VA CHOICES
VA products today come in three variants: software-only, appliances, and services. Software-only based solutions were the first to market and there is no shortage of both proprietary and open-source solutions, with companies such as eEye Digital Security providing commercial software and Nessus being the major open-source alternative.
As the category suggests, software for both the scanning engine and the data repository run on a server of your choosing. The end user--that's you--is often required to install the necessary components, such as the underlying database, and to install and configure the VA console and scanning engine.
If you don't like software-only solutions, consider VA appliances. Foundstone and nCircle are two vendors who represent different approaches to the appliance market. With nCircle, the scanning appliances are hardened Unix systems and the data repository, reporting server, and management console also run on a hardened Unix appliance configured with additional memory and disk storage. The Foundstone FS1000, on the other hand, is a hardened Windows 2000 device with redundant hard disks that can also function as a general server.
VA services use VA appliances, but outsources the management and administration to an external provider, such as Qualys. With the Qualys solution, the VA appliances sit on the customer premises and initiate an SSL connection back to Qualys to receive instructions on what scans to perform. Once the scan data is retrieved by the appliance, the data is sent to the Qualys server farm for storage and analysis. The customer then logs into the Qualys Web site using a unique customer ID, making it possible to run reports or scans, and configure the system.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
