Qualys CyberSecurity Asset Management Reviews

We use it to gain complete visibility into our assets and monitor our security posture.

Our overall experience has been very good. It gives us a 360-degree view of our assets. It gives us the complete data such as the types of services running or applications installed. If an asset or software is end-of-life or end-of-support, it provides the status related to that. Apart from that, we get to know the ports and services that are running.

Previously, I did not have visibility over the complete inventory. Qualys CSAM gives me the complete inventory with the number of assets connected to the network. Based on the cloud agents that were deployed and remote scans, we can see the whole inventory in a single module. The CSAM module allows us to track the end-of-life or end-of-support status of the software on our assets. We get to know in advance that particular software is going to be end-of-life or end-of-support. Such a feature helps us to take action proactively.

It gives visibility into the domains or subdomains managed by my organization. I can track those very effectively. I can even perform lightweight scans which are completely managed or controlled by Qualys, unlike remote scans that are performed by the end user. It gives visibility into the vulnerabilities related to applications or assets on a real-time basis because these scans are performed once a day on a daily basis. With one click, the EASM module provides the domain names related to my organization. Qualys directly performs the scan and if any applications or assets are not in my CMDB because I missed updating the details, it highlights them, so I have complete visibility over my publicly exposed assets or applications.

It is able to discover different kinds of assets, such as web servers, DB servers, or application servers. It can identify network devices. I even have visibility over the devices managed by ISPs, and I am able to take action appropriately.

Asset tagging is one of the main features of the CSAM module. While creating asset tags or after creating asset tags, we can set the asset criticality. Based on the vulnerabilities identified in the assets, Qualys provides a detection or TruRisk scoring.

TruRisk scoring helps prioritize vulnerabilities and assets. This prioritization is very helpful for me. In an infrastructure with 300,000 assets, we might see millions of vulnerabilities in the assets. We need to prioritize vulnerability remediation because we cannot focus on remediating all the vulnerabilities at the same time. We can start with the assets that are critical in our organization. TruRisk scoring helps with that.

It makes us more secure and also helps us with our KPIs or KRI. We have had zero attacks since we enabled all the features in Qualys CSAM.

It fetches the asset details based on remote scans or the cloud agents that are deployed. With passive sensors, I am able to see the rogue assets that are passing through a particular switch wherever passive sensors are deployed. I can see what other assets are connected to the network. One of my goals is to identify the assets that are missing with the cloud agents so that I can get the cloud agents deployed and get them added to my asset inventory. Network devices obviously cannot be installed with the cloud agents, but at least I have visibility that these are the network devices, or these are the endpoints, or these are the servers, whereas rogue assets are a threat to the organization. They may even compromise other assets in the network, so with these passive sensors, I am getting complete visibility.

Even IoT devices can be scanned through these passive sensors. The passive sensors can read the configuration of the devices passing through a particular switch. Previously, I used to perform remote scans on IoT devices. This effort of performing the remote scan is minimized because these passive sensors are able to find the vulnerabilities related to any of the IoT devices by reading their configuration. This is another feature that is helping me as part of our operations.

At our Android development company, Qualys CyberSecurity Asset Management safeguards our development environment and digital assets, including sensitive codebases, APIs, databases, and cloud-based infrastructure. By continuously monitoring these assets, Qualys helps us detect vulnerabilities, misconfigurations, and potential malware, protecting both our proprietary technology and client projects from threats like ransomware and malicious activity. Furthermore, it ensures compliance with industry standards through real-time insights and automated security patches, fostering trust between us and our valued customers.

Qualys Cybersecurity Asset Management offers comprehensive features to cover our entire attack surface. Its cloud-based platform provides full compliance management, ensuring infrastructures align with databases and standards. Cloud storage enables easy data retrieval and recovery. Additionally, it utilizes AI-powered features to monitor and manage security patches, enhancing overall security posture.

Qualys Cybersecurity Asset Management utilizes advanced deep neural networks and AI to identify previously undiscovered assets and threats, crucial to our company's security. We discovered an additional 120 assets with Qualys CSAM.

