Qualys Cloud Agent Frequently Asked Questions (FAQ)
With the increased deployment across our environment using cloud agents, here are a few questions regarding the agent. As always, if a question isn’t listed here feel free to get in touch with us and we’ll back to you - Information Security
Q: What is the Qualys Cloud Agent, and what is it used for?
A: Qualys Cloud Agent, as the name implies, is an agent installed on devices that are monitored for potential vulnerabilities. It is a lightweight agent designed for minimal presence while providing important information regarding the device’s security posture in our organization.
---
Q: What platforms does cloud agent support?
A: Currently as of the writing of this FAQ, specific versions of Windows, MacOS, and various Linux distributions, as well as other operating systems are supported. For more details, see pages 8 to 13 in the Getting Started guide linked at the bottom of this FAQ.
---
Q: How is the agent being distributed?
A: Via SCCM (Windows) and JAMF (Mac).
---
Q: How does the cloud agent update? Does it require a new installation?
A: The cloud agent self-updates by checking if a latest version is available when it contacts the Qualys Security Operation Center (SOC) in its next reporting interval. No intervention from the user is required for updates.
---
Q: How resource intensive is the cloud agent?
A: Cloud agents can be tuned for servers, desktops, and laptops. Generally, no more than 5% of CPU resources are used during the scans. We currently have ours set for laptops, as it’s the least intensive but also provides us with all required information.
---
Q: When are the scans scheduled to run?
A: Currently, we have them scheduled outside work hours, twice a week.
---
Q: How are we keeping track of the machines?
A: By utilizing tags, we can track our devices based on sets of rules that Qualys supports. For example, we are currently implementing tags based on Operating systems and naming schemas that we have in place.
---
Q: What information is found by the scans?
A: Like tickets that have been sent out by the information security team to ITLs, you can expect to see device name, outdated versions of potentially vulnerable software, and the solutions recommended by Qualys to fix those issues.
---
Q: Does the cloud agent scan my internal files?
A: No, the cloud agent only scans the services and configuration of the device in question (for example, which version a web server is running on which port - not the files hosted in the server). It is not a substitute for anti-malware/virus/data-loss prevention programs we currently have in place.
---
Q: Why do we need cloud agents when we already are getting information from our weekly scans?
A: Because of the current situation regarding working at home, devices away from on-premises and cloud aren’t scanned; the cloud agent serves to alleviate this by sending us important information about devices and their security.
Additional Reading:
https://www.qualys.com/docs/qualys-cloud-agent-getting-started-guide.pdf
https://www.qualys.com/cloud-agent/