QualysGuard asset tagging using Common Platform Enumeration(CPE)

Asset management is a systematic process of deploying, operating, maintaining, upgrading, and disposing of assets cost-effectively. Efficient asset management is highly essential for an effective vulnerability management solution.

The first step in a vulnerability scan is tracking host and these host in groups are basically considered as asset group. While scanning a group of host we include the scope in the matter of asset groups. That is why it is also said that asset management and scanning complement each other. Asset grouping is also important as a complete inventory of asset provides insight into their metadata and this helps the organization to analyze the scan result more comprehensively from security point of view.

What is CPE?

CPE (Common Platform Enumeration) is a structured naming scheme that aims to provide a standard naming specification to identify hardware and software that compose information technology systems. CPE is a component of Security Content Automation Protocol (SCAP), which is a set of technical specifications supported by the U.S. government to promote standardization and automation of information security implementation. CPE defines a naming structure to identify information system platforms, such as hardware, operating systems and applications. Use of the CPE naming specification will enable venders, security experts, system administrators and users to identify and discuss IT platforms with vulnerabilities using a common language.

Asset Tagging

You might ask what the need of asset tagging is, as we can scan and collect report without asset tagging as well. But the fact is asset tagging will enhance the flexibility of asset searching and will help in organizing the assets in various ways. Entering and tracking information on asset manually will not be an ideal solution for large scale enterprise environments. Tagging or simply labeling has the ability to understand and apply one or more tags as labels to assets in an automated manner using rules. We refer to labels as tags and they can be used to organize, search and prioritize assets across all QualysGuard solutions such as Vulnerability Management, Web Application Scanning, Policy Compliance and Malware Detection Service.

Asset tags are default and also we can create user defined asset tags as well. A tagging capability has been present in Qualys Guard called CPE tags and this will give more specific asset groupings during security analysis. Let’s say for example a tag for Operating system is being created which helps us segregate assets with Windows 7.  But CPE tagging will help us categorize within that OS for architecture details, in fact sometime the system bit such as 32 bit or 64 bit etc. This can also be used to tag asset based on various vendors based hardware or infrastructure devices. This feature enhance the utility of asset tagging and analyst can play more around these tag to make more specific groups.

Authored by Sameer Nanda

Rate this article: 
Average: 2.4 (7 votes)
Article category: