Use Qualys Virtual Scanners

This section provides guidance on when to use the virtual scanner.

When to Use Qualys Virtual Scanners?

You can utilize the Qualys Virtual Scanner for several specific use cases:

  • Internal Network Scanning - The Virtual Scanner is ideal for scanning internal networks that are not accessible to external scanners. It effectively identifies vulnerabilities within your internal systems.
  • Cloud Environment Scanning - It efficiently scans assets in dynamic cloud environments, including infrastructures such as AWS, Azure, and private clouds.
  • Compliance Audits - Regular internal audits are crucial for ensuring compliance with industry standards and regulations. The Qualys Virtual Scanner meets all necessary compliance requirements.

Why Customers Should Use Qualys Virtual Scanners

Implementing Qualys Virtual Scanners allows organizations to proactively identify and mitigate vulnerabilities within their internal networks. This helps ensure compliance with industry standards and enhances the overall security posture. Their seamless integration with existing virtual environments and the Qualys Enterprise TruRisk™ Platform makes them a valuable asset for comprehensive security management.

Configuration Recommendations Based on Organization Size:

  • Small-Sized Businesses: 
    • Resource Allocation: Allocate 4 CPU cores, 8 GB of RAM, and 56 GB of disk space for the virtual scanner.
    • Deployment: Deploy a single virtual scanner to cover the entire internal network, ensuring it has access to all necessary segments.
  • Medium-Sized Businesses:
    • Resource Allocation: Consider scaling resources to 8 CPU cores and 16 GB RAM, depending on network complexity and asset count.
    • Deployment: Deploy multiple scanners in strategic network segments to balance the scanning load and reduce potential network congestion.
  • Large and Very Large Businesses:
    • Resource Allocation: Utilize the maximum supported size for a scanner instance, which is 16 CPUs and 16 GB RAM.  
    • Deployment: Implement multiple scanners across various data centers and network segments, ensuring comprehensive coverage and efficient load balancing.

Additional Configuration Considerations

The following are the additional configuration must be considered before using Virtual Scanner Appliance:

  • Network Settings: Configure static IP addresses, proxy servers, and VLAN tags as needed to align with network architecture.  
  • Bandwidth Requirements: Ensure a minimum bandwidth of 1.5 Mbps to the Qualys Enterprise TruRisk™ Platform for optimal scanner performance.  
  • Outbound Access: Allow outbound HTTPS (port 443) access to enable communication between the scanner and the Qualys Enterprise TruRisk™ Platform.
  • For detailed deployment instructions and best practices, refer to the Qualys Virtual Scanner Appliance User Guide.

By tailoring the deployment and configuration of Qualys Virtual Scanners to the specific needs of your organization, you can achieve efficient and effective vulnerability management across all network environments. Here are additional helpful insights and best practices for Qualys Virtual Scanner users:

Best Practices for Efficient Scanning

Here are some best practices for efficient scanning:

Segment Network for Scanning: Deploy scanners in different network segments to avoid network bottlenecks and ensure faster scan times.

  • Scheduling Scans: Schedule scans during off-peak hours to minimize the impact on production environments.
  • Incremental Scanning: Opt for incremental scans when possible to reduce the scanning load and focus only on changed or newly added systems.
  • Scanner Updates: Regularly update the scanner software to ensure compatibility and access to the latest vulnerability definitions.

Security Recommendations

  • Access Control: Restrict scanner access to authorized personnel and maintain secure credentials.
  • Network Security: Isolate scanners in a secure VLAN and use firewalls to control access.
  • Audit Logs: Enable logging to monitor scanner activity and detect any anomalies.

Performance Optimization

  • Resource Monitoring: Continuously monitor scanner CPU, memory, and disk usage to prevent performance degradation.
  • Load Balancing: Deploy multiple scanners in high-traffic environments to distribute scanning tasks and maintain efficiency.
  • Exclude Non-Critical Assets: Exclude low-risk or non-essential devices from scans to optimize scanning speed.

