Educause Security Discussion mailing list archives
Re: Vulnerability Assessment Scanner qualysguard
From: "Beechey, Jim" <beechey () NORTHWOOD EDU>
Date: Thu, 5 Feb 2009 16:41:31 -0500
Jason Sure, no problem we are using Qradar from Q1Labs. Certainly not open source, but we are very pleased with the product. Qradar can either be a SIM/SIEM or just log management, but we went the full blown route. We view it as our security console for most of what we do and try to integrate everything we possibly can. One thing to mention about VA integration is there are several different levels from what we saw during our evaluation. Sure, importing an xml results file is nice, but having the ability to schedule scans from the SIM, have them automatically login to the VA system, run the scan, return the results and populate the data into the asset profiles is really nice. The only caveat with Qualys is since they are constantly updating their product (good thing), the integration can break so having a responsive vendor is important. Budget justification wasn't easy, but not terrible. I definitely had to sell it though. Our institution is tends to favor commercial solutions rather than open source, depending upon the support/installation requirements. Spending money on technology over head count is definitely preferred. While I didn't say I wouldn't come for head count in the future, I did feel this would delay requests. We had no centralized logging and no flow collection either so this took care of both needs. I illustrated the time/effort required to track down a few incidents from the previous year vs. what "could have been" with a SIM. The other area where you can help yourself in justification is getting the operations folks involved. These tools have so much to offer network and server admins beyond the obvious security benefits, even some reports/dashboards for execs. Pretty charts and graphs never hurt right? Hope that helps Jim From: Youngquist, Jason R. [mailto:jryoungquist () ccis edu] Sent: Thursday, February 05, 2009 3:21 PM To: Beechey, Jim Subject: RE: [SECURITY] Vulnerability Assessment Scanner qualysguard Jim, We have Qualys as well, and I've been quite satisfied with it. It definitely is a lot better than running Nessus scans. I like the reporting and ticket system. If I may ask, what SIM solution are you using? I've been looking for a centralized log management solution, and ideally, a SEIM. I'd like to get a SEIM because it would be able to normalize and correlate items and it would provide more context than a log management solution and also provide actionable items based on log data, but don't know how I can justify the cost of good commercial log management system much less a full blown SEIM. For the SIM solution you purchased, did you have to sell the solution to management, or were they already on board? Did you investigate any open source solutions? My CIO is big on me looking into open source solutions, but the only one I've found is OSSIM, which was hard to configure and I didn't find it useful. I have Splunk installed on a Linux box, but haven't had a chance to evaluate it. Splunk seems to be good for centralizing and searching through logs, but I would like more of the alerting and normalization/correlation capability found in SEIM solutions. Thanks. Jason Youngquist
Current thread:
- Vulnerability Assessment Scanner qualysguard Anand S Malwade (Feb 04)
- <Possible follow-ups>
- Re: Vulnerability Assessment Scanner qualysguard Perry, Jeff (Feb 04)
- Re: Vulnerability Assessment Scanner qualysguard Hugh Burley (Feb 04)
- Re: Vulnerability Assessment Scanner qualysguard Beechey, Jim (Feb 04)
- Re: Vulnerability Assessment Scanner qualysguard Doug Markiewicz (Feb 05)
- Re: Vulnerability Assessment Scanner qualysguard Beechey, Jim (Feb 05)