Qualys Blog

Qualys has been named a finalist in seven categories for the 2015 SC Awards which recognizes outstanding leadership and achievement in information security. In addition to being named a finalist for the coveted Best Security Company of the Year, Qualys is also a finalist in the following categories: Best Customer Service, Best Vulnerability Management Solution, Best Policy Compliance Solution, Best Risk/Policy Management Solution, Best SME Security Solution, Best Enterprise Security Solution and Best Regulatory Compliance Solution.

The SC Awards is one of the information security industry’s most prominent recognition for cybersecurity professionals, products and services. The awards recognize the achievements of security professionals in the field, the innovations happening in the vendor and service provider communities, and the vigilant work of government, commercial and nonprofit entities. Winners of this year’s SC Awards U.S. will be announced at a gala dinner and award ceremony to be held in San Francisco on April 21, 2015.

Qualys today announced its program for the 10^th Annual Qualys Security Conference in Las Vegas, twitter #qsc2012. The conference, to be held at Aria Hotel in Las Vegas, NV, October 25-26, will feature security industry experts discussing effective ways to combat security threats and cyber attacks and manage compliance. It will also provide an open forum for Qualys customers, partners and industry experts to share best practices, as well as to provide feedback to Qualys engineers as they plan their future roadmap for the QualysGuard Cloud Platform and integrated suite of solutions.

The conference agenda includes keynotes from Howard Schmidt, Former White House Cybersecurity Coordinator, and leading analysts from Gartner, Securosis and the SANS Institute.

Qualys customers, including Cisco, eBay, Officemax, Okta, Sabre Holdings and USAA will present best practices presentations, and Qualys partners including Core Security, LockPath, LogRhythm, Sourcefire, Thycotic and Verisign will present integration case studies.

View the full announcement highlighting the conference’s keynotes and session highlights. Learn more about Qualys Security Conference 2012 and see the complete agenda.

Qualys today announced that it has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements. The solution, used by thousands of businesses, online merchants and Member Service Providers, now includes workflows for risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements, pass quarterly scans and maintain continuous PCI compliance.

Merchants dealing with credit card transactions must comply with PCI DSS to ensure that customers' sensitive payment card information is protected. For smaller organizations, PCI DSS compliance can be overwhelming, especially with the latest PCI DSS 6.2 changes that became effective June 30, 2012 that require robust internal scanning and reporting. The new requirements for risk ranking vulnerabilities and passing quarterly internal scans add new process requirements, taking significant effort. QualysGuard PCI, which automates the quarterly scanning requirements for PCI DSS 11.2 for external systems, now includes new workflows for scanning internal systems with customized risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements.

"The QualysGuard PCI Cloud Platform is now used by more than 69 percent of ASVs, 50 percent of QSAs and 2,000 organizations worldwide, and with this new release provides a unified solution to address both internal and external PCI DSS scanning requirements," said Philippe Courtot, chairman and CEO for Qualys. "Because it is cloud-based, it offers an easy-to use, cost-effective solution helping companies of all sizes continuously meet PCI DSS standards to secure their data and IT assets from cyber attacks."

QualysGuard PCI provides a broad solution that helps customers meet the latest PCI DSS internal requirements, enabling them to:

• Utilize Approved Scanning Vendor (ASV) solution to meet both external and internal scanning to satisfy the requirements for PCI DSS.
• Perform unlimited PCI scanning on both external and internal systems and Web applications.
• Rank vulnerabilities according to the criticality of the assets to manage the overall risk and customize it for each organization.
• Generate PCI specific reports to document both internal quarterly scan compliance and external ASV scan requirements with executive, technical, and risk-rank reporting.

Read the full announcement.

Qualys today announced that its QualysGuard Vulnerability Management (VM) solution won the 2012 ISM Reader’s Choice Awards in the best of vulnerability management category. In its seventh consecutive year of Reader’s Choice Awards, TechTarget ISM subscribers were surveyed to determine the best information technology (IT) security products. More than 2,000 subscribers participated this year, rating hundreds of security products in 14 different categories.

"Our readers are the most knowledgeable and active technology professionals working in IT today. Their ratings reflect extensive technical experience and practical application of the products," said TechTarget Vice President and publisher of security media, Doug Olender. "These awards are designed to help serious technology buyers understand the products available to solve their IT security challenges."

Information Security Magazine subscribers were asked, in an online survey, to select the products currently used in their organization, rate those products based on criteria specific to each category, and indicate the importance of each criterion. Winners were determined by the cumulative weighted responses for each product category criteria.

The full set of winners can be found online with accompanying editorial at: http://searchsecurity.techtarget.com/guides/Readers-Choice-Awards-2012. Read the full news release.

