Manulife Outsources VM Scanning

By John Wagley

As an in-the-cloud solution, Qualys would require lower expenditures on hardware and labor. The vendor promised at least 99 percent uptime and offered advanced reporting capabilities that could benefit IT managers and higher-level executives. Qualys also offered comprehensive scanning. In addition to scanning network devices such as firewalls, routers, and computers, it could do Web application scanning, for example.

Getting started with Qualys was relatively simple, Hurley said. The process involved providing Qualys with information, including ranges of Internet Protocol addresses needed for the scanning process. One of the most time-consuming aspects of implementation was showing IT managers how to use the system and what their responsibilities would be in terms of scanning, reporting, and remediation.

Early in the process, it became clear how important it was for Manulife to have a strong sense of its “network assets,” Hurley said. That presented a challenge. It can be hard for organizations, particularly decentralized ones, to know about all their devices, he said. Manulife IT directors spent considerable time using software solutions to generate a comprehensive picture of devices on the network.

Scanning the network for vulnerabilities is only the first step, however. Qualys has also proven useful in helping IT managers follow up on remediating vulnerabilities, Hurley says. Identified weaknesses are often accompanied by links and other data that can help IT managers implement patches and updates.

The service has delivered on its promise of reliability. “We haven’t noticed any significant issues” regarding service so far, Hurley said. And when needed, customer service has been highly responsive, he added, facilitated by a 24-hour, seven-day-a-week helpdesk.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.