Rebuild machines without making duplicates in Qualys or Tenable

Rebuild machines without making duplicates in Qualys or Tenable

My friend does vulnerability management for a company that likes to rebuild machines instead of patching them. I don’t judge; that’s how I wanted to patch machines when I was a sysadmin but I didn’t have fast enough storage. But if you do this, you’re liable to end up with duplicate machines in your reports. One unpatched, and the other one (hopefully) patched. Here’s how to rebuild machines without making duplicates in Qualys or Tenable.

Read more

Force a Qualys Cloud Agent scan

Force a Qualys Cloud Agent scan

Unlike its leading competitor, the Qualys Cloud Agent scans automatically. This is good and bad. It means you don’t have to schedule scans, but it also means the Qualys agent essentially has free will. The results wander in whenever they feel like wandering in, and some people want more control than that. Especially at the end of a maintenance window. How to initiate an agent scan was easily the most frequent question I got when I was supporting Qualys for a living. And for a long time, you couldn’t. Then, when Qualys released the feature, they did so about as quietly as can be. Here’s how to force a Qualys Cloud Agent scan.

You can force a Qualys Cloud Agent scan on Windows by toggling a registry key, or from Linux by running the cloudagentctl.sh shell script.

Read more

Qualys vulnerability vs discovery scan

Qualys vulnerability vs discovery scan

One of my most frequent topics of discussion in my time as a vulnerability management architect was the question of a Qualys vulnerability vs discovery scan. It’s especially confusing because Qualys is completely silent on the topic. There’s a reason for that. Let’s talk about the types of Qualys scans and what they can do for you.

Officially, Qualys discovery scans don’t exist. That said, you can implement something very close to what Qualys’ competitors call a discovery scan, and reap numerous benefits from it.

Read more

Lockheed Martin Cyber Kill Chain explained

Lockheed Martin Cyber Kill Chain explained

The Lockheed Martin Cyber Kill Chain is a popular model in information security. The model illustrates the typical cyber attack. Like the CIA triad, the Cyber Kill Chain is a fundamental concept that helps people understand what motivates security professionals. Understanding it and being able to explain it makes us more effective at our jobs.

Here’s an explanation of the Cyber Kill Chain, along with a couple of examples, one real, and one imagined.

Read more