Qualys Review and Alternatives

Qualys is an asset discovery system. This is a cloud platform, and it is called Global AssetView. Once you have the discovery service operating to search in your network, you can choose to subscribe to extra modules that turn that asset inventory creator into a security system.

What is Qualys?

Qualys, Inc. started operations in 1999, and its headquarters is in Foster City, California, USA. The company specializes in IT system security products and has combined its services into a cloud platform.

The Qualys Cloud Platform offers fully integrated compliance reporting into all of the services that it delivers from its platform. The major requirement of most IT data security standards is that all system events should be thoroughly documented and that those logs are stored so that standards auditors can access them at will. This requirement aims to prevent companies from covering up data breaches.

Implementing system security with Qualys

All of the processing software for Qualys is hosted in the Cloud, so new customers don’t start their experience with a download. Instead, the user signs up for an account and then needs to nominate a server on the network that is to be monitored. Qualys requires an agent to reside on the customer’s network. This gets around the security processes that each business must have in place to block incoming connection requests.

Qualis Cloud Agent

Under the Qualys system, the Qualys agent drives data collection and uploads all of the information to the customer’s account on Qualys. The Qualys server receives that data, noting the account to which it relates, and saves all records within that customer account’s storage space. By segmenting its data stores, Qualys can ensure that the data held for one customer cannot be accessed by other account holders on the system.

Whichever of the Qualys modules you choose, the same single onsite agent will handle all of the data uploads to the server and implement responses according to instructions that arrive from the Qualys server.

How much does Qualys cost?

Qualys doesn’t publish its tariff, and it doesn’t like to tell its prices until it has run through to the end of a sales interview with enquirers.

You can get a 30-day free trial of the entire Qualys Cloud system as a starting point of your interest in the platform.

What are the Qualys elements and features?

Qualys Cloud Platform doesn’t have many features. Its base package is called Global AssetView (GAV). This is free, and it is a network discovery system that logs all assets connected to your network. This discovery module is continuous, updating the inventory whenever you add, remove, or move hardware.

Once you have the GAV running, you can add on modules, and each module incurs a charge. By this selection process, you tailor your package, creating a system monitor and endpoint detection and response service, a vulnerability manager, or governance, risk management, and compliance tool. Of course, you are allowed to implement all of these services.

The complete list of Qualys add-on modules is shown below. The list of tools is divided into five categories:

  • Asset Management
  • IT Security
  • Cloud and Container Security
  • Web Application Security
  • Compliance

Asset Management

CyberSecurity Asset Management

A risk assessor for the assets logged in the Global AssetView module. This is a vulnerability scanner.

Certificate Inventory

This module manages SSL certificates is an expansion of the vulnerability management t module. There is a free version of this module called CertView.

IT Security

Vulnerability Management, Detection, and Response

This is the most important service offered by Qualys. It is a bundle of modules that are offered individually under other module names. The core service here is a vulnerability scanner. The system scores discoveries by risk severity. The bundle also includes a patch manager that will lead on automatically from a vulnerability scan. The scanner also assesses device and software settings.

Other modules included in this bundle are Continuous Monitoring and Threat Protection. Add-ons to this module include a mobile device, cloud resource, and container scanning, plus remediation modules for those categories of systems.

Threat Protection

This module doesn’t operate as a standalone service. Instead, it acts as a prioritizer for the patches that need to be installed.

Continuous Monitoring

This is a network-based intrusion detection system. It spots abnormal activities on the network, and Qualys recommends that it is used in conjunction with the vulnerability manager for complete security protection.

Patch Management

This patch manager is available as a standalone service. However, it is also integrated into the Vulnerability Management, Detection, and Response package.

Endpoint Detection and Response

This is an anti-malware system that is also able to identify and block intruder activity. This is one of the main packages of the Qualys platform.

Certificate Assessment

A vulnerability assessor for SSL certificates that keeps a constant check on the validity of certificates. This module also includes the Certificate Inventory module described above.

SaaS Detection and Response

This module monitors cloud services for security weaknesses and looks out for unauthorized usage of those platforms, such as Office 365, Zoom, and Salesforce. This can extend to the monitoring of user accounts and file integrity monitoring.

Cloud and Container Security

Cloud Inventory

A complete system documentation service for cloud resources extends to an inventory of services and a record of user accounts and access rights.

Cloud Security Assessment

This is a combination of a vulnerability scanner and an intrusion detection system for cloud assets.

Container Security

With this module, you can get a live list of all of the containers that operate on your system, no matter where they are hosted. The tool presents live activity feedback on all operating containers. In addition, it has a list of possible security weaknesses that can affect containers, and it alerts if any of these indicators of compromise are spotted.

Web Application Security

Web Application Scanning

This is a scanner that discovers all Web applications that support your websites. It can drill down through APIs and document all supporting infrastructure. This service runs continuously.

Web Application Firewall

This module scans for security weaknesses in your websites and the services that support them. It also acts as a traffic filter, preventing DDoS attacks and other malicious attacks.

Compliance

Policy Compliance

This is a risk assessor for all of your systems and processes, ensuring that everything ties in with your standards compliance requirements. Tailor the system’s assessment by activating a template that corresponds to the standard that you are following.

Security Configuration Assessment

This is an add-on to either of the two vulnerability management modules in the Qualys Cloud Platform. It interprets the findings of the vulnerability scanner according to the rules of the data privacy standard that you need to follow.

PCI Compliance

This is a guide that walks you through all of the requirements for PCI DSS compliance. This helps you to adjust your system and prepare all necessary reports for accreditation.

File Integrity Monitoring

File integrity monitoring (FIM) is a requirement of many data privacy standards. This is why the module is listed as a Compliance service. However, this is a handy security tool even if you aren’t following a specific data protection stand. The module can be applied to particular directories and logs or black specific actions on protected files.

Security Assessment Questionnaire

The questionnaire is a format for gathering assessment data from third parties. You send a form to a vendor, fill it in, and store the answers in a database. This information forms an input into vendor risk assessments.

Out-of-Band Configuration Assessment

With this module, you can add into the compliance system details of hardware or software that, for some reason, the automated scanners of the vulnerability manager cannot reach. In addition, this module gives you a form to fill in or an opportunity to upload data into the system.

Qualys system requirements

The main modules of Qualys are all hosted, and so you don’t need to install them.

In addition, the onsite Qualys agent is available for the following operating systems:

  • Windows: XP, 7, 8, and 10
  • Windows Server: 2003 to 2019
  • Linux: RHEL, SUSE, Amazon, Oracle, Debian, Ubuntu
  • Unix: FreeBSD, AIX
  • Mac OS: 10.10 (Yosemite) to 11 (BigSur)
  • Cloud: AWS, Azure, Google Cloud Platform

Alternatives to Qualys

Qualys offers asset management, vulnerability management, patch management, configuration management, vendor risk assessment, and compliance management from the cloud. You stitch together a plan yourself by deciding which modules you want to include — there are no packages or editions for the service.

There are some excellent packages available that offer bundles of security systems and can keep your IT services fully compliant with the requirements of data security standards.

Here is our list of the seven best alternatives to Qualys:

  1. Invicti (ACCESS FREE DEMO) A vulnerability scanner for Web applications that are under development. This system is suitable for developers, tests, and IT operations technicians as the new code pass through the CI/CD pipeline. This service offers DAST, IAST, and SAST checks. This package doesn’t include a patch manager because it isn’t intended to scan software packages and operating systems. However, it can interact with other security services to shut down system settings weaknesses that the scanner identifies. Offered as a SaaS platform or for installation on Windows and Windows Server.
  2. Acunetix (ACESS FREE DEMO) A choice of on-demand or fully automated security scans offered in three editions. Options suitable for DevOps environments, IT operations for scanning Web apps, and network security management are available. This tool will scan through code, exercise modules for unit testing, and perform integration testing of new Web services to identify system weaknesses. This system also checks APIs, drilling through to the underlying microservices. The Acunetix system is offered in a Software-as-a-Service hosted format or on-premises installation that will run on Windows, macOS, or Linux.
  3. SolarWinds Security Event Manager (FREE TRIAL) This suite of security services from SolarWinds provides all of the services you need for data privacy standards compliance. This is a SIEM with an integrated log file manager. The package also includes a file integrity monitor. Within the procedures of this security package, you will also find a vulnerability scanner that gives you indicators on where your system needs updating to comply with your selected data security standards. This tool’s services can be tailored towards the requirements of PCI DSS, GLBA, SOX, NERC CIP, GDPR, and HIPAA. SolarWinds Security Event Manager is an on-premises software package. It installs on Windows Server. You can get a 30-day free trial to assess the Security Event Manager.
  4. ManageEngine Vulnerability Manager Plus (FREE TRIAL) This package includes a vulnerability scanner, a patch manager, a configuration manager, a file integrity monitor, and a risk assessor. This combination of services can be tailored to comply with specific data privacy standards, such as PCI DSS and HIPAA. The benefit of this package of services is that they will all run in concert. The vulnerability manager is the trigger for all security tightening activities, and it runs every 90 minutes. This is on-premises software that will run on Windows and Windows Server. Additionally, ManageEngine offers Vulnerability Manager Plus for a 30-day free trial.
  5. Syxsense Secure This package includes a vulnerability manager, a patch manager, a port scanner, and endpoint detection and response service. The EDR software acts as a next-gen antivirus and needs to be installed on each endpoint. This software will run on Windows, macOS, and Linux. The primary threat hunting and system scanning functions of Syxsense Secure are hosted on the Cloud. All of the services of Syxsense Secure will orchestrate to provide a fully automated protection system. However, the dashboard will issue alerts. In addition, there are guidance notes included in the vulnerability scan results that give you steps that you can undertake to close off exploits such as open ports or poorly planned user groups. Syxsense Secure is available for a 14-day free trial.
  6. SecPod SanerNow The anchor of this cloud-based system is a vulnerability scanner that links through to a patch manager, among other tools. This package also includes asset management and software inventory functions. SanerNow can be used to create standard configurations for endpoints and onboard new devices quickly. As well as being checked for availability, each device on your network is also guarded by endpoint protection and response service. SanerNow also includes a compliance tracking system that can tailor all of your security options to synchronize them with PCI requirements, HIPAA, NIST 800-53, and NIST 800-171. SecPod offers potential customers a free trial of SanerNow.
  7. Splunk Security Cloud That cloud-based package has an on-site version available, called Splunk Enterprise Security, that installs Windows, Linux, macOS, and Unix. Splunk Security Cloud is a SIEM that includes log file management. The package consists of an access point for a threat intelligence feed, but the actual data supply isn’t included – you can subscribe to one of a list of approved third-party feeds. Several add-ons and adaptations for the Splunk system include UEBA, SOAR, and specific tailoring for compliance with PCI DSS, GDPR, or HIPAA.