Qualys Blog

www.qualys.com
Juan C. Perez

Qualys Beefs Up Cloud Tool for Security Consultants

Like all security consultants, you face intensifying challenges, demands and pressures as your customers’ IT infrastructures become more complex and hackers get more aggressive and effective.

Organizations entrust you with the complex and critical task of making comprehensive and accurate security assessments of their IT environments. Every customer engagement is a high-stakes job.

You must stay abreast of the latest, ever more sophisticated cyber attacks, as well as understand your customers’ increasingly heterogeneous and distributed IT environments. To succeed, it’s not sufficient to rely on your know-how and experience, however vast those might be. You also need the best software tools available to do your job.

With  cloud-based, centrally managed Qualys Consultant for independent consultants, auditors and security firms, Qualys has stood for years at the top of the heap in this market, which is full of manual tools with limited functionality.

Now, Qualys is boosting its Consultant suite with enhanced features, new packages and more flexible and attractive pricing, resulting in simplified client engagements, increased productivity and reduced costs.

What Consultants Face Day-to-Day Out in the Field

IT security consultants like yourself strive to guide organizations in fortifying their IT infrastructure against cyber attacks. Thinking like a hacker, you must find vulnerabilities in organizations’ software, networks and systems, and then you must put on a CISO hat and prescribe the necessary fixes.

Making these assessments has gotten more complicated with enterprises’ adoption of mobile devices, cloud computing, virtualization and the Internet of Things. These and other disruptive technologies have extended and blurred the boundaries of organizations’ IT perimeters.

Meanwhile, cyber criminals work around the clock to refine their techniques and find new ways to compromise IT assets in this new “perimeter-less” world.

The Qualys Consultant Advantage

Over the years, leading security consultants worldwide have leveraged Qualys Consultant to offer their customers a wide range of first-class assessment services.

With Qualys Consultant in your toolset, you’ll be able to exceed your customers’ expectations by performing swift, customizable and precise security assessments and compliance audits.

Thanks to its cloud architecture, Qualys Consultant lets auditors and consultants scan, analyze and generate reports about the vulnerabilities in their clients’ networks, devices and web apps from a web console.

Qualys Consultant, built on the highly-scalable Qualys Cloud Platform and featuring Six Sigma accuracy, lets you monitor and scan all of an organization’s IT assets, whether they are on premises, in the cloud or in mobile endpoints.

There’s no need to set up servers, install software, manage storage or even be physically on customer premises, thanks to Qualys Consultant’s virtual, remotely-managed scanner appliances.

Moreover, Consultant’s powerful and flexible report-generation capabilities let you create reports tailored for each client and their specific needs. Providing your clients with customized and incisive reports will set you apart from competitors who are content with delivering undifferentiated scan reports that are long on itemized vulnerabilities but short on insights.

Consultant allows you to organize the scan information in the most appropriate way, so you can, for example, show how groups of assets fare against security goals in executive scorecards and generate detailed reports identifying how vulnerabilities change over time.

With Consultant, you can integrate your own executive summary and recommendations into the reports, so your insights become part of the document. Qualys Consultant also includes reusable report templates with adjustable layouts, and lets you personalize them with your brand.

What’s New?

Qualys is adding two new Consultant packages to the suite, which now offers multiple comprehensive security assessment tools in a centralized console. This allows consultants to consolidate their current toolset and eliminate time spent manually installing, managing, and administering them.

New packages

  • Qualys Consultant is designed for the “traveling” individual consultant who visits customers in person and performs assessments on site. This package lets consultants install a scanner on their laptops, which they can then plug into the customer’s network to perform vulnerability and PCI compliance assessment services.

Having this laptop scanner makes life simpler for these “one-man band” consultants. They would otherwise have to go through a more involved process of installing and configuring a virtual scanner for each customer network.

The local laptop scanner provides the same accuracy, cloud-based reporting and actionable results of the Qualys Cloud Platform.

Qualys Consultant, which also includes unlimited scans, starts at $2,995 per scanner (annually), a price point intended to appeal to smaller consultants. An optional Security Assessment Questionnaire module for third-party risk assessments can also be added to the package.

  • Qualys Consultant Professional is a new package tailored for security firms that includes a centralized cloud-based console and flexible scanner options.

With Qualys Consultant Professional, teams of consultants can perform remote or local vulnerability and PCI scanning, scheduling, reporting and remediation services, all from the Qualys Cloud Platform, making work across multiple client environments easy and efficient.

Additionally, powerful tools such as Qualys ThreatPROTECT, Security Assessment Questionnaire, Web Application Scanning, and Policy Compliance are available.

For example, with ThreatPROTECT, consultants get a robust app that correlates internal vulnerability data with external threat information and helps organizations prioritize which IT assets must be patched right away.

Qualys Consultant Professional also features an affordable price of $4,995 per scanner (annually) in its unlimited scan version. It’s also available in a tiered “pay per scan” version that starts at $1,995 per scanning package.

The Power of Security Assessment Questionnaire (SAQ)

Another significant enhancement to the Consultant product line is the addition of Qualys Security Assessment Questionnaire as an optional component for all Consultant packages.

SAQ automates the process of surveying an organization’s vendors and other third parties in order to assess the risk involved in giving them access to physical premises and IT systems and data.

These assessments are conducted via surveys and they evaluate critical areas of an organization such as its business continuity plans, physical and environmental security tools and practices, operational risk safeguards and human resources procedures. The traditional way of conducting these third-party risk assessment surveys — emailing questionnaires and tracking responses on a spreadsheet — no longer cuts it. It’s extremely labor-intensive, costly and time-consuming, and highly prone to errors.

For example, SAQ could help you automate complex security assessments such as the SANS top 20 Critical Security Controls that involve input from many of your customers’ staff members, both from a technical and business perspective.

Put Qualys Consultant in Your Toolbox

Security consultants carry a heavy load, so you need flexible, versatile and precise software tools. Give Qualys Consultant a try and see what a big difference it can make for you. For more information, download our Qualys Consultant datasheet.

Leave a Reply