Qualys Blog

Qualys today announced that it has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements. The solution, used by thousands of businesses, online merchants and Member Service Providers, now includes workflows for risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements, pass quarterly scans and maintain continuous PCI compliance.

Merchants dealing with credit card transactions must comply with PCI DSS to ensure that customers' sensitive payment card information is protected. For smaller organizations, PCI DSS compliance can be overwhelming, especially with the latest PCI DSS 6.2 changes that became effective June 30, 2012 that require robust internal scanning and reporting. The new requirements for risk ranking vulnerabilities and passing quarterly internal scans add new process requirements, taking significant effort. QualysGuard PCI, which automates the quarterly scanning requirements for PCI DSS 11.2 for external systems, now includes new workflows for scanning internal systems with customized risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements.

"The QualysGuard PCI Cloud Platform is now used by more than 69 percent of ASVs, 50 percent of QSAs and 2,000 organizations worldwide, and with this new release provides a unified solution to address both internal and external PCI DSS scanning requirements," said Philippe Courtot, chairman and CEO for Qualys. "Because it is cloud-based, it offers an easy-to use, cost-effective solution helping companies of all sizes continuously meet PCI DSS standards to secure their data and IT assets from cyber attacks."

QualysGuard PCI provides a broad solution that helps customers meet the latest PCI DSS internal requirements, enabling them to:

• Utilize Approved Scanning Vendor (ASV) solution to meet both external and internal scanning to satisfy the requirements for PCI DSS.
• Perform unlimited PCI scanning on both external and internal systems and Web applications.
• Rank vulnerabilities according to the criticality of the assets to manage the overall risk and customize it for each organization.
• Generate PCI specific reports to document both internal quarterly scan compliance and external ASV scan requirements with executive, technical, and risk-rank reporting.

Read the full announcement.

Qualys today announced that its QualysGuard Vulnerability Management (VM) solution won the 2012 ISM Reader’s Choice Awards in the best of vulnerability management category. In its seventh consecutive year of Reader’s Choice Awards, TechTarget ISM subscribers were surveyed to determine the best information technology (IT) security products. More than 2,000 subscribers participated this year, rating hundreds of security products in 14 different categories.

"Our readers are the most knowledgeable and active technology professionals working in IT today. Their ratings reflect extensive technical experience and practical application of the products," said TechTarget Vice President and publisher of security media, Doug Olender. "These awards are designed to help serious technology buyers understand the products available to solve their IT security challenges."

Information Security Magazine subscribers were asked, in an online survey, to select the products currently used in their organization, rate those products based on criteria specific to each category, and indicate the importance of each criterion. Winners were determined by the cumulative weighted responses for each product category criteria.

The full set of winners can be found online with accompanying editorial at: http://searchsecurity.techtarget.com/guides/Readers-Choice-Awards-2012. Read the full news release.

Qualys today announced that it received the highest rating – a "Strong Positive" – in Gartner’s "MarketScope for Vulnerability Assessment." The report evaluated 11 vendors, rating them on criteria including market responsiveness and track record, sales execution/pricing, offering (product) strategy, product/service, overall viability and customer experience. The QualysGuard Cloud Suite of integrated security and compliance solutions, evaluated in this report, helps organizations with distributed data centers and IT infrastructures to identify their IT systems and web applications, discover and prioritize vulnerabilities, gain actionable security intelligence about their IT infrastructures and achieve compliance with internal polices and external regulations.

"Qualys offers an integrated suite of security and compliance solutions through the cloud and the benefits it brings – including ease-of-deployment and the absence of technology maintenance requirements, even for large global deployments," said Philippe Courtot, chairman and CEO for Qualys. "On behalf of our customers and partners, we are pleased to be recognized with a Strong Positive rating in vulnerability assessment and we would like to thank our users for helping us continuously innovate to deliver one of the market’s most effective security and compliance solutions."

Read the full report or the news announcement.

Qualys today announced that its researchers will present their latest findings at Black Hat USA 2012, Security B-Sides Las Vegas and Def Con 20 sessions next week in Las Vegas, Nevada. The sessions will cover a wide range of information security topics, including flaws in Web Application Firewalls (WAFs), the latest malware trends, android application security, use of Websockets in HTML5 and vulnerability management for IPv6.

At BlackHat, Qualys will also be showcasing customer case studies, security research and demonstrations of its QualysGuard Cloud Platform and suite of IT security and compliance solutions at booth #401 at the conference.

Read the full release or learn more about Qualys activities at Black Hat.

Qualys today announced that its QualysGuard Web Application Scanning (WAS) service helps organizations comply with the European Union (EU) Cookie Directive.

On May 26, 2011, the UK adopted regulations to implement the 2009 EU E-Privacy Directive, which requires web sites to gain consent from visitors before they can store cookies or other information used to track a user’s actions. The UK Cookie Directive is privacy legislation that requires web sites to gain consent from visitors before they can store cookies or other information used to track a user’s actions – fundamentally changing how web application owners interact with users.

With QualysGuard WAS, organizations can identify the cookies that their web applications are using, including those issued by third parties. With this information, organizations can evaluate whether the cookies are subject to the law and then update the web application to ensure it meets the EU legislation.