Reporting Tips for Better Insights

  • Custom Reports: Create custom reports based on asset categories, vulnerability severity, or compliance requirements to target specific security goals.
  • Trend Analysis: Use Qualys dashboards to track vulnerability trends over time and demonstrate improvement in security posture.
  • Stakeholder-Specific Reports: Generate simplified reports for executives and detailed ones for IT/security teams.

Integration with Other Security Tools

  • SIEM Integration: Integrate Qualys with Security Information and Event Management (SIEM) tools like Splunk to get real-time alerts and insights.
  • Ticketing Systems: Connect with ITSM tools (like ServiceNow) for automated ticket creation and remediation tracking.
  • Cloud Provider Integration: Use native Qualys integrations for AWS, Azure, and Google Cloud to scan cloud environments efficiently.

Compliance and Governance Use Cases

  • Regulatory Compliance: Utilize Qualys scanning for PCI-DSS, GDPR, and other compliance requirements by automating and documenting assessments.
  • Policy Compliance: Conduct internal audits to ensure adherence to corporate IT and security policies.

Troubleshooting Tips

  • Network Connectivity Issues: Verify firewall rules and proxy settings if scanners are unable to connect to the Qualys Enterprise TruRisk™ Platform.
  • Slow Scans: Review scan logs for errors and optimize scan targets to improve efficiency.
  • Failed Authentication: Check and update authentication records to ensure successful scans, especially for Windows environments.

Emerging Trends and New Use Cases

  • IoT and OT Scanning: As IoT devices and operational technology become part of networks, Qualys virtual scanners can be configured to assess their security posture.
  • Remote Work Environments: Deploy scanners to cover remote and hybrid workforce infrastructure to maintain security visibility. Most of the content above is general best practices and insights based on common industry knowledge regarding virtual scanners and vulnerability management. Use this and we will ask them to verify 

Deployment and Configuration

Supported Virtualization Platforms: Qualys Virtual Scanner Appliances can be deployed on various platforms, including VMware, Amazon EC2, Microsoft Azure, Google Compute Engine, OpenStack, and Oracle Cloud Infrastructure. Each platform has specific deployment steps detailed in the Qualys Virtual Scanner Appliance User Guide.

Resource Allocation: It’s crucial to allocate appropriate resources to the virtual scanner based on your environment’s size and scanning requirements. Qualys provides guidelines for resource allocation in their user guide.

Best Practices for Effective Scanning:

Here are some best practices for effective scanning:

  • Network Accessibility: Ensure that the virtual scanner has the necessary network access to reach all intended scan targets. This may involve configuring firewall rules and routing to allow scanner traffic.
  • Avoid Scanning Through Firewalls: To maintain scan accuracy and performance, it’s recommended to deploy scanners within the same network segment as the target assets, avoiding scans that traverse firewalls. This practice helps in reducing potential latency and interference.  
  • Regular Updates: Keep the scanner appliance updated to the latest version to benefit from improved features and vulnerability signatures.

Security Considerations

  • Access Control: Restrict access to the scanner appliance management interface to authorized personnel only. Implement strong authentication mechanisms and monitor access logs regularly.
  • Data Protection: Ensure that scan data transmitted between the scanner appliance and the Qualys Enterprise TruRisk™ Platform is encrypted. Qualys appliances are designed to communicate securely over HTTPS.

Performance Optimization

Load Distribution: In large environments, distribute scan loads by deploying multiple scanner appliances across different network segments. This approach enhances scan efficiency and reduces the impact on network performance.

Scan Scheduling: Schedule scans during periods of low network activity to minimize potential disruptions. Qualys allows for flexible scheduling to accommodate various operational needs.

Integration Capabilities

API Access: Qualys provides APIs that allow for integration of the scanner appliance with other security tools and systems, facilitating automated workflows and centralized management.

SIEM Integration: Integrate scan results with Security Information and Event Management (SIEM) systems to enhance threat detection and response capabilities.

For comprehensive guidance and detailed instructions, please refer to the Qualys Virtual Scanner Appliance User Guide.

By adhering to these best practices and leveraging the capabilities of Qualys Virtual Scanner Appliances, organizations can effectively manage vulnerabilities and maintain a robust security posture across their virtualized environments.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.