A growing number of organizations are using vulnerability management (VM) solutions to scan their networks for weaknesses and assist with updating and remediation processes. One way organizations have been doing this is with an in-the-cloud VM solution from Qualys.
An example is Manulife Financial, which is based in Canada and has offices across North America, Europe, and Asia. Manulife had already been doing VM scanning even before it started using Qualys earlier this year, but its approach had been disjointed and decentralized, according to Steve Hurley, Manulife’s director of global information security risk management, who spoke on the topic at a recent Gartner security summit in Washington, D.C.
The company relied on local IT directors to run VM scans and to report back to the central office, said Hurley. Each office had different software, which also meant that Hurley was spending too much time fixing and maintaining its VM solutions.
Hurley said he wanted a solution that could be run in a more consistent manner across the company’s offices and that could create standardized, easy-to-understand reporting.
The company chose a handful of IT professionals to research a new solution, and the team examined three main options. One option was to have an in-house solution, which would involve building off the company’s existing VM capabilities. The second was an open source solution, and the third was the in-the-cloud option from Qualys. One reason Manulife decided to look at Qualys was that it had been given positive reviews by several consulting firms, said Hurley.
One downside to both the in-house and the open source solutions was that both would require Manulife to purchase additional hardware and to spend considerable time training in-house staff, he said. And with the open source solution in particular, the company wasn’t exactly “sure what to expect."