All Posts

128 posts

Howard A. Schmidt Joins Qualys Board of Directors

Qualys today announced that Howard A. Schmidt, former White House Cybersecurity Coordinator, will join the Qualys Board of Directors. Schmidt, with a distinguished career record spanning 40 years of experience in government, business and law enforcement, joins the Qualys Board of Directors to lend his expertise and guidance to help Qualys expand its presence in the federal government and further build industry collaboration efforts through the CSO Interchange, which he co-founded with Philippe Courtot, chairman and CEO of Qualys, in May 2004.

“By delivering security and compliance services through the cloud, Qualys has been a leader in helping organizations and government agencies monitor and protect against the constantly changing threat landscape,” said Schmidt. “I look forward to working with the Qualys team on the new security challenges that businesses and government agencies are facing today so we can arm them with the best solutions to enhance their security and compliance posture.”

“Howard is internationally known and respected for his vision and contributions to improving corporate and government security,” said Philippe Courtot, chairman and CEO for Qualys. “We are honored to welcome him to our board of directors and gain his valuable insight and guidance to expand our cloud security and compliance offerings to better serve the public and private sectors.”

Read the full news release.

Qualys to Assist Organizations with EU Cookie Directive Compliance

Qualys today announced that its QualysGuard Web Application Scanning (WAS) service helps organizations comply with the European Union (EU) Cookie Directive.

On May 26, 2011, the UK adopted regulations to implement the 2009 EU E-Privacy Directive, which requires web sites to gain consent from visitors before they can store cookies or other information used to track a user’s actions. The UK Cookie Directive is privacy legislation that requires web sites to gain consent from visitors before they can store cookies or other information used to track a user’s actions – fundamentally changing how web application owners interact with users.

With QualysGuard WAS, organizations can identify the cookies that their web applications are using, including those issued by third parties. With this information, organizations can evaluate whether the cookies are subject to the law and then update the web application to ensure it meets the EU legislation.

"As this new law impacts any web sites with European visitors, we are pleased to provide our customers with an easy-to-use solution to quickly assess their web sites and provide an accurate list of the ones that store cookies so they can review and update to meet this new law," said Philippe Courtot, chairman and CEO of Qualys.

Read the full news release, or read about using QualysGuard WAS to identify cookies.

Qualys Introduces Private Cloud Offering

Qualys today announced the introduction of a private cloud version of its QualysGuard® Cloud Platform that allows customers and partners to host and operate the security and compliance platform within their data centers to meet the varying needs of Private, Community, Public, and Hybrid Cloud services. Packaged as a virtual application to allow for rapid deployment into existing virtual infrastructures, the QualysGuard Private Cloud Platform is a standalone version of the full multi-layer, multi-tenant services architecture of the QualysGuard Cloud Platform, deployed for the private use of a specific customer or partner.

"We use the QualysGuard Private Cloud Platform as part of our Cloud Services to help secure our cloud offerings and allow customers to perform security and compliance audits on their applications and virtual infrastructure hosted in the Fujitsu Cloud, " said Tetsuo Shiozaki, chief architect, cloud business support unit for Fujitsu Limited.

Read the full announcement.

New Security and Industry Experts Join Qualys CTO/CSO Advisory Board

Qualys announced today the newest additions to its CSO/CTO Advisory Board. The four new members – Phil Agcaoili, CISO of Cox Communications, Randy Barr, CISO of Saba, Doug Dexter, Audit Lead at Cisco Systems, and Hugh Molotsi, vice president of technology innovation at Intuit – join information security leaders from eBay, Goldman Sachs, Microsoft, Paypal, and other leading companies. The Advisory Board meets quarterly to discuss top priorities and challenges for securing global infrastructures, providing strategic direction for product development at Qualys.

"Qualys has built a powerful cloud platform that helps customers meet the complex challenges of IT security and compliance by automating key processes and providing security intelligence across systems," said Agcaoili. "I look forward to working with other security leaders to help Qualys enhance and add to its service offerings to meet the most pressing needs of organizations today."

"We are honored that such a talented group of security and industry leaders are lending their expertise to help us shape our product offerings," said Philippe Courtot, chairman and CEO for Qualys. "These executives have hands-on experience in implementing security strategies, meeting regulations, and managing complex business issues and security incidents."

Read the full news release, including bios of the new members.

Qualys Awarded Global Market Share Leadership Award in Vulnerability Management for Second Consecutive Year

Qualys---F&S-Award-Logo.2012.gif Qualys today announced that Frost & Sullivan–for the second year in a row–awarded Qualys with its 2012 Global Market Share Leadership Award in Vulnerability Management. The award, based on independent analysis of the Global Vulnerability Management market, which included in-depth interviews with customers, partners and vendors, recognizes the excellence of Qualys' solutions and describes Qualys' innovation.

"Qualys is the undisputed market leader in vulnerability management, and it has been for multiple years. Intelligently staying ahead of the curve, the company continues to develop new products and features to address the ever-evolving security and compliance needs of enterprise organizations, government agencies and smaller businesses," stated Chris Rodriguez, industry analyst for Frost & Sullivan, in the report. He continued, "An aggressive product road map and quality initiatives have strengthened Qualys' current leadership position in the market, and it is expected to continue to do so in the future."

Read the full news release or read the report.

LogRhythm Partners with Qualys

Thumbnail image for logrhythmTAG_logo2CLR.GIFLogRhythm, the leader in cyber threat defense, detection and response, and Qualys today announced a partnership integrating LogRhythm’s best-in-class SIEM 2.0 platform with QualysGuard Vulnerability Management (VM). The integration of QualysGuard’s accurate vulnerability data with SIEM 2.0’s network security event information provides customers with deeper insight and greater situational awareness for better protection against cyber threats.

