Senior Cyber Security Analyst at a financial services firm with 10,001+ employees
Real User
Top 20
2024-10-11T16:47:00Z
Oct 11, 2024
For Attack Surface management, we are using other tools in our organization. Our threat tracking and threat intelligence teams are using other tools. They are not integrated with the Qualys CSAM. We are exploring opportunities to integrate everything into one solution. We are planning to integrate Qualys CSAM with ServiceNow within a year. Everything will be automatically integrated with the ServiceNow module. Overall, I would rate Qualys CSAM an eight out of ten. There are some areas for improvement.
I would recommend this solution because by using a single solution, we can cover the three main pillars of CyberSecurity: vulnerability management, asset and product lifecycle management, and compliance management. It is the best product. In a single product, we can do all these things. These are the three pillars of cybersecurity. Nowadays, cyber threats are increasing. As vulnerability analysts and managers, our prime focus is to gather all the servers and categorize the servers based on the operating system technology. It can be an IT or OT server. It can be public-facing or private-facing. Our main focus is to gather vulnerabilities, and based on the severity of the vulnerabilities, we have to prioritize the servers. We can shortlist the top ten vulnerable servers. The remediation team can then focus on them to mitigate vulnerabilities. To implement that solution, we need to categorize everything. The categorization part has to be done as per the CSAM model. If we want to do external server categorization, we have to go for external attack surface management or EASM, or we can use CSAM for internal servers. When you get the product license, external attack surface management is not available. It is not activated. You need to activate it from CSS and configure it. It asks for domain details and the domain you want to focus on. Based on the domain details, it configures external attack surface management. You also need to consider the scan schedule, such as, after how much time, it will launch a discovery scan. You need to provide information about how many servers or products are managed by Qualys or how many are unmanaged but still detected in Qualys. After the configuration, you have to wait for the first discovery scan. When that is completed, Qualys looks for the domain name mentioned in the configuration area and pulls out details related to that domain. It shows the status and any vulnerabilities, and whether an asset is managed or unmanaged. You have the overall data, and you can also define or prioritize based on TruRisk Score, which is generated by external attack surface management. We are not using the CMDB Sync feature. We have integrated Qualys CSAM with ServiceNow CMDB, so all the onboarded servers or products are directly reflected in ServiceNow CMDB. When any high-severity vulnerability is detected by Qualys CSAM through discovery scans, it automatically raises a ServiceNow incident, which is automatically assigned to the asset owner or product owner. This automation has been implemented by our team. Overall, I would rate Qualys CSAM a ten out of ten.
I'm an end-user. When we first started using the solution it had fewer features than it has today. That said, it still was the platform that allowed us to manage hardware and software assets on-prem and in the cloud. I'd rate the solution nine out of ten. It's a good idea to start with Qualys training, and I have to say their training is outstanding. Their training provides the best way for a new user to learn how to work with the platform. The platform itself can be very complex and there are many features that might affect one another.
I would rate Qualys CyberSecurity Asset Management ten out of ten. Qualys Cybersecurity Asset Management seems to offer a more comprehensive solution than what I've seen from competitors like Tenable and Rapid7. While I haven't reviewed their offerings recently, in the past they primarily focused on vulnerability scanning, which isn't as extensive as Qualys CSAM's asset management capabilities. No maintenance is required. Everything is self-updating from Qualys. From cloud agents to sensors, all of those are automatically updated. Organizations that rely solely on external attack surface management for vulnerability management are making a dangerous assumption. This approach presumes complete knowledge of their assets, which is unrealistic without full visibility into internal and external environments. Companies with a 'we're secure' attitude often have poor security, while those welcoming security assessments tend to have a strong security posture. CSAM's tagging features, especially dynamic tagging with its easy-to-use rules, can significantly improve your efficiency across various tasks like patch and vulnerability management. By automating manual work, dynamic tags free up your time. Take advantage of the free CSAM training and consider consulting a trusted partner to accelerate your learning and implementation – their experience can save you weeks of effort.
