I am relatiively new to Qualys, until recently our scanning has been focused on Linux and Windows servers in our datacenters however, at management request I am now scanning client workstations and laptops in our HQ and field locations as well. I've created asset groups for the client locations but I am wondering if it makes sense to create a new search list and option profiles for clients rather than using the one created by my predecessor for the servers.
I am looking for any suggestions or input on best practices for managing scanning on a large population of workstation clients (~7,000), all input is appreciated.
The purpose of Vulneribility Management is to reduce the attack surface of your orginization and increase system stability and reliability by addressing known software and configuration defects or in other words "getting stuff fixed".
The most effective way to get stuff fixed is to give the right information and only the right information to the right person. This is where search lists and asset groups come into play. My recommended method is to get a target list of people you need to get information to and create a search list for each person that reflects their area of resposability so you are handing them a report that has just what they want to know.
If you are asked to give ALL desktop issues to the desktop team that makes things easier on you but less likely to get things fixed. If this is the case talk with people on the desktop team and see if you can help them to flush out areas of focus such as, "I can give you a report on all serious vulnerabilities where known exploit code exists in the wild that can be fixed by appying a patch". If they want to focus on a spacific product until it is all fixed you could offer a report that shows all vulnerabilities related to Adobe for example.
When playing your favorite Zombie hunting game, if you try to shoot all of the Zomies at once the Zombies will eventually eat your brains. If you methodicly focus on one or a small groups of Zombies within your reach and you keep on plugging away, you will live to play another day.
I'd also suggest that you get in contact with your Technical Account Manager (TAM). Part of a TAM's job is to make sure our customers know how to most efficiently use their QualysGuard subscription. This includes training, answering questions, and offering up suggestions for Best Practices. If you aren't sure who your TAM is message me directly via the community and I'll put you in contact.