We're evaluating a development for a complementary system to Qualys Policy Compliance. Some of the challenges we have are not addressed by the system itself, like: check scans integrity, understand the risk of each control, analyse by system not asset, etc.
So, we developed a system with the features:
- Group several assets by application;
- Segregates applications environment type - production, development, quality, etc
- Evaluates the improvement of compliance after each scan;
- Enables to check the improvement month by month;
- Identify failed scans and alert by e-mail;
- Establishes an impact for each control, measuring the risk of non-compliance;
Currently we're in beta testing, but we want to understand if this is common for Policy Compliance users or is just a specific requirement for us.
My questions are:
- Is this new or already have any other solution?
- Is this specific?
- How do you deal with this challenges currently?