Solution & Technology Partners
Leading technology partners and organizations have integrated their products with QualysGuard to deliver a wide variety of high-value, differentiated security solutions. Straightforward APIs and XML data exchange make it easy to create seamless security solutions, while our Web service architecture minimizes solution maintenance and upgrade requirements. Non-technology organizations and associations find that QualysGuard provides an ideal mechanism for supporting their member's critical security needs.
Benefits for Integration Partners
QualysGuard is integrated with leading security solutions and technologies in these spaces:
Help Desk Ticketing Systems
QualysGuard's Trouble Ticketing system can automatically create trouble tickets for remediation using a robust rules engine. Through the QualysGuard Ticket Notification Engine (TNE) and associated ticketing APIs, QualysGuard can provide a seamless transfer of discovered vulnerabilities with many third-party ticketing. This integration enables enterprises to review vulnerability tickets generated by QualysGuard in their own ticketing systems without impacting operational processes.
QualysGuard Ticket Notification Engine
Qualys has built a highly customizable ticket notification engine (TNE) provided as RPMs packages, which sends SMTP messages to in-house ticketing systems or third-party applications such as CA Service Center, BMC Magic Service Desk, HP Service Desk, Bugzilla, and others that can support SMTP as a way to open new trouble tickets. Using QualysGuard's own APIs, the TNE can be configured to present all tickets or only a select few to designated individuals based on specific criteria defined by the user.
IDS/IPS
QualysGuard integration with IDS/IPS solutions provides customers with an automated way to adjust severity level of incident alerts based on host context information provided by QualysGuard. The joint solution delivers to customers a more accurate assessment of the detected incident facilitating remediation prioritization and ultimately reducing the amount of incident response resources consumed by non-critical or non-relevant incidents.
CounterAct
ForeScout CounterAct is a clientless network access control (NAC) and policy enforcement with built-in signature-less intrusion prevention and vulnerability assessment. QualysGuard integration with CounterAct enables vulnerability data from QualysGuard to be imported into CounterAct so customers have access to detailed host vulnerabilitiy data to be used for policy enforcement and/or correlated with information from other sources.
LANsurveyor
Neon LANsurveyor with Continuous Scan IDS is a software-based intrusion detection and prevention solution that works across network segments. LANsurveyor automatically generates a baseline network diagram; continuously updates the diagram, testing newly attached nodes to determine whether or not they belong on the network. QualysGuard integration with LANsurvivor provides continuous assessment by maintaining a scheduled network scans using QualysGuard and automated logs discovery of unsafe nodes and optional alerts. LANsurveyor can also optionally disconnect the new node from the network if the vulnerability assessment fails.
3D System
Sourcefire, Inc. (Nasdaq:FIRE), is a world leader in cybersecurity. Sourcefire is transforming the way Global 2000 organizations and government agencies manage and minimize network security risk. Sourcefire's IPS and real-time adaptive security solutions provide security for the real world of dynamic networks and escalating threats. Today, the names Sourcefire and Snort® have grown synonymous with innovation and cybersecurity.
The award-winning Sourcefire 3D® System is a Real-time Adaptive Security solution that leverages Snort, the de facto standard for intrusion detection and prevention (IDS/IPS). One of the core components of the 3D System is Sourcefire RNA® (Real-time Network Awareness). RNA passively aggregates network intelligence and presents a real-time inventory of operating systems, applications, and potential vulnerabilities on the network. The 3D System imports QualysGuard scan data into the RNA host database, providing a unique combination of "always-on" passive discovery and accurate vulnerability scanning. Users can quickly determine if a host is vulnerable to a given exploit, saving valuable analysis time. The 3D System can automatically initiate a QualysGuard scan whenever it detects a new host or application, minimizing the risk that hosts with critical vulnerabilities are connected with the network.
IT Governance, Risk and Compliance (IT-GRC)
QualysGuard integration with IT-GRC solutions allows customers to automatically import vulnerability or compliance information from QualysGuard into their IT-GRC solution. This allows asset owners to report on vulnerabilities and mis-configurations identified on their assets in one single view. They can then assign ownership to the individual issues, track remediation efforts or accept the associated business risk.