"As this new law impacts any web sites with European visitors, we are pleased to provide our customers with an easy-to-use solution to quickly assess their web sites and provide an accurate list of the ones that store cookies so they can review and update to meet this new law," said Philippe Courtot, chairman and CEO of Qualys.

Read the full news release, or read about using QualysGuard WAS to identify cookies.

Qualys today announced the introduction of a private cloud version of its QualysGuard® Cloud Platform that allows customers and partners to host and operate the security and compliance platform within their data centers to meet the varying needs of Private, Community, Public, and Hybrid Cloud services. Packaged as a virtual application to allow for rapid deployment into existing virtual infrastructures, the QualysGuard Private Cloud Platform is a standalone version of the full multi-layer, multi-tenant services architecture of the QualysGuard Cloud Platform, deployed for the private use of a specific customer or partner.

"We use the QualysGuard Private Cloud Platform as part of our Cloud Services to help secure our cloud offerings and allow customers to perform security and compliance audits on their applications and virtual infrastructure hosted in the Fujitsu Cloud, " said Tetsuo Shiozaki, chief architect, cloud business support unit for Fujitsu Limited.

Read the full announcement.

Qualys announced today the newest additions to its CSO/CTO Advisory Board. The four new members – Phil Agcaoili, CISO of Cox Communications, Randy Barr, CISO of Saba, Doug Dexter, Audit Lead at Cisco Systems, and Hugh Molotsi, vice president of technology innovation at Intuit – join information security leaders from eBay, Goldman Sachs, Microsoft, Paypal, and other leading companies. The Advisory Board meets quarterly to discuss top priorities and challenges for securing global infrastructures, providing strategic direction for product development at Qualys.

"Qualys has built a powerful cloud platform that helps customers meet the complex challenges of IT security and compliance by automating key processes and providing security intelligence across systems," said Agcaoili. "I look forward to working with other security leaders to help Qualys enhance and add to its service offerings to meet the most pressing needs of organizations today."

"We are honored that such a talented group of security and industry leaders are lending their expertise to help us shape our product offerings," said Philippe Courtot, chairman and CEO for Qualys. "These executives have hands-on experience in implementing security strategies, meeting regulations, and managing complex business issues and security incidents."

Read the full news release, including bios of the new members.

Qualys today announced that Frost & Sullivan–for the second year in a row–awarded Qualys with its 2012 Global Market Share Leadership Award in Vulnerability Management. The award, based on independent analysis of the Global Vulnerability Management market, which included in-depth interviews with customers, partners and vendors, recognizes the excellence of Qualys' solutions and describes Qualys' innovation.

"Qualys is the undisputed market leader in vulnerability management, and it has been for multiple years. Intelligently staying ahead of the curve, the company continues to develop new products and features to address the ever-evolving security and compliance needs of enterprise organizations, government agencies and smaller businesses," stated Chris Rodriguez, industry analyst for Frost & Sullivan, in the report. He continued, "An aggressive product road map and quality initiatives have strengthened Qualys' current leadership position in the market, and it is expected to continue to do so in the future."

Read the full news release or read the report.

LogRhythm, the leader in cyber threat defense, detection and response, and Qualys today announced a partnership integrating LogRhythm’s best-in-class SIEM 2.0 platform with QualysGuard Vulnerability Management (VM). The integration of QualysGuard’s accurate vulnerability data with SIEM 2.0’s network security event information provides customers with deeper insight and greater situational awareness for better protection against cyber threats.

The integration provides:

• A QualysGuard VM feed that identifies and catalogs assets and discovers vulnerabilities at the scale of customers' organizations
• Alarm capabilities that notify users when imported vulnerabilities match preset thresholds
• Normalized QualysGuard vulnerability data that can be used in LogRhythm’s SIEM 2.0 correlation engine to help users prioritize events

"We’re very pleased to be working with Qualys to provide our customers with reliable vulnerability data to help them protect against the latest cyber threats," said Matt Winter, vice president corporate & business development at LogRhythm. "Together, our API-level integration allows our customers to further leverage vulnerability data and to achieve greater security intelligence and situational awareness through LogRhythm’s SIEM 2.0 solution."

Read the full release.

LockPath, a provider of innovative governance, risk and compliance (GRC) applications today announced an integration partnership with Qualys to offer businesses unique visibility into their security and risk postures. With the partnership, users can benefit from QualysGuard’s highly accurate vulnerability data from scans of enterprise assets automatically imported into LockPath’s GRC solution, Keylight, augmenting its risk reporting capabilities with security intelligence to produce a holistic view of business risk.

"Through our partnership with Qualys, users gain an almost immediate understanding of how discovered vulnerabilities fit into the context of their organizations' overall security and risk posture," said Chris Caldwell, CEO, LockPath. "The effortless and streamlined integration of the Keylight platform with QualysGuard VM further validates what we believe is our obligation to ensure our Connector Library enables our customers to avoid fragile and time-consuming custom integrations."

For more information on the Keylight platform, download the datasheet. Read the full news announcement.