Fernando Karl

Complementary system

Discussion created by Fernando Karl on Jan 6, 2014

Dear All


We're evaluating a development for a complementary system to Qualys Policy Compliance. Some of the challenges we have are not addressed by the system itself, like: check scans integrity, understand the risk of each control, analyse by system not asset, etc.


So, we developed a system with the features:


- Group several assets by application;

- Segregates applications environment type - production, development, quality, etc

- Evaluates the improvement of compliance after each scan;

- Enables to check the improvement month by month;

- Identify failed scans and alert by e-mail;

- Establishes an impact for each control, measuring the risk of non-compliance;


Currently we're in beta testing, but we want to understand if this is common for Policy Compliance users or is just a specific requirement for us.


My questions are:


- Is this new or already have any other solution?

- Is this specific?

- How do you deal with this challenges currently?