It has significantly enhanced our company's security by providing real-time visibility into all access points across our development ecosystems, improving vulnerability detection and risk management. This allows us to address security gaps quickly before they escalate into critical threats. The automated discovery of misconfigurations ensures continuous compliance with industry and government standards, reducing manual efforts and freeing our team to focus on innovation. This comprehensive approach has fortified our infrastructure, protecting sensitive code, client data, and cloud management from cyberattacks. Consequently, we have faced fewer security threats, allowing us to focus on other areas for improvement within the company.

The Asset Management helps us identify all risk factors, including vulnerabilities and malicious attacks, along with various other aspects of asset management.

This advanced cloud system utilizes APIs to connect and retrieve data, while passive sensors track the code bases of our applications.

Passive sensors hinder the real-time identification of potential risks, as they transmit real-time data and additional information with a delay. However, the system's speed, combined with AI, deep learning, and robotic process automation, enables efficient risk identification despite this limitation.

We are using Qualys CyberSecurity Asset Management for daily activities such as identifying new assets through network scanning and agent-based scanning for newly provisioned assets. When any new asset enters the network, we can identify it. We follow up with the team if any Windows device or other device does not have an agent installed, as we can still maintain visibility. We have established a process where if any machine that supports agents is not installed with a Qualys agent, we can follow up with the team appropriately using that particular data.

We use the True Risk Score for vulnerability prioritization, though we do not solely rely upon it since some assets may be decommissioned soon or not in use. From Qualys CyberSecurity Asset Management, we primarily focus on internet-facing assets. We have created separate tasks for internet-facing assets and track the True Risk dashboard specifically for these assets. If the True Risk Score is higher for any internet-facing assets, then we take action accordingly. The True Risk Score is very helpful for prioritization.

The initial setup was straightforward and easy. We needed to create customized tags, group them twice, and validate whether the operating system detection was true positive or false positive. We encountered some false positives, which required coordination with the IT team for verification. In six months, we had approximately 20-25 machines that needed verification on a weekly basis. We coordinated with the IT team to identify the exact operating system specifications.

We primarily use it to collect asset information. Our primary value from it is in collecting on-premises assets, as well as the ability to tag those assets with custom tags. We are also using the external attack surface management portion a little bit. We have not fully operationalized it yet, but it looks intriguing.

Additionally, we are leveraging Qualys CSAM's capability to detect software and applications, as well as to identify unauthorized and authorized software in the environment.

From an inventory point of view, Qualys CSAM gets everything very well. We augment that with Qualys TotalCloud, so we get better insights into our cloud platform, but for our internal data centers, this is our source of truth for asset information.

We use it for scanning, vulnerability management, a little bit of policy compliance, and some web application scanning.

We primarily implemented it for StateRamp compliance requirements with NIST 800-53.

There have been some instances where devices that were not known to be in a specific place were discovered. They were primarily EC2 instances deployed in an AWS account. Our systems are scalable. They scale in and out all the time, so it is hard to give a precise number of the devices discovered. It probably discovered 3% to 5% of the overall system.

In addition to vulnerabilities, it identifies other risk factors for our assets. It does not cover all, but it covers about 80%.

The use cases for Qualys CyberSecurity Asset Management (CSAM) include getting software details, such as identifying software that is reaching end-of-life (EOL) or has already become EOL, and getting asset details.

Additionally, the integration with Shodan through External Attack Surface Management (EASM) helps get asset details of public-facing assets.

I also use its reporting capabilities. I can generate reports related to software with queries.

I also used the web application to see potential web-hosted assets for our subscription.

ESAM covers the entire attack surface. Earlier, we were using a third-party vendor, but we now completely rely on Qualys for ESAM. It scans the assets and also tags them based on the domain and subdomain. It discovers more and provides complete details about the assets, such as the external interface and internal interface. It correlates them, and we get the complete details of the assets, which were not given by the other solution. It just gave the IPs. We had to take the IP, put it in Qualys, and check the details. With Qualys, it is very easy to get the asset details.

We were able to realize its benefits immediately after the deployment. 

We use the TruRisk score, but based on the QDS and ACS, we have also derived our own severity for the organization. We assess whether it is really exploitable and being exploited in the wild.