The integration provides:

  • A QualysGuard VM feed that identifies and catalogs assets and discovers vulnerabilities at the scale of customers' organizations
  • Alarm capabilities that notify users when imported vulnerabilities match preset thresholds
  • Normalized QualysGuard vulnerability data that can be used in LogRhythm’s SIEM 2.0 correlation engine to help users prioritize events

"We’re very pleased to be working with Qualys to provide our customers with reliable vulnerability data to help them protect against the latest cyber threats," said Matt Winter, vice president corporate & business development at LogRhythm. "Together, our API-level integration allows our customers to further leverage vulnerability data and to achieve greater security intelligence and situational awareness through LogRhythm’s SIEM 2.0 solution."

Read the full release.

SecureState Partners with Qualys to Deliver Cloud-Based Security and Compliance Solutions

Thumbnail image for securestatelogo.pngSecureState, a leader in information security assessments and protection services today announced a partnership with Qualys. Under the partnership, SecureState will offer IT security and compliance cloud services from Qualys while providing its security expertise and consultation services to facilitate regulatory compliance and enterprise-wide vulnerability management.

"SecureState together with Qualys provides clients with a one-stop shop for consultative services and vulnerability management solutions," said Ken Stasiak, CEO for SecureState. "We are excited to offer these accelerated services to our customers."

"SecureState has a strong consulting practice with deep knowledge and experience working with companies and government agencies to deploy comprehensive security and vulnerability management programs," said Philippe Courtot, chairman and CEO for Qualys. "We are looking forward to working with them as they bring the QualsyGuard services to their clients to help them effectively protect against the eveloving threat landscape and expedite compliance."

Read the full release.

LockPath and Qualys Streamline IT-GRC Risk Reporting

LockPathLogo*280.jpgLockPath, a provider of innovative governance, risk and compliance (GRC) applications today announced an integration partnership with Qualys to offer businesses unique visibility into their security and risk postures. With the partnership, users can benefit from QualysGuard’s highly accurate vulnerability data from scans of enterprise assets automatically imported into LockPath’s GRC solution, Keylight, augmenting its risk reporting capabilities with security intelligence to produce a holistic view of business risk.

"Through our partnership with Qualys, users gain an almost immediate understanding of how discovered vulnerabilities fit into the context of their organizations' overall security and risk posture," said Chris Caldwell, CEO, LockPath. "The effortless and streamlined integration of the Keylight platform with QualysGuard VM further validates what we believe is our obligation to ensure our Connector Library enables our customers to avoid fragile and time-consuming custom integrations."

For more information on the Keylight platform, download the datasheet. Read the full news announcement.

Qualys Announces New Integration with Thycotic’s Secret Server

thycotic_logo.pngQualys today announced QualysGuard® integration with Thycotic's Enterprise Password Management software, Secret Server, allowing customers to extend the scope and reach of authenticated scans to their most critical IT systems while protecting passwords.

With Thycotic’s Secret Server, authenticated scans using privileged IDs can be stored in the Secret Server Password repository and never leave the user’s perimeter. Users can also leverage Secret Server’s ability to log credential usage, restrict access, and periodically rotate credentials to ensure compliance with corporate policies and regulatory requirements.

"Thycotic’s Secret Server enables customers to easily and securely manage access to services delivered through the cloud," said Jonathan Cogley, CEO for Thycotic. "This new integration will help customers effectively protect their passwords as they use QualysGuard to scan for vulnerabilities and ensure compliance with policies and regulations to keep their IT systems and data safe."

Read more on how to use Thycotic’s Secret Server with QualysGuard or read the full news release.

Qualys Introduces New Services and Major Technological Innovations to QualysGuard Cloud Platform

RSA_BlogpostArt_D2.pngQualys today announced at RSA Conference USA 2012 major enhancements to its QualysGuard Cloud Platform and suite of integrated applications for security and compliance. These new innovations will extend the cloud platform capabilities to help customers improve the security of their IT systems and applications, further automate their compliance initiatives for IT-GRC and provide online protection against cyber attacks, while reducing operational costs and increasing the efficiency of their security programs.

Qualys will unveil these latest major technological innovations tonight at booth #1431 at 7:00 p.m. PT at the RSA Conference USA:

  • Web Application Firewall (WAF). A brand new cloud service from Qualys, QualysGuard WAF protects web sites from unwanted requests and a range of online threats from spammers to SQL injection to DDoS, and provides increased web site performance through caching, compression and content optimization.
  • Zero-Day Risk Analyzer Module. Built on VeriSign’s iDefense zero-day security intelligence services, this new QualysGuard service allows customers to analyze zero-day threats and estimate their impact on their IT infrastructures and critical systems based on information collected from previous scan results.
  • Patent-Pending Technology for Enterprise Asset Management. Allows customers to tag assets dynamically based on scan results and to categorize assets in a hierarchical manner to keep pace with changing environments. Tags can then be used in all workflows including scanning, reporting or assigning security and access to assets.
  • Customizable Questionnaires Service for IT- GRC. Extends the QualysGuard Cloud Platform’s policy compliance capabilities to automate manual control assessments with a customizable questionnaire based on a repository of nearly 1,000 pre-mapped policy documents via the Unified Compliance Framework. Workflows are also provided out-of-the-box that can be tailored to fit business processes.
  • Malware Detection Service, Enterprise Edition. Built on the popular free Malware Detection service, the enterprise version will allow customers to track malware on multiple web sites with advanced reporting and notification options.
  • General Availability of Virtualized Scanner Appliances. Allows customers to deploy virtual scanner appliances in various modes – on laptops for mobile consultants, in data centers for enterprise scanning and in the Amazon EC2 and VPC platforms for cloud deployments.

Read the full announcement.