Better Trusted Scanning with Qualys-CyberArk Integration
Last updated on: September 6, 2020
To manage privileged credentials, especially across multiple systems in complex environments, many organizations use privileged account security solutions. Qualys has integrated with such solutions for a long time, and has recently upgraded its CyberArk integration to include CyberArk Application Identity Manager. This provides organizations a simplified way to manage access to privileged credentials (passwords and SSH keys) while performing vulnerability and compliance trusted scanning, without the need to store credentials in the Qualys platform.
Benefits for Vulnerability and Compliance Scanning
Integrating Qualys with privileged account security solutions improves overall security in a number of ways:
- Secure storage of privileged credentials reduces compliance concerns by enforcing the company’s password and credential access policies and providing a means to keep credentials on premise when necessary.
- Centralized management of credentials makes it easier to update them and audit their use, and reduces the potential for human error, like typing passwords incorrectly in a Qualys authentication record.
- Enforcement of password strength and automatic rotation of account credentials based on an organization’s security policy improves security.
- Centralized credential control simplifies password management, especially for dynamic environments that include a mix of cloud, on premises and virtualized infrastructure.
By making credential management easier, privileged account security solutions reduces organizational resistance to authenticated scanning. This helps security teams who should use authenticated scanning, also called host authentication or trusted scanning, whenever possible because it results in better visibility into vulnerabilities. Authenticated scanning gives Qualys scans access to additional system information beyond what is available from unauthenticated scans enabling deeper security assessments that provide better visibility into each system’s security posture. This leads to the most accurate results with fewer false positives.
CyberArk Application Identity Manager Support
With the Qualys’ integration with CyberArk Application Identity Manager, joint customers no longer need to store and manage their passwords, private keys and certificates within the Qualys platform to perform authenticated scans. This significantly reduces the complexity of credential management, as credentials are centrally managed and secured by the CyberArk solution. Organizations can automatically rotate credentials without the need to constantly update Qualys authentication configuration.
Choice of Solutions
Qualys offers native integrations with the leading solutions, including:
- BeyondTrust PowerBroker
- CA Technologies ControlMinder
- CyberArk Application Identity Manager
- Hitachi ID Privileged Access Manager
- Lieberman Software Enterprise Random Password Manager
- Quest One Privileged Password Manager
- Thycotic Secret Server
- Wallix AdminBastion
These integrations are built into the Qualys platform, which means that joint customers can immediately configure Qualys to authenticate via all supported solutions with no additional setup.