Qualys today announced that it received the highest rating – a "Strong Positive" – in Gartner’s "MarketScope for Vulnerability Assessment." The report evaluated 11 vendors, rating them on criteria including market responsiveness and track record, sales execution/pricing, offering (product) strategy, product/service, overall viability and customer experience. The QualysGuard Cloud Suite of integrated security and compliance solutions, evaluated in this report, helps organizations with distributed data centers and IT infrastructures to identify their IT systems and web applications, discover and prioritize vulnerabilities, gain actionable security intelligence about their IT infrastructures and achieve compliance with internal polices and external regulations.

"Qualys offers an integrated suite of security and compliance solutions through the cloud and the benefits it brings – including ease-of-deployment and the absence of technology maintenance requirements, even for large global deployments," said Philippe Courtot, chairman and CEO for Qualys. "On behalf of our customers and partners, we are pleased to be recognized with a Strong Positive rating in vulnerability assessment and we would like to thank our users for helping us continuously innovate to deliver one of the market’s most effective security and compliance solutions."

Read the full report or the news announcement.

Qualys today announced that the Silicon Valley/San Jose Business Journal has recognized Qualys as one of the largest private companies in Silicon Valley – ranking 26^th in a list of 51. Companies were selected and ranked based on their 2011 fiscal revenues.

"We are pleased to be named one of the top largest private companies in Silicon Valley," said Philippe Courtot, chairman and CEO, Qualys. "Our QualysGuard Cloud Platform delivers effective cloud security and compliance solutions to help our customers  secure their IT infrastructures from cyber attacks and achieve compliance. All of us at Qualys would like to thank our customers and partners for their continued support and feedback that drives us to innovate and better address their requirements."

The Largest Private Companies in Silicon Valley list is an annual selection of companies published by the Silicon Valley/San Jose Business Journal. The full list is available in the August 3, 2012 issue of Silicon Valley/San Jose Business Journal on pages 14-16. Read the full news release.

Qualys today announced the general availability of Dynamic Asset Tagging and Management technology for its QualysGuard Cloud Platform and integrated suite of solutions for security and compliance, the QualysGuard Cloud Suite. The patent-pending technology enables customers to identify, categorize and manage large numbers of assets in highly dynamic IT environments, and automates the process of inventory management and hierarchical organization of IT assets.Qualys will showcase these new capabilities this week at Black Hat USA 2012 Briefings – booth #401 on July 25-26.

"Keeping an accurate and up-to-date inventory of IT assets is a critical step in maintaining secure environments," said Anton Chuvakin, research director for Gartner. "Asset tagging that works for ever-changing lists of assets allows organizations to manage their IT assets on an on going basis, establish a trusted repository for IT system configurations, and maintain hierarchical relationships between them in order to more effectively secure their environments."

Read the full announcement.

Qualys today announced that its new release of QualysGuard® Policy Compliance (PC) and Federal Desktop Core Configuration (FDCC) solution simplifies the process of meeting compliance regulation requirements for businesses and governmental agencies. This new release offers new CyberScope reporting capabilities for governmental agencies that have to comply with the Federal Information Security Management Act of 2002 (FISMA). It also provides new certified policies that meet international industry standards defined by the Center for Internet Security (CIS) and workflows to automatically create "Golden Images" by extracting the required information from systems that have already been configured with compliant configurations.Qualys will showcase these new capabilities this week at Black Hat USA 2012 Briefings – booth #401 on July 25-26.

"A solution automating key processes such as CyberScope reporting can help organizations streamline compliance workflows and meet FISMA requirements," said Lawrence Pingree, research director for Gartner. "With these types of tools, it is easier for organizations to more quickly adopt best practices, shortening the audit cycle and reducing overall costs."

Read the full announcement.

Qualys today announced that its researchers will present their latest findings at Black Hat USA 2012, Security B-Sides Las Vegas and Def Con 20 sessions next week in Las Vegas, Nevada. The sessions will cover a wide range of information security topics, including flaws in Web Application Firewalls (WAFs), the latest malware trends, android application security, use of Websockets in HTML5 and vulnerability management for IPv6.

At BlackHat, Qualys will also be showcasing customer case studies, security research and demonstrations of its QualysGuard Cloud Platform and suite of IT security and compliance solutions at booth #401 at the conference.

Read the full release or learn more about Qualys activities at Black Hat.

SecureLink, a leading Security Services provider in the Middle East, announced that it has partnered with Qualys to provide the QualysGuard Cloud Suite of IT security and compliance solutions in the region.

"We are extremely pleased to be working with Qualys to provide our customers in the Middle East region with leading Vulnerability Management services to help them protect against the latest cyber threats," said Kuber Saraswat, Director – Strategic Security Consulting at SecureLink. "In addition to security Intelligence reported to our customers through our GRC and SIEM services, we will now have up-to-date vulnerability data to provide situational awareness and to Validate the success of our clients' data Protection capabilities using a more holistic and actionable business-risk approach."

Read the full announcement.