Frequently Asked Questions

Answers to common questions about the QCSS Unified Enterprise Cybersecurity Platform.

No results found. Try a different search term.

Exposure Intelligence Platform Questions

What is QCSS?

QCSS is an Exposure Intelligence Platform.

It shows:

what is exposed
how systems connect
what is reachable

In simple terms: how your organisation can be breached.

Who is QCSS designed for?

Security Teams → prioritise real risk
Compliance Teams → maintain audit visibility
DevSecOps Engineers → reduce false positives
IT Teams → manage exposure clearly

How is QCSS different from vulnerability scanners?

Vulnerability tools list issues.

QCSS shows:

how vulnerabilities connect
what is reachable across systems
how attackers move through environments

This helps teams understand real attack paths, not just isolated findings.

Does QCSS show how attackers move through systems?

Yes.

QCSS maps:

entry points
lateral movement
reachable critical assets

This answers a key question:

how do attackers move through connected systems?

What does “exposure” mean in cybersecurity?

Exposure is not just a vulnerability.

It is:

what is accessible
how systems connect
what can be reached

Exposure = risk in motion, not isolated risk.

Agentless Security & Deployment

How does agentless security scanning work?

QCSS agentless scanning leverages cloud-native APIs and read-only snapshots to inspect your workloads without deploying any software to target hosts. For cloud environments (AWS, Azure, GCP), it uses provider APIs to enumerate resources and assess configurations. For on-premise assets, it uses network-based probing. No reboots, no agents, and no performance impact on your workloads.

Do I need to install anything?

No.

QCSS is fully agentless.

How quickly can I get results?

Within minutes.

Define scope → run → see exposure.

Vulnerability Management & Risk Accessibilty

How often is vulnerability data updated?

The QCSS vulnerability database is updated continuously, typically every few hours, drawing from NVD, vendor advisories, threat intelligence feeds, and our own research team. Critical zero-day disclosures are prioritized and reflected in detection logic within hours of public disclosure.

What vulnerabilities does QCSS detect?

web application vulnerabilities
API security issues
misconfigurations
infrastructure exposure

What is the difference between vulnerability and exposure?

A vulnerability is a weakness.

Exposure is:

whether it can be reached
how it connects to other systems

QCSS focuses on what can actually be exploited

Penetration Testing

Is penetration testing automated or manual?

QCSS provides automated validation and simulation capabilities, including:

DeepDive™ → validation of potential exploitability
AssureProbe™ → simulation of attack paths

Does QCSS replace penetration testing?

No. QCSS complements manual testing by providing continuous visibility and validation between engagements.

Data Handling, Access & Logging

Where is my data stored?

By default, scan data and results are stored in SOC 2 Type II certified cloud infrastructure in the US (AWS us-east-1). Enterprise customers can opt for EU data residency (Frankfurt) or request private cloud deployment within their own VPC. All data is encrypted at rest (AES-256) and in transit (TLS 1.3).

Who can access my data?

Only authorised users with permission-based access.

Does QCSS provide audit logs?

Yes.

All actions and findings are logged for traceability and compliance.

Integration, Deployment, & Scale

What integrations are available?

QCSS integrates with Jira, ServiceNow, Splunk, Microsoft Sentinel, PagerDuty, Slack, GitHub, GitLab, Jenkins, and all major cloud providers (AWS, Azure, GCP). A REST API and Terraform provider are available for custom integrations and infrastructure-as-code workflows.

Can QCSS scale across enterprise environments?

Yes.

QCSS is designed for:

distributed systems
multi-environment visibility
enterprise-scale operations

Reporting, Remediation & Compliance

Can I generate reports for auditors?

Yes.

CSS includes one-click audit reports pre-mapped to SOC 2, ISO 27001, PCI-DSS, HIPAA, CIS Benchmarks, and NIST CSF. Reports export as PDF or CSV, or push directly to GRC platforms. Scheduled delivery to stakeholders and auditors is also supported.

Does QCSS provide remediation guidance?

Yes.

Each finding includes:

context
impact
recommended actions

Can QCSS scale across enterprise environments?

Yes.

Each finding includes:

context
impact
recommended actions

Does QCSS support compliance frameworks?

Yes.

Supports:

ISO 27001
SOC 2
Cyber Essentials

Helps maintain continuous audit readiness

Data Security & Privacy

Is QCSS secure?

Yes.

encryption (in transit & at rest)
strict access controls
secure architecture

Is QCSS SOC 2 Type II compliant?

Yes.

QCSS has completed SOC 2 Type II audits covering Security, Availability, and Confidentiality trust service criteria. Our latest audit report is available under NDA upon request. We also hold ISO 27001 certification and undergo annual third-party penetration testing.

Third-Party Exposure

Does QCSS identify third-party security risks?

Yes.

QCSS shows how exposure in external systems connected to you can create internal risk.

Why is third-party exposure important?

Modern environments rely on:

vendors
APIs
integrations

Attackers move through these connections. QCSS helps you identify external attack paths into your environment.

Still have questions?

Can't find the answer you're looking for?
Talk to our team, we'll guide you based on your environment.

No setup. No agents. Results in minutes.