Learn what your peers think about Qualys CyberSecurity Asset Management (CSAM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
For Attack Surface management, we are using other tools in our organization. Our threat tracking and threat intelligence teams are using other tools. They are not integrated with the Qualys CSAM. We are exploring opportunities to integrate everything into one solution. We are planning to integrate Qualys CSAM with ServiceNow within a year. Everything will be automatically integrated with the ServiceNow module. Overall, I would rate Qualys CSAM an eight out of ten. There are some areas for improvement.
I would recommend this solution because by using a single solution, we can cover the three main pillars of CyberSecurity: vulnerability management, asset and product lifecycle management, and compliance management. It is the best product. In a single product, we can do all these things. These are the three pillars of cybersecurity. Nowadays, cyber threats are increasing. As vulnerability analysts and managers, our prime focus is to gather all the servers and categorize the servers based on the operating system technology. It can be an IT or OT server. It can be public-facing or private-facing. Our main focus is to gather vulnerabilities, and based on the severity of the vulnerabilities, we have to prioritize the servers. We can shortlist the top ten vulnerable servers. The remediation team can then focus on them to mitigate vulnerabilities. To implement that solution, we need to categorize everything. The categorization part has to be done as per the CSAM model. If we want to do external server categorization, we have to go for external attack surface management or EASM, or we can use CSAM for internal servers. When you get the product license, external attack surface management is not available. It is not activated. You need to activate it from CSS and configure it. It asks for domain details and the domain you want to focus on. Based on the domain details, it configures external attack surface management. You also need to consider the scan schedule, such as, after how much time, it will launch a discovery scan. You need to provide information about how many servers or products are managed by Qualys or how many are unmanaged but still detected in Qualys. After the configuration, you have to wait for the first discovery scan. When that is completed, Qualys looks for the domain name mentioned in the configuration area and pulls out details related to that domain. It shows the status and any vulnerabilities, and whether an asset is managed or unmanaged. You have the overall data, and you can also define or prioritize based on TruRisk Score, which is generated by external attack surface management. We are not using the CMDB Sync feature. We have integrated Qualys CSAM with ServiceNow CMDB, so all the onboarded servers or products are directly reflected in ServiceNow CMDB. When any high-severity vulnerability is detected by Qualys CSAM through discovery scans, it automatically raises a ServiceNow incident, which is automatically assigned to the asset owner or product owner. This automation has been implemented by our team. Overall, I would rate Qualys CSAM a ten out of ten.
I'm an end-user. When we first started using the solution it had fewer features than it has today. That said, it still was the platform that allowed us to manage hardware and software assets on-prem and in the cloud. I'd rate the solution nine out of ten. It's a good idea to start with Qualys training, and I have to say their training is outstanding. Their training provides the best way for a new user to learn how to work with the platform. The platform itself can be very complex and there are many features that might affect one another.
I would rate Qualys CyberSecurity Asset Management ten out of ten. Qualys Cybersecurity Asset Management seems to offer a more comprehensive solution than what I've seen from competitors like Tenable and Rapid7. While I haven't reviewed their offerings recently, in the past they primarily focused on vulnerability scanning, which isn't as extensive as Qualys CSAM's asset management capabilities. No maintenance is required. Everything is self-updating from Qualys. From cloud agents to sensors, all of those are automatically updated. Organizations that rely solely on external attack surface management for vulnerability management are making a dangerous assumption. This approach presumes complete knowledge of their assets, which is unrealistic without full visibility into internal and external environments. Companies with a 'we're secure' attitude often have poor security, while those welcoming security assessments tend to have a strong security posture. CSAM's tagging features, especially dynamic tagging with its easy-to-use rules, can significantly improve your efficiency across various tasks like patch and vulnerability management. By automating manual work, dynamic tags free up your time. Take advantage of the free CSAM training and consider consulting a trusted partner to accelerate your learning and implementation – their experience can save you weeks of effort.