What difference does cloud Agents bring from a traditional external scanner (Cloud based).
Do we need to bundle CA with VM and CM modules?
Manoj, Cloud Agent brings in advantages such:
- More frequent visibility compared to scanning with an appliance
- Easier credential management for authenticated scanning
Cloud Agent works well for:
- assets that frequently change IPs (like via DHCP)
- assets that are remote, roaming or off the network
- offices or locations where it is not feasible/practical to deploy a scanner
- assets that are not always powered on and may not be available during a scheduled scan window
- assets in cloud environments (such as AWS, Azure, GCP) which are highly dynamic
Cloud agent is not intended to replace a scanner appliance, it can only be installed on endpoints - servers, workstations, and laptops. For scanning other IT assets such as network devices, printers, scanners, IP cameras etc. you'd still require a scanner appliance. For 100% coverage, cloud agents should be used in conjunction with scanner appliances.
These resources will help you get started:
Qualys Cloud Agent Introduction | Qualys, Inc.
Qualys Cloud Agent Getting Started Guide
The data from Cloud Agent can be used to send real-time alerts using Continuous Monitoring. These could be alerts about vulnerabilities, expiring SSL certificates, unexpected hosts and software, open ports, and remediation tickets.
More info: Qualys Continuous Monitoring
If you have a specific requirement, let us know, we can help you.
Thank you, Shyam.
Learnt, that cloud agents help in better asset Management. But Qualys says cloud Agents can only be used if combines with a virtual scanner appliance for VM module. Is that correct?
All that we want to do is install the cloud agents on hosts which are connected to the internet and use for VM.
Can this be done without a Virtual Scanner appliance?
Cloud Agents certainly help better in Asset Management, this is primarily because data is more real-time. Plus combine this with Continuous Monitoring and you can be alerted about critical and important changes in your network.
If you intend to cover devices such as routers, firewalls, printers, scanners etc. (where it's not possible to install an agent), you'll have to use the virtual scanner appliance as well.
I also recommend talking to your TAM about the coverage of Cloud Agents.
Can QIDs like "Mongodb Null Authentication" or "Apache Tomcat server using default credentials" be detected by the agent or would that require a virtual scanner?
The agent is NOT a replacement to scanners. Since the agent is on the host running as a service it can do AUTh checks only. Not all DataBase and application QID's are supported by the agent at this time.
The ones you have listed are probably remote checks that require a scanner.
Retrieving data ...