We leverage Qualys to run vulnerability scans against external and internal assets, or we can optionally take the results of scans clients are already running with their own tools (Qualys, Rapid7, Nessus, etc.). Using our built-in Asset Manager, we help companies understand where the risks exist based on the results, not by looking at the vulnerabilities (High, Medium, Low) but rather by looking at various “risk dimensions” we know about related to each of the assets. This allows us to focus on addressing real risks and ensures when companies decide to tackle remediation activities, when they are done they will have accomplished something that will contribute to lowering their overall risk and exposure. The platform tracks all activity and provides full logging and auditing for performance and effective purposes, can be used by the service provider or by the client or both.
When it comes to data security, nothing is more important than understanding where you are most vulnerable. This is why many companies have realized that annual vulnerability assessments aren’t sufficient. Under a new vulnerability management model, successful companies have moved to monthly or quarterly scanning.
Deciding what to tackle and remediate from the vulnerability scanning reports becomes easier when using a risk management approach. Each vulnerability is automatically rated using a risk level of high, medium, or low—and sometimes informational ratings could be set as well. However, these” only address the risk of the vulnerability and don’t take into account the asset where the vulnerability resides. By introducing risk dimensions of assets—such as the applications or services they support, their criticality, their location, and other factors relevant to your organization—your business can make more educated and informed decisions on what to remediate first.