-protected ports and runs an automated search for vulnerabilities in the organisation's IT resources. At the same time, the service is checking compliance with the internal security policies and external regulations (including ISO 27001). All vulnerabilities discovered are described and linked to the existing threats. Each such discovery is accompanied with recommended countermeasures which should be used to eliminate it.

The scanning engines are capable of detecting vulnerabilities on server machines, workstations, in operating systems, applications, databases and any other appliances that have their own IP address. In order to specify the scanning range, the customer needs to input IP addresses or names of the web applications to be included in the scan. The scanner can test all kinds of devices connected to the computer network that communicate over TCP-IP.

 

QualysGuard (QG) is composed of five modules which form an integrated environment available online on the service's dashboard:

  • VM (Vulnerability Management) module: detection of vulnerabilities, their descriptions including the details of existing correlated malicious software, description of countermeasures, risk management information and an indication of the availability of an option to generate a delta report, a test that compares scanning results before and after repair
  • PC (Policy Compliance) module, which validates the ICT resources security test results against the adopted security policy
  • PCI (PCI compliance) module, which validates the ICT resources security test results against the PCI DSS standard (for ICT systems which support card-based payments)
  • WAS (Web Application Scanning) module, which checks the security of web applications
  • MD (Malware Detection) module, which detects malware on website pages

 

Value for Customer:

 

Automated monitoring of ICT resources for vulnerabilities, plus the option to schedule scan sessions for the selected range of IP addresses at any time. Ability to assign scan reports on the specified IP address ranges and repair tasks to dedicated administrators. Reports can be automatically delivered by email. Automated verification of the completed repairsfor the specified range of IP addresses after a repeated scan using the delta report feature.

 

 

PARTNERS:

PL / EN / RU