Qualys has provided an automated remote vulnerability testing service for some time. However, a remotely operated service like that is limited in what it can do when it is trying to access your computers through a properly configured firewall. That is not to say it doesn't do a good job of showing up external vulnerabilities, but it can't give a complete vulnerability picture, as it lacks the 'enemy within' perspective. Incidentally, internal risks are not limited to dishonest or malicious employees - it could apply to an innocent user accidentally running a trojan attached to an email, because he is running it inside the firewall perimeter. What is needed to complete a security audit is a vulnerability assessment carried out from inside the organisation on the corporate intranet to see what vulnerabilities are exposed to internal users who may be a threat. And that's exactly what QualysGuard Enterprise does with its Intranet Scanner option.