Archer Technologies
Archer Technologies is a leading provider of automated enterprise risk and compliance management solutions. Archer leverages the QualysGuard API to import detailed scan reports into the Archer Threat Management solution. This allows clients to link QualysGuard scans with other business-critical data such as vulnerability information from threat feeds (VeriSign® iDefense®, Symantec™ and Cisco®), asset information from the Archer Asset Management solution, and policies and authoritative sources from the Archer Policy Management solution. By linking this information within Archer, clients can reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls.
Modulo Risk Manager
Modulo is a market leader for IT Governance, Risk and Compliance management (ITGRC). Modulo Risk Manager™ provides organizations with the tools they need to automate the processes required for assessing security and attaining regulatory compliance. Modulo partnered with Qualys to integrate Modulo Risk Manager with QualysGuard. The combined offering provides global companies with a comprehensive security risk and compliance management solution.
The Modulo Risk Manager software automatically receives vulnerabilities and misconfiguration data collected through QualysGuard scans. This data is aggregated in the Modulo Risk Manager allowing users to easily view the data, providing better tracking, risk assessment and compliance documentation.
Network Access Control
QualysGuard integration with Network Admission/ Access Control solutions, a.k.a. NAC, provides organizations the capability to enforce security policies in order to grant access to the internal network without requiring a residing agent running in the endpoint. Endpoint agents require maintenance and support for multiple platforms, which in practical terms is not achieved. QualysGuard NAC integrations allow customers to audit hosts for vulnerabilities or specific configuration rules and proactively apply security policies to any device (workstations, printers, APs, etc) requesting access to the internal network, including guest and contract workers. By doing so, it prevents that unauthorized, vulnerable or infected devices enter the network and attack enterprise systems, other endpoints or simple spread malware.
MetaInfo SAFE DHCP
MetaInfo combines core IP network services with the security of Network Access Control. QualysGuard's NAM integration with the MetaInfo SAFE DHCP® Quarantine Appliance provides automated auditing of hosts as they request network access. The SAFE DHCP Quarantine Appliance checks the host's MAC address against its database, and, if the MAC address is unknown or expired, signals the QualysGuard appliance to scan the host for vulnerabilities. If the host's vulnerabilities exceed the customer-defined threshold, the host remains isolated from the network.
Network Behavior Analysis
QualysGuard integration with Network Behavioral Analysis (NBA) solutions enhances the effectiveness of behavior-based threat detection solutions by providing host security posture which can lead to better discernment about the detected network anomaly. The joint solution enables customers to stop harmful attacks to the network in its early stages and minimizes false positives, which leads to lower incident response and maintenance costs. Additionally, by targeting scans based on new detected device or behavior changes, customers are able to maintain an accurate vulnerability database without continuous wide-scale scanning; and scan hosts involved in suspicious or unusual activity in real-time.
Lancope StealthWatch
Lancope's StealthWatch System is the leading Network Behavior Analysis and response solution that unifies flow-based anomaly detection and network performance monitoring. By leveraging NetFlow, sFlow and native flow capture to deliver end-to-end network and application visibility across the enterprise, StealthWatch streamlines security and network management.
StealthWatch provides enterprise wide visibility into network traffic, host, end user and application behaviors enabling rapid detection of anomalous traffic patterns, suspicious host activities, illicit network usage and application abuse. StealthWatch quickly detects problematic hosts and provides a prioritized list of the greatest risk hosts on your network. The integration with QualysGuard enables administrators to automatically conduct vulnerability assessments on hosts that exhibit unusual behavioral characteristics, thus allowing them to do immediate reassessment of high-risk hosts. For more information, visit www.lancope.com.
Mazu Profiler™
Mazu Profiler™ (acquired by Riverbed) uses flow data from network traffic passing through routers and switches inside the network to monitor real-time network traffic. It can respond to risks, threats and outages. When Profiler is integrated with QualysGuard the combined solution provides better incident context and streamlines response processes.
