IT Risk Manager at Lance Inc.
To manage IT threats, for a number of years, Lance
utilized a managed security services provider.
Unfortunately, the provider failed to live up to Lance's expectations and the company needed to find a more effective way to protect all of its IT
After considering its options, for increased control and visibility, Lance
decided it would bring its security operations in-house.
To succeed, the IT
team would have to assemble a vulnerability management program that was as automated as possible and designed to continuously identify IT assets and network changes, and to find systems in need of patching, software, and configuration updates.
To ensure that the company identified the best vulnerability assessment applications it could, the IT risk management team created a list of criteria that any tool they selected had to provide: accuracy, ease-of-management, and the ability to control the intensity of network assessments, explains John Marks, IT Risk Manager at Lance.
Real-World Evaluation, Surprising Results
As part of its market evaluation, Lance's IT team took a number of commercially available vulnerability scanners and conducted several live assessments on segments of its network.
team created custom scans to better identify which scanners would be best at accurately spotting vulnerabilities.
The results were startling.
Within several weeks of deploying QualysGuard VM, Marks
was able to put into place the procedures the company needed to mitigate system risks and successfully harden its network.
"We are taking the process of building our internal vulnerability management program very seriously," he
utilizes QualysGuard VM to conduct its scan and then dispatch reports to the various network and system owners for system updating and remediation.
appreciates the workflow and reporting, the operations teams appreciate the accuracy of the results that they've grown to trust and the actionable remediative information they've come to depend on.
"That is simply a wonderful aspect of QualysGuard
- the ability to drill down into source knowledge bases to identify all the solutions available," he