On demand IT security risk and compliance solutions provider, Qualys, and RSA, The Security Division of EMC (NYSE: EMC), have expanded their technology partnership to make QualysGuard vulnerability management and IT policy compliance data available to RSA’s client base.
Integrating QualysGuard Policy Compliance with RSA’s Archer GRC Framework will enable organizations to automatically import policy compliance scan information and report on misconfigurations across IT assets. Administrators can then assign ownership to individual issues, track remediation efforts or accept the associated business risk.
The Qualys and RSA integration helps enable joint customers:
• Quickly report on misconfigurations affecting business-critical assets
• Measure technical control effectiveness to corporate security policies
• Map security issues to business applications and roll-up risks across their enterprise
• Access centralized compliance reporting in one central location
This pre-built integration is available on RSA’s Archer Exchange, an online marketplace supporting enterprise governance, risk and compliance (GRC) initiatives. Companies can download the QualysGuard Policy Compliance integration package and import it into RSA’s Archer GRC Framework with no services or development resources needed.
“IT organizations are constantly challenged with expanding regulatory requirements, changing threats, and shrinking or static security budgets,” said Philippe Courtot, chairman and CEO of Qualys. “We are pleased to expand our integration with RSA’s Archer GRC Framework to offer customers a scalable and cost effective solution to assess risk and collect IT compliance data for all systems within their networks at a cost they can afford. The joint solution helps our customers make informed decisions based on IT risk management.”
According to recent Gartner research1, “By facilitating the mapping of controls to specific IT resources, and by automating the collection and reporting of information on the degree to which those controls are being performed, IT GRCM can be used to improve an organization’s external audit posture, reduce compliance reporting costs and improve an organization’s capability to address IT risks.”
QualysGuard Policy Compliance allows security managers to collect compliance information from hosts and systems on a global scale. It extends the global scanning capabilities of QualysGuard Vulnerability Management to collect operating system configuration and application access controls from hosts and other assets within the enterprise, and maps this information to user-defined policies in order to accurately document compliance with security regulations and business mandates.
“Through the integration of Qualys with the RSA’s Archer GRC Framework, our customers will be able to expand their view of vulnerability and compliance issues, making it possible to proactively address potential and existing organizational compromises and expedite compliance reporting,” said Jon Darbyshire, Archer General Manager for RSA, The Security Division of EMC.