Network Patching
QualysGuard integration with Network Patching solutions benefits both IT operations teams and security teams by effectively protecting systems while automatically managing the number of reported vulnerabilities that need to be addressed. They will certainly value a more focused Vulnerability Management which means less reactive efforts and a disruption-free risk mitigation process.
PatchPoint
The Blue Lane PatchPoint System is a patch protection gateway. Blue Lane's patch protection gateway provides inline vulnerability remediation for server operating systems, databases and enterprise applications, offering instant application protection with zero footprint, zero downtime, and zero tuning. Also without requiring any software deployment, QualysGuard provides a comprehensive on demand vulnerability management solution that enables security professionals to stay ahead of security threat exposures. PatchPoint integration with QualysGuard provides a unified solution that automatically ignores vulnerabilities detected by QualysGuard that have been protected by a network-patch implemented by PatchPoint. As a result, customers can focus on existing unprotected vulnerabilities that offer a real threat to the customers systems.
Patch Management
QualysGuard integration with Patching solutions increases the confidence level of detected vulnerabilities and even automates their remediation by implementing patches on confirmed vulnerabilities. As a result, the joint solution reduces threat exposure window as well as manual processes and duplicated efforts. It also provides a closed loop process where vulnerability scans are triggered after remediation to verify that vulnerabilities were effectively fixed.
Hercules
Citadel Hercules Remediation Manager (acquired by McAfee) manages and automates the remediation process for detected vulnerabilities. Qualys' integration with Citadel Security Software Inc. enables customers to automatically import vulnerability scan results; trigger remediation process and verify the remediation of vulnerabilities on their corporate networks. The combined solution will initiate an automatic vulnerability audit after each Hercules remediation cycle to validate the elimination of vulnerabilities on a company's network.
Penetration Testing
QualysGuard integration with Penetration Testing solutions increases the effectiveness of network security assessments by eliminating the manual step of running a scan before performing penetration testing using multiple interfaces. Customers are provided with an automated way to both scan networks against a comprehensive vulnerability database with QualysGuard and then to safely exploit those same vulnerabilities with a penetration test. The integration reduces the amount of time customers spend collecting data from vulnerability scans and performing penetration testing, while lowering costs and making the remediation process more effective.
CoreImpact
CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. QualysGuard's integration with CoreImpact automatically imports vulnerability assessment results into the CORE IMPACT management console. The integration reduces the amount of time security consulting organizations and corporations spend collecting data from vulnerability scans and performing penetration testing, while lowering costs and making the remediation process more effective.
CANVAS - D2 Exploitation Pack
Immunity CANVAS is the industry's premier penetration testing platform for security professionals. The Immunity-DSquare Security package leverages Immunity's world renowned exploit development techniques along with the cutting edge exploit plug-ins from DSquare Security. Immunity and DSquare Security integrate seamlessly with your Qualys experience to provide you with unparalleled situational awareness of penetration testing targets. Using the combination of the CANVAS platform with world class exploit developer partnerships will empower your security team to provide you both a productive and accurate pentesting solution.
Risk Management
QualysGuard Integration with Risk Management provides the automation of the entire risk management process which includes network discovery and vulnerability assessment in one comprehensive view for risk analysis and remediation prioritization. It consolidates vulnerability, configuration, and threat data. The joint solution gives enterprises the ability to model their network topology, determine what vulnerabilities are present on their network and understand which vulnerable systems can actually be accessed. All of this information is used to ultimately measure risk for asset groups and prioritize remediation.
Host Integrity Systems, Professional Services and Unitas™
Host Integrity Systems secures integrity for enterprises through discovery, technology, and governance. Host Integrity Systems works to ensure and educate compliance to domestic and international data privacy issues; performs risk management for identification and categorization of information assets; and optimizes workflow and governance based on category and priority ensuring the company's most critical assets are handled first resulting in compliance and overall integrity to the business system. Keeping to a company's investments in security and alert management software and systems, Host Integrity Systems' remediation and escalation management system, called Unitas™, integrates to your existing technology to unite these separate systems to provide a close-loop system to better optimize your people resources and to focus on those assets with the highest priority and importance to your business.
