All Posts in Qualys News

501 posts

Cisco’s Doug Dexter, Michael Mucha of Stanford Hospital and Gartner analyst Mike Nicolett focus on Security Risk and Compliance Best Practices


Cisco’s Doug Dexter, Michael Mucha of Stanford Hospital and Gartner analyst Mike Nicolett in an informative program focused on Security Risk and Compliance Best Practices addressing the vulnerability management lifecycle and technology, security configuration assessments.

See and hear Doug and Michael’s approach with insight from Mike Nicolett of Gartner for implementing vulnerability management and the results it has produced for their security organizations. 

To view video, go to:

Stanford Hospital CISO Michael Mucha in Information Security Magazine — 7 Security Questions to Ask Your SaaS Provider

“The biggest thing we focus on with all of this is control of the data,” says Michael Mucha, chief information security officer for Stanford Hospital in Palo Alto, Calif., which uses several clinical applications that are delivered as a service, including transcription, and radiology and analysis systems. Given that health care is by far the most regulated industry he has worked in, Mucha has created a standardized checklist for his technical assessment of any application delivered via the SaaS model. Among the most critical of those items include whether or not the service provider complies with SAS 112 audit requirements (which applies to nonprofits), how it documents its procedures for handling a security breach, and how it handles requests for changes and customized features, Mucha says.

Even more important will be the simple policies that a SaaS provider uses among its staff to protect your data. “We have complete access to the data, and we are the only ones with control of the authentication,” Mucha says. “The point is that you need a consistent approach to all these situations.”

Humane Society CIO, Beverly Magda in InformationWeek — SaaS to the Rescue

Magda.gif"SaaS opened our eyes to a new way of doing things. With QualysGuard, we didn’t need to install any software or infrastructure. QualysGuard runs on Qualys' own secure global infrastructure, so we run security audits on-demand over the Internet with a standard Web browser. The application automatically finds all vulnerabilities on our local and remote network, provides directions to our IT staff for remediation, and submits PCI audit reports to our acquiring banks."

Paul Simmonds: The Case for Managed Security Services


The case for managed security services is being made every day. Given the uncertain state of the economy, many companies are looking to security as a service to drive down costs and boost return on investment of security IT. In addition, according to Paul Simmonds, most IT managers don’t have the time or the staff, and users don’t exercise enough responsibility, to make managing security in-house an efficient and safe option. Managed security services may also help prevent spammers or Internet criminal organizations from compromising a company’s desktops and servers.

Click here to listen to podcast.

Interview: Philippe Courtot, CEO of Qualys

Secure_IT_Live.gifEric Green and Philippe Courtot discuss Software-as-a-Services (SaaS) and the future of the software industry in general.

Click here to listen to interview.

Highlights from the 6th Annual Qualys SaaS Security Conference


At this years 6th Annual Qualys SaaS Security Conference, top security professionals from around the world joined together May 15 & 16, 2008 at the Palace Hotel in San Francisco, California for an information packed 2-day event.   

CSOs, network and security professionals were introduced to executives from Gartner, Cisco, CNET, Med Immune and Sodexo who provided insight into their use of Qualys' solutions and shared best practices for deploying vulnerability management offerings, integrating with managed services platforms and ensuring regulatory and operational compliance.

Qualys CEO Philippe Courtot connected with Qualys customers to listen to their views while taking feedback on the critical issues impacting their security organizations today. He stated: "QSC was created specifically to engage directly with our customers.  It allows us an opportunity to hear customer insight that could shape our future roadmap as we build the next generation of security Software-as-a-Service (SaaS) solutions."

Qualys Delivers First Integrated SaaS Solution for Security and Compliance


New Software-as-a-Service (SaaS) Suite Addresses the Convergence of IT Security and Policy Compliance to Reduce Complexity for Auditors, Security Professionals and Executive Management. 

Qualys recently introduced the QualysGuard® Security and Compliance Suite, a suite of SaaS products aimed at helping global organizations to better manage the operational challenges and costs associated with securing their IT infrastructure, and complying with the ever increasing set of regulations.

Read More

Qualys Voted Best Audit and Vulnerability Solution for the Second Consecutive Year in SC Magazine 2008 Reader’s Trust Awards

SC-Mag-2008-Award.gifThe QualysGuard on demand platform was voted Best Audit and Vulnerability Solution for the second consecutive year by SC Magazine. The SC Magazine Reader’s Trust Awards recognize the best products, services and security teams in the industry over the past year as decided by a panel of judges and readers of SC Magazine. The Best Audit and Vulnerability Solution category included a number of vendors in the vulnerability assessment and patch management space, with top honors going to Qualys' for its flagship Software-as-a-Service (SaaS) QualysGuard solution, the industry’s first on demand platform for security risk and compliance management.

Read More

Qualys Wins Second Consecutive Information Security Magazine and Readers’ Choice Gold Award for Best Vulnerability Management Solution

IS-2008-Award.gifFor the second consecutive year, QualysGuard® Enterprise was voted the 2008 Readers' Choice Gold Award winner, by readers of Information Security™ magazine and™ in the vulnerability management category. The award honors come on the heels of Qualys' release of the first integrated Software-as-a-Service (SaaS) solution for security and compliance.

Read More

Microsoft Patch Tuesday: June 2008 Security Bulletin


Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 4 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released in June, seven security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

– Microsoft Windows Bluetooth Stack Could Allow Remote Code Execution
– Cumulative Security Update for Internet Explorer
– Cumulative Security Update of ActiveX Kill Bits
– Vulnerabilities in DirectX Could Allow Remote Code Execution
– Vulnerability in WINS Could Allow Elevation of Privilege
– More…

Read Alert

Coming Soon — the next update on Qualys® Vulnerability R&D Lab takes place July 8th.