With QualysGuard 7.8, customers can now create new Vulnerability Scorecard Reports and set remediation goals to measure and monitor the performance of the teams in charge of fixing vulnerabilities in their companies. Enhancements to the Vulnerability Scorecard Reports will help security professionals better monitor the progress of their vulnerability remediation process.
In addition, Dynamic Asset Tagging and Management, which automatically identifies, categorizes and manages large numbers of assets in highly dynamic IT environments, is now integrated with Vulnerability Scorecard Reports. This integration gives security managers and executives always up-to-date reports that measure the number of vulnerable hosts per business unit against a list of vulnerabilities that represent the most important security risks.
These reports also display the groups of assets, or business units, that are meeting their goals in term of fixing these vulnerabilities. Furthermore, Vulnerability Scorecard Reports provide additional vulnerability management metrics and statistics, giving managers and unit managers more visibility into the efficiency of fixing critical and important vulnerabilities that expose their business to IT risks.
The Vulnerability Scorecard Reports offer these new capabilities:
- Customizable Business Risk Goals represent the maximum allowed percentage of vulnerable hosts per asset tag or asset group.
- Support for Vulnerability Search Lists: search lists can be used as a set of vulnerabilities that must be fixed according to their security risk, and the scorecards will measure the remediation progress and report the entities that have met their goal.
- Breakdown of Vulnerabilities per Asset Tag and Asset Group organizes assets by business units, technology, or other organizational entities.
- Number of New, Active, Fixed and Re-Opened Vulnerabilities gives insight into vulnerability scanning and remediation performance.
- Number of Vulnerabilities by Age shows the number vulnerabilities that are less than one month, two months or three months old.
- Number of Vulnerabilities by Type shows the breakdown of confirmed vulnerabilities versus potential vulnerabilities.
- Vulnerability Scorecards can be scheduled on a daily, weekly or monthly basis to continuously monitor remediation progress.
- Vulnerability Scorecards can be exported in CSV format automatically via the API or manually in the UI, for easy integration into external security performance dashboards.