All Posts

65 posts

Qualys Introduces New Services and Major Technological Innovations to QualysGuard Cloud Platform

RSA_BlogpostArt_D2.pngQualys today announced at RSA Conference USA 2012 major enhancements to its QualysGuard Cloud Platform and suite of integrated applications for security and compliance. These new innovations will extend the cloud platform capabilities to help customers improve the security of their IT systems and applications, further automate their compliance initiatives for IT-GRC and provide online protection against cyber attacks, while reducing operational costs and increasing the efficiency of their security programs.

Qualys will unveil these latest major technological innovations tonight at booth #1431 at 7:00 p.m. PT at the RSA Conference USA:

  • Web Application Firewall (WAF). A brand new cloud service from Qualys, QualysGuard WAF protects web sites from unwanted requests and a range of online threats from spammers to SQL injection to DDoS, and provides increased web site performance through caching, compression and content optimization.
  • Zero-Day Risk Analyzer Module. Built on VeriSign’s iDefense zero-day security intelligence services, this new QualysGuard service allows customers to analyze zero-day threats and estimate their impact on their IT infrastructures and critical systems based on information collected from previous scan results.
  • Patent-Pending Technology for Enterprise Asset Management. Allows customers to tag assets dynamically based on scan results and to categorize assets in a hierarchical manner to keep pace with changing environments. Tags can then be used in all workflows including scanning, reporting or assigning security and access to assets.
  • Customizable Questionnaires Service for IT- GRC. Extends the QualysGuard Cloud Platform’s policy compliance capabilities to automate manual control assessments with a customizable questionnaire based on a repository of nearly 1,000 pre-mapped policy documents via the Unified Compliance Framework. Workflows are also provided out-of-the-box that can be tailored to fit business processes.
  • Malware Detection Service, Enterprise Edition. Built on the popular free Malware Detection service, the enterprise version will allow customers to track malware on multiple web sites with advanced reporting and notification options.
  • General Availability of Virtualized Scanner Appliances. Allows customers to deploy virtual scanner appliances in various modes – on laptops for mobile consultants, in data centers for enterprise scanning and in the Amazon EC2 and VPC platforms for cloud deployments.

Read the full announcement.

Leading Analyst Firm Ranks Qualys #1 for Third Consecutive Year in Device Vulnerability Assessment

Qualys today announced that IDC ranked the company number one for Worldwide Device Vulnerability Assessment Revenue Share for 2010 by Vendor for the third consecutive year with 14.9 percent growth. This growth, documented in the IDC Worldwide Security and Vulnerability Management 2011-2015 Forecast and 2010 Vendor Shares, is contributed to accelerated adoption of Qualys' cloud-based security and compliance solutions by global enterprises. To date Qualys has gained the following adoption to its cloud-based services within global indices including 50 percent of the Forbes Global 100, 48 percent of the Fortune 100, 60 percent of Dow Jones 30, 41 percent of NASDAQ 100, 43 percent of DAX 30, 58 percent of CAC 40, 41 percent of FTSE 100 and 17 percent of Nikkei 225.

"Qualys continues to grow its market share with comprehensive vulnerability management services that help organizations proactively scan critical assets and take the action needed to reduce risk," said Charles Kolodgy, research vice president for security products at IDC. "Qualys has also effectively used its cloud-based delivery model to offer low cost, comprehensive services that are easily integrated with partner solutions so organizations can quickly respond to rapidly evolving threats.

IDC predicts Worldwide Vulnerability Assessment Market revenues will grow by 9.7 percent from 2010 to 2015, with a projected value in 2015 of $1.2B. "Given the importance of risk management, government regulations, and exposure through vulnerabilities, the security and vulnerability management market is full of opportunity," said Kolodgy in the report.

View the full announcement. To read an excerpt from the report, visit

Qualys Expands Popular FreeScan Service for SMBs

scan-results.pngQualys today announced the availability of its new and improved FreeScan service to help small and medium businesses (SMBs) audit and protect their web sites from security vulnerabilities and malware infections. The new FreeScan service allows SMBs to scan their web sites for of malware, network and web application vulnerabilities, as well as SSL certificate validation, helping web site owners identify risk before hackers do in order to prevent data beaches and protect online visitors from infections.

