All Posts

2 posts

Top 5 New Settings in Security Compliance Manager for Windows 10

Most organizations enforce system configuration policies to reduce the chance of misconfiguration and improve their overall security posture. For Microsoft Windows systems, many organizations rely on guidance from Microsoft Security Compliance Manager (SCM) for proper configuration. For organizations deploying Windows 10, this Top 5 list helps you understand and implement the new settings introduced in SCM for Windows 10.

As an engineer on the Qualys Policy Compliance product team, I routinely compare compliance benchmarks, and have compiled this list based on my work. If you are already familiar with previous version of Windows, this blog post can help you to quickly adopt the new changes.

Controls (represented by Control IDs or CIDs) are the building blocks of the policies in Qualys Policy Compliance used to measure and report compliance for a set of hosts. For each of the Top 5 in this article, we include the CID that allows you to build policies to measure and report compliance for that new setting.

Continue reading …

Automate Host Discovery with Asset Tagging

Let’s assume you know where every host in your environment is. Wasn’t that a nice thought? The reality is probably that your environment is constantly changing. Knowing is half the battle, so performing this network reconnaissance is essential to defending it.

Tag, you’re mapped!

A common use case for performing host discovery is to focus scans against certain operating systems. This can be done a number of ways in QualysGuard, historically via maps or light scans followed by a manual workflow. Today, QualysGuard’s asset tagging can be leveraged to automate this very process. By dynamically tagging hosts by their operating system, one can split up scanning into the following:

  1. Frequent light scans that update QualysGuard with the current mapping of your network via dynamic asset tags.
  2. Targeted complete scans against tags which represent hosts of interest.

We step through how to set up your QualysGuard to do exactly this below.

Continue reading …