Qualys Out-of-Band Configuration Assessment (OCA) offers you a cloud based solution to help you assess compliance posture of critical assets that cannot be reached remotely via an external tool or a scanner nor can a third-party agent be installed on them. For example, PLC networked systems or highly secretive banking hosts.
OCA allows you to upload the configuration data or commands output of such assets. Once in Qualys platform, compliance or vulnerability signatures can be executed on this configuration data to generate assessment report in the same manner as other PC assets.
The agent-based or agent-less remote assessment of some assets could be difficult for several reasons, namely:
- The asset owners may be very protective of the assets and related network infrastructure devices, appliances and the credentials to those systems. Due to which they would only provide the required evidence data to the audit/assessment team to validate the required vulnerability/configuration checks.
- The assets may not support secure remote access and provide only the console access.
- The assets could be in network segment that is not accessible to the scanners remotely.
- The assets are critical; hence, third-party agents cannot be installed on them due to memory issues or due to non-transparency of what data is pulled for the assessment.
You can start managing your out-of-band assets for supported technologies in minutes. Just add assets and upload their command outputs or configuration data.
Now that you have uploaded data for the assets you can view the data against the policy compliance controls from:
- Assets Details page in OCA module
- AssetView module
- Policy Compliance module