RedSeal
RedSeal's solutions enable companies to quantify overall security, assess critical areas of risk and validate that their security infrastructure successfully stops attacks. Integration of Redseal SRM with QualysGuard gives enterprises the ability to model their network topology, determine what vulnerabilities are present on their network and understand which vulnerable systems can actually be accessed based upon the network traffic filtering policies. All of this information is used to ultimately measure risk for asset groups and prioritize remediation.
SkyBox View
Skybox View® is an integrated family of Security Risk Management applications. QualysGuard integration with Skybox Security Risk Management (SRM) provides real-time updates of asset vulnerability data. As new hosts and vulnerabilities are discovered by QualysGuard, this information becomes immediately available in Skybox View's network model, and automatically evaluated in the attack simulation and risk calculation engine.
Security Intelligence
QualysGuard Integration with Security Intelligence solutions provides customers with in-depth information on vulnerabilities, zero-day threats and additional correlation services that allow customers to prioritize patching and remediation efforts.
iDefense
VeriSign® iDefense® Security Intelligence Services deliver actionable intelligence related to vulnerabilities, malicious code and geopolitical threats to protect enterprise IT assets and critical infrastructure from attack. IDefense leverages an extensive intelligence gathering network, proven methodology and highly skilled security analysts that span seven specialized intelligence teams to deliver deep analysis that goes well beyond the basic notification of a threat.
iDefense Exclusives into QualysGuard VM
The integration of iDefense with QualysGuard offers 2 new services to customers. Through the first of these services, iDefense has made its iDefense Exclusives security vulnerability data available through QualysGuard VM. Availability of iDefense Exclusives enables Qualys to create scan signatures for zero-day vulnerabilities. This enhancement to QualysGuard VM offers security teams more efficient and accurate risk mitigation capability against zero-day threats and vulnerabilities. More Info >
VeriSign® iDefense® Integration Service for QualysGuard® VM
Additionally, the iDefense security intelligence data is integrated with QualysGuard VM to enable customers with the ability to correlate iDefense vulnerability reports with Qualys scan data against IT assets to prioritize vulnerabilities based on severity, business criticality and relevance to the organization. This integration capability, available on the iDefense portal, helps security teams prioritize patch deployments and remediation efforts particularly between full vulnerability scan cycles of their environments. More Info >
SIEM (Security Information & Event Management)
QualysGuard integration with SIEM solutions enhances correlation and prioritization of security incidents/events by automating the import and aggregation of endpoint vulnerability assessment data. The integration enables the joint solution to automatically launch on-demand scans based on environment changes or policy compliance rules, prioritize events and provide detailed vulnerability information through one central interface.
Archer Technologies
Archer Technologies is a leading provider of automated enterprise risk and compliance management solutions. Archer leverages the QualysGuard API to import detailed scan reports into the Archer Threat Management solution. This allows clients to link QualysGuard scans with other business-critical data such as vulnerability information from threat feeds (VeriSign® iDefense®, Symantec™ and Cisco®), asset information from the Archer Asset Management solution, and policies and authoritative sources from the Archer Policy Management solution. By linking this information within Archer, clients can reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls.
ArcSight ESM
ArcSight Enterprise Security Manager (ArcSight ESM) provides a real-time threat management solution. ArcSight's ESM collects QualysGuard vulnerability assessment data via a SmartConnector to enable customers to precisely pinpoint the risk level of certain vulnerabilities in their IT environments. By correlating this information for real-time monitoring it reduces false positives and provides real-time analysis, visualization, reporting, forensic analysis and incident investigation.
