Cisco’s Doug Dexter, Michael Mucha of Stanford Hospital and Gartner analyst Mike Nicolett in an informative program focused on Security Risk and Compliance Best Practices addressing the vulnerability management lifecycle and technology, security configuration assessments.

See and hear Doug and Michael’s approach with insight from Mike Nicolett of Gartner for implementing vulnerability management and the results it has produced for their security organizations. 

To view video, go to: http://www.qualys.com/gartnervideo

“The biggest thing we focus on with all of this is control of the data,” says Michael Mucha, chief information security officer for Stanford Hospital in Palo Alto, Calif., which uses several clinical applications that are delivered as a service, including transcription, and radiology and analysis systems. Given that health care is by far the most regulated industry he has worked in, Mucha has created a standardized checklist for his technical assessment of any application delivered via the SaaS model. Among the most critical of those items include whether or not the service provider complies with SAS 112 audit requirements (which applies to nonprofits), how it documents its procedures for handling a security breach, and how it handles requests for changes and customized features, Mucha says.

Even more important will be the simple policies that a SaaS provider uses among its staff to protect your data. “We have complete access to the data, and we are the only ones with control of the authentication,” Mucha says. “The point is that you need a consistent approach to all these situations.”

"SaaS opened our eyes to a new way of doing things. With QualysGuard, we didn’t need to install any software or infrastructure. QualysGuard runs on Qualys' own secure global infrastructure, so we run security audits on-demand over the Internet with a standard Web browser. The application automatically finds all vulnerabilities on our local and remote network, provides directions to our IT staff for remediation, and submits PCI audit reports to our acquiring banks."

Mike Vizard of eWeek interviews Paul Simmonds of the Jericho Forum, and former CISO at chemical manufacturer ICI.

The case for managed security services is being made every day. Given the uncertain state of the economy, many companies are looking to security as a service to drive down costs and boost return on investment of security IT. In addition, according to Paul Simmonds, most IT managers don’t have the time or the staff, and users don’t exercise enough responsibility, to make managing security in-house an efficient and safe option. Managed security services may also help prevent spammers or Internet criminal organizations from compromising a company’s desktops and servers.

Click here to listen to podcast.

Eric Green and Philippe Courtot discuss Software-as-a-Services (SaaS) and the future of the software industry in general.

Click here to listen to interview.

At this years 6th Annual Qualys SaaS Security Conference, top security professionals from around the world joined together May 15 & 16, 2008 at the Palace Hotel in San Francisco, California for an information packed 2-day event.   

CSOs, network and security professionals were introduced to executives from Gartner, Cisco, CNET, Med Immune and Sodexo who provided insight into their use of Qualys' solutions and shared best practices for deploying vulnerability management offerings, integrating with managed services platforms and ensuring regulatory and operational compliance.

Qualys CEO Philippe Courtot connected with Qualys customers to listen to their views while taking feedback on the critical issues impacting their security organizations today. He stated: "QSC was created specifically to engage directly with our customers.  It allows us an opportunity to hear customer insight that could shape our future roadmap as we build the next generation of security Software-as-a-Service (SaaS) solutions."

New Software-as-a-Service (SaaS) Suite Addresses the Convergence of IT Security and Policy Compliance to Reduce Complexity for Auditors, Security Professionals and Executive Management. 

Qualys recently introduced the QualysGuard® Security and Compliance Suite, a suite of SaaS products aimed at helping global organizations to better manage the operational challenges and costs associated with securing their IT infrastructure, and complying with the ever increasing set of regulations.

Read More

The QualysGuard on demand platform was voted Best Audit and Vulnerability Solution for the second consecutive year by SC Magazine. The SC Magazine Reader’s Trust Awards recognize the best products, services and security teams in the industry over the past year as decided by a panel of judges and readers of SC Magazine. The Best Audit and Vulnerability Solution category included a number of vendors in the vulnerability assessment and patch management space, with top honors going to Qualys' for its flagship Software-as-a-Service (SaaS) QualysGuard solution, the industry’s first on demand platform for security risk and compliance management.

Read More

For the second consecutive year, QualysGuard® Enterprise was voted the 2008 Readers' Choice Gold Award winner, by readers of Information Security™ magazine and SearchSecurity.com™ in the vulnerability management category. The award honors come on the heels of Qualys' release of the first integrated Software-as-a-Service (SaaS) solution for security and compliance.

Read More

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 4 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released in June, seven security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

– Microsoft Windows Bluetooth Stack Could Allow Remote Code Execution
– Cumulative Security Update for Internet Explorer
– Cumulative Security Update of ActiveX Kill Bits
– Vulnerabilities in DirectX Could Allow Remote Code Execution
– Vulnerability in WINS Could Allow Elevation of Privilege
– More…

Read Alert

Coming Soon — the next update on Qualys® Vulnerability R&D Lab takes place July 8th.