Skip navigation
5237 Views 3 Replies Latest reply: Mar 3, 2011 4:37 PM by Matt Clancy RSS
Mike Mastela Level 1 4 posts since
Dec 2, 2010
Currently Being Moderated

Feb 15, 2011 7:47 AM

Server vs. client scanning

Greetings,

 

I am relatiively new to Qualys, until recently our scanning has been focused on Linux and Windows servers in our datacenters however, at management request I am now scanning client workstations and laptops in our HQ and field locations as well.  I've created asset groups for the client locations but I am wondering if it makes sense to create a new search list and option profiles for clients rather than using the one created by my predecessor for the servers. 

 

I am looking for any suggestions or input on best practices for managing scanning on a large population of workstation clients (~7,000), all input is appreciated.

 

Regards,

Mike

  • Robert Dell'Immagine Level 4 258 posts since
    Apr 26, 2010
    Currently Being Moderated
    Feb 28, 2011 5:41 PM (in response to Mike Mastela)
    Re: Server vs. client scanning

    Here is one tip you may find useful:  Any WOL ability with Qualys?

     

    Also:  Mobile clients scan

     

    Meanwhile, I'll find someone who may be able to give you more insight.

     

    Regards, Robert

  • Steve Binderup Level 1 5 posts since
    May 28, 2010
    Currently Being Moderated
    Mar 1, 2011 11:16 AM (in response to Mike Mastela)
    Server vs. client scanning

    The purpose of Vulneribility Management is to reduce the attack surface of your orginization and increase system stability and reliability  by addressing known software and configuration defects or in other words "getting stuff fixed".

         The most effective way to get stuff fixed is to give the right information and only the right information to the right person.  This is where search lists and asset groups come into play.  My recommended method is to get a target list of people you need to get information to and create a search list for each person that reflects their area of resposability so you are handing them a report that has just what they want to know.

    If you are asked to give ALL desktop issues to the desktop team that makes things easier on you but less likely to get things fixed.  If this is the case talk with people on the desktop team and see if you can help them to flush out areas of focus such as, "I can give you a report on all serious vulnerabilities where known exploit code exists in the wild that can be fixed by appying a patch". If they want to focus on a spacific product until it is all fixed you could offer a report that shows all vulnerabilities related to Adobe for example.

         When playing your favorite Zombie hunting game, if you try to shoot all of the Zomies at once the Zombies will eventually eat your brains.  If you methodicly focus on one or a small groups of Zombies within your reach and you keep on plugging away, you will live to play another day.

  • Matt Clancy Level 4 307 posts since
    Jul 23, 2010
    Currently Being Moderated
    Mar 3, 2011 4:37 PM (in response to Mike Mastela)
    Server vs. client scanning

    Mike,

     

    I'd also suggest that you get in contact with your Technical Account Manager (TAM).  Part of a TAM's job is to make sure our customers know how to most efficiently use their QualysGuard subscription.  This includes training, answering questions, and offering up suggestions for Best Practices.  If you aren't sure who your TAM is message me directly via the community and I'll put you in contact.

     

    Matt

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points