CS-MARS
The Cisco® Security Monitoring, Analysis, and Response System (Cisco Security MARS) provides insight and control of the existing security deployment. Part of Cisco's security management lifecycle, Cisco Security MARS empowers security and network organizations to identify, manage, and counter security threats. QualysGuard integration with Cisco MARS allows vulnerability scan data to be automatically imported into CISCO MARS for enhanced correlation and prioritization of security events.
nFX
NetForensics Security Information Management (SIM) provides decision support for compliance, risk management and business continuity. QualysGuard and netForensics integration provides a centralized solution for correlation, log aggregation, threat analysis, incident response and forensic investigation with the additional value of providing valuable context for the threatened host. QualysGuard vulnerability details are displayed on demand for any hosts under attack or being investigated by netForensics. This allows users to quickly match attacks and misuse to a host's vulnerabilities as part of the investigation and mitigation process.
enVision
Network Intelligence's enVision provides both real-time and historical security and compliance analysis as well as reporting and alerting solutions. QualysGuard integration with enVision provides real-time update of asset vulnerability data. A critical part of Network Intelligence solution is an asset management component that is aware of the vulnerability and importance of each asset on the network. Network Intelligence can correlate that data with assets on the organization's network and fire alerts based on the type of attack and the attacked asset. With the addition of vulnerability data, Network Intelligence can determine the severity level of the attack.
Sentinel
Novell's Sentinel (recently acquired by Novell from e-Security) delivers visibility into an enterprise's network automating the monitoring of an enterprise's IT controls for effectiveness to detect and resolve threats in real time–before they affect the enterprise's business. By collecting the results of QualysGuard's vulnerability scans and correlating it with the user's intrusion detection sentinel (IDS) data, Sentinel's Exploit Detection functionality can instantly tell the Sentinel user if their infrastructure is at high risk from incoming exploits/malware.
StillSecure VAM
The StillSecure Enterprise Integration Framework includes a set of APIs that extend VAM capabilities, allowing users to import and export data into and out of VAM. This provides an interface framework for integrating VAM with existing IT systems. Using the Qualys connector, organizations can easily import devices scanned by Qualys into VAM for management. Through the integration, joint StillSecure and Qualys customers can better manage their organization's risk by proactively identifying, tracking, and managing the repair of critical network vulnerabilities. Organizations importing QualysGuard data into VAM adopt an auditable workflow process that focuses remediation efforts on the highest priority devices before they are exploited.
QRadar
QRadar goes beyond traditional security information/event management (SIEM) to create a command-and-control center. QRadar combines, analyzes and manages an unequalled set of surveillance data–network behavior, security events, vulnerability profiles and threat information–to empower enterprises to manage business operations on their networks efficiently from a single console. QualysGuard integration with QRadar provides vulnerability information that is used in powerful analysis of network assets and network activity, resulting in a more intelligent assessment of your network and potential threats to it.
SSMS
Symantec™ Security Management System (SSMS) provides a scalable, high-performance solution for centralized logging, alerting and reporting. The vulnerabilities identified by QualysGuard scans can be viewed within Symantec Enterprise Security Architecture (SESA) and correlated to other security alerts in Symantec Incident Manager. SESA is the security platform that powers the Symantec Security Management System. Symantec Incident Manager correlates security events in real time across disparate security technologies and network tiers to identify, prioritize and coordinate the resolution of security incidents.
Web Application Firewall Integration (WAF)
Imperva SecureSphere
The Imperva SecureSphere Web Application Firewall (WAF) protects Web applications and sensitive data against sophisticated attacks such as SQL injection, Cross-Site Scripting (XSS) and brute force attacks, stops online identity theft, and prevents data leaks from applications.
QualysGuard's Web application vulnerability scanners combined with Imperva's SecureSphere WAF secures critical business applications and significantly reduces the need for costly emergency fix and test cycles. Organizations using QualysGuard can scan their Web applications for vulnerabilities and then import the scan results into SecureSphere WAF. SecureSphere WAF can instantly mitigate the imported vulnerabilities using a "virtual patch", limiting the window of exposure and business impact.
