Qualys Helps Smaller Organizations Secure Hybrid IT with Free Offering

Anthony Mogannam

Last updated on: September 6, 2020

The digital transformation revolution waits for — and spares — no one. It forces all businesses to adopt tech innovations, like cloud, IoT and mobility, and to protect the resulting IT environments as they become hybrid, distributed and elastic.

With traditional network perimeters dissolved, securing digital transformation efforts gets more challenging by the day, especially for smaller organizations. That’s why Qualys is putting its Qualys Cloud Platform at the disposal of this underserved small-business market — for free.

With the new Qualys Community Edition, smaller organizations will now have access — at no charge — to the cloud-based security that many of the world’s largest companies rely upon to protect their global IT environments.

By tapping the robust, massively scalable Qualys Cloud Platform, they’ll be able to discover IT assets and their vulnerabilities, identify compliance gaps and get detailed, customizable reports.

The Qualys Community Edition is not only aimed at organizations that’ll use it internally. It’s also intended for smaller security practitioners that want to provide exceptional assessments to clients, outclass their competitors and boost revenues.

What’s in it?

Specifically, the Qualys Community Edition provides:

  • A complete, updated, and instant view of monitored IT assets and web apps from a single-pane-of-glass interface, wherever they are: on premises, in clouds or at remote endpoints. This customizable control panel has easy-to-build, dynamic dashboards that aggregate and correlate IT, security and compliance data from Qualys apps in one place.

  • Unlimited vulnerability scanning and complete detection of the entire Qualys KnowledgeBase using both scanner and agent technologies, thus providing unique sensor versatility. Customers can assess up to 16 internal assets and 3 external assets with a Qualys Virtual Scanner. They can also use the groundbreaking Qualys Cloud Agent for up to 16 internal assets.

  • With web applications now a preferred vector for data breaches, Qualys Community Edition offers unlimited vulnerability scanning for one application. This includes assessments for the OWASP Top 10 Most Critical Web Application Security Risks, including cross-site scripting (XSS), SQL injection and sensitive data exposure.

  • Obtain visibility into an often overlooked but critical area of your IT environment: public cloud assets. Qualys Community Edition lets you inventory and monitor your public cloud workloads and infrastructure, and gain immediate visibility of your cloud hosted infrastructure, including instances, virtual machines, storage buckets, and databases.

In the coming months, Qualys plans to add more apps and functionality to the Community Edition, as it’s committed to serving this market of smaller organizations.

The Qualys Cloud Agent: A significant component

The inclusion of the Qualys Cloud Agent deserves special mention. These lightweight agents are remotely deployable, centrally managed, self-updating and consume minimal CPU resources. They work where it’s not possible or practical to do network scanning.

After their initial deployment, Cloud Agents run a full assessment of their host in the background and upload the collected data to the Qualys Cloud Platform for analysis. Then, as soon as changes occur, Cloud Agents push updates to the platform, ensuring you have the latest IT asset data at your fingertips immediately.

Its many benefits for securing hybrid environments include:

  • No scan windows needed. It’s always collecting data on assets it’s installed on, even when assets are offline.
  • Its constant monitoring yields faster vulnerability discovery and patch confirmation.
  • No need for complex credential and firewall management. It only communicates outbound to the Qualys platform.
  • It works with multiple Qualys apps, which lets organizations remove point-solution agents from assets and consolidate security tools.

The power of the Qualys cloud architecture

As a cloud-based service, there’s no software to download or install with Qualys Community Edition, eliminating the cost and complexity of deploying and maintaining on-premises software.

In addition, smaller organizations don’t need to compromise by using ineffective open source tools, or limited point solutions that don’t interoperate well.  The Qualys Cloud Platform has been architected with the goal of simplifying security by eliminating friction and making it as intuitive and automated as possible.

It’s what Qualys calls “Transparent Orchestration (™)”, a principle that represents the future of security, and serves as a key guiding principle and goal for Qualys. Transparent Orchestration is reflected by the Qualys Cloud Platform’s design, in particular its three main pillars: its versatile set of sensors; massively scalable backend; and integrated suite of cloud apps.

The Qualys Cloud Platform provides unparalleled scale and accuracy, performing 3+ billion annual scans with Six Sigma (99.99966%) accuracy, and processing 1+ trillion security events per year.

In summary, Qualys Community Edition allows smaller businesses and security pros to build security natively and organically into hybrid IT infrastructures, instead of abruptly and ineffectively bolting it on. Thus, these small businesses and security pros now can digitally transform to boost their agility and competitiveness, and do so securely with Qualys’ end-to-end security and compliance platform for prevention and response.

(Anthony Mogannam is Qualys’ Product Manager for SME/SMB Solutions)

Sign up for the Qualys Community Edition: It’s free, and there’s no software to download or install.

Show Comments (2)


Your email address will not be published. Required fields are marked *

  1. Cool idea – but this is not ready for production use yet.

    *. There are questionable problems with the “strong password” rules.

    *. There is no way to enable only some features – it’s all or nothing – and two of those features are “paid” services

    *. There is no way to enter a domain name – only IP addresses – so you have no way to do any testing of our web applications, because you need to know the name to reach those of course

    *. Your blog is broken – https://blog.qualys.com/?author=894 – Access to blog.qualys.com was denied
    You don’t have authorization to view this page.
    HTTP ERROR 403

    *. And that’s all from just the first couple of minutes – I’ve not even been able to activate anything or test if it’s working yet!

    A lot of better testing and thought is needed guys…