We had some issues with the agents and detections until May, but after the version upgrade to 5.4, we saw a tremendous improvement in detection. We have 99.9% detections, and we were also able to achieve 84% patching and compliance in five days because of the detections.

We use Qualys CyberSecurity Asset Management to improve asset tracking and manage our security posture, thereby minimizing security risk. Enhanced visibility into our asset inventory enables us to implement appropriate security measures to protect against potential incidents and threats.

The major challenge in security today is that many organizations still have an extreme problem: they are not aware of how many assets they have. As businesses grow, their assets grow as well. However, asset tracking has traditionally been a manual and cumbersome process. Due to this, many assets were mismanaged. Nobody tracked them properly, and assets were not updated with OS patching or application patching. This was particularly problematic for data sets, as many people across the organization were unfamiliar with those assets, which led to security issues. This is why we implemented Qualys CyberSecurity Asset Management.

The external attack surface refers to the externally visible endpoints hosted by any company. External scanning can be performed to identify the number of publicly-facing assets. CSM provides functionality to scan these external assets, and based on the scanning results, patching can be performed to address any identified vulnerabilities.

The best part about Qualys CSAM is that it continuously pulls data. We can either install a cloud agent on all our machines or use IP wave scanning to identify the IP subnet. Qualys CSAM will identify any machine that spins up within that IT subnet during its scheduled scans. Once it finds a new machine within the subnet, it will register it as a new asset and populate it on the dashboard.

Qualys CyberSecurity Asset Management was able to identify an additional 50 to 100 assets that were not part of our vulnerability management program.

The key functionality of CSAM is a new feature update that Qualys releases periodically. It provides organizations and IT professionals with key metrics to understand how assets behave within their infrastructure, addressing the issue of unfamiliarity. CSAM focuses on efficacy, efficiency, and improved asset tracking. Better asset tracking enhances security posture, enabling timely patching and streamlining the entire vulnerability management lifecccccycle. Asset management is the first phase, and when asset tracking is simplified, the entire vulnerability management cycle becomes easier.

When discussing additional risk factors, CSAM provides crucial insights into the nature of the host, including basic information like hostname, IP address, operating system, installed applications, initial discovery date by Qualys, and current online/offline status. Leveraging risk factors like initial discovery date and the presence of malicious or outdated applications allows for collaboration with patch management teams to assess machine compliance. Effective asset management lifecycle practices empower organizations to comprehensively address many risk factors.

The True Risk Scoring was accurate. While false positives are always possible, they were minimal in Qualys, making it nearly perfect.

I have leveraged active and passive sensors, such as Qualys Cloud Agent models, to gain better visibility into our assets.

Qualys will send a probe whenever we have passive sensors and an established IP connection. This probing timeline indicates how frequently the network needs to be probed—for example, every 30 minutes. Based on the timeline, the sensor will probe the entire IP range and detect any new machines that appear, improving our visibility.

Qualys Cybersecurity Asset Management provides complete visibility of network assets, identifies vulnerable software, and helps prioritize them based on criticality. This facilitates effective patch management, offering valuable insights and reducing the attack surface.

To enhance network efficiency and minimize our vulnerability to cyberattacks, we have adopted Qualys Cybersecurity Asset Management.

The primary purpose of the external attack surface management is to provide clear insight into the data and infrastructure assets exposed to the internet. Qualys Cybersecurity Asset Management offers detailed information about these exposed assets, including websites, authentication methods, and MFA implementation. By considering all relevant risk factors, it provides a clear picture of vulnerabilities and prioritizes remediation efforts, enabling proactive risk mitigation. It also frequently scans our environment to re-evaluate the risk factors.

Qualys CyberSecurity Asset Management has helped to improve the organization's security posture significantly. It lets us confidently communicate with clients by showcasing a better security posture. We can evaluate and compare our security scores against vendor scores when onboarding vendors, enhancing understanding and transparency about our security landscape.

Qualys TruRisk scoring helps us prioritize vulnerabilities and identify the number of assets in our environment with a high-risk score.

Cybersecurity Asset Management's CMDB sync feature reduces our mean time to remediate from our three-day service level agreement to just 12 hours.