"Web sites are often vulnerable to attack, and oftentimes sites are compromised without the knowledge of the web site owners or its users," said Scott Crawford, research director for EMA. "While organizations want to ensure security, many lack the resources to identify possible security issues, or they do not know where to start. Using a free service like Qualys FreeScan can help organizations proactively gain visibility into possible issues so they can take the steps needed to protect their web sites and online visitors."

Powered by Qualys' cloud-based platform that hosts the QualysGuard® security and compliance suite of applications, FreeScan is a free service that scans for:

  • Network perimeter vulnerabilities
  • Web application vulnerabilities
  • Web site malware infections
  • SSL certificate validity

The scan results also provide guidance on remediation to fix identified vulnerabilities and remove malware infections. The new service is available at

Read the full announcement.

MetricStream Partnership Brings Actionable Security and Risk Intelligence to IT-GRC

MetricStream today announced the integration of MetricStream IT-GRC Solution with QualysGuard® Vulnerability Management (VM). The joint solution provides a single robust framework to automatically monitor and capture all asset and network vulnerabilities, and route them through a systematic process of investigation and remediation. This integration enables customers to quickly identify and report on the vulnerabilities affecting business critical assets, map security issues to business applications, and aggregate and rollup risk information across their enterprise for proactive mitigation.

"IT security managers are under enormous pressure to protect IT assets – a task that becomes more challenging as networks grow more complex, and security threats become more sophisticated," says Vidya Phalke, CTO at MetricStream. "The use of virtualized infrastructure is rising, smart phones and tablets are proliferating, reliance on managed IT services is increasing, and business managers are independently driving the adoption of cloud applications. These trends are introducing a whole new class of risks and threats that enterprises need to deal with. Our partnership with Qualys will strengthen organizations' ability to tackle these security risks and compliance challenges."

Read the full announcement.

Dept. of Homeland Security Unites Groups to Combat Cyber-Crime

Yesterday morning as part of National Cyber Security Awareness Month, I had the privilege to attend a breakfast and NASDAQ bell ringing ceremony with Secretary of Homeland Security Janet Napolitano at the NASDAQ Market Site in Times Square, New York City.

The morning included a roundtable with participants from law enforcement, the government and the private sector discussing ways to fight cyber crime, and emphasized the Department of Homeland Security’s (DHS) commitment to forge partnerships in order to create a safe, secure, and resilient cyber environment.

I very much enjoyed the opportunity to discuss the current state of cyber security with so many leaders from both the private and public sectors.

Secretary Napolitano explained that the private and public sector must work together to ensure greater awareness of the issue of cyber security, improved sharing of information, and a more coordinated response to cyber security incidents. Malicious actors are working to steal money, intellectual property, personal identity information, as well as disrupt our economy. She explained how DHS is working to improve the state of cyber security. The take-home message is clear: Security awareness is the key to preventing cyber attacks, and private industry and government must work closely together to improve our ability to safeguard intellectual property and ensure our continued economic prosperity.

The theme of National Cyber Security Awareness month is STOP. THINK. CONNECT.


When you cross the street, you look both ways so make sure it’s safe. Staying safe on the Internet is similar. It takes some common sense steps — STOP. THINK. CONNECT.

STOP. Before you use the Internet, take time to understand the risks and learn how to spot potential problems.

THINK. Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family’s.

CONNECT. Enjoy the Internet with greater confidence, knowing you’ve taken the right steps to safeguard yourself and your computer.

STOP. THINK. CONNECT. Protect yourself and help keep the web a safer place for everyone.

Qualys has been working for the last 10 years to help customers identify and remediate potential vulnerabilities to secure and protect information and IT assets. We feel strongly that industry and government collaboration is needed to effectively fight cyber-crime; after all, attackers share information, so we need to share information to best protect ourselves. This event along with this month’s activities for National Cyber Security Awareness Month, are steps in the right direction, and we look forward to increased collaboration and sharing of information to fight cyber crime.

— Andrew Wild, CSO for Qualys

New Free Audit Service to Secure Web Sites from Malware and Vulnerabilities

Qualys today introduced a new free audit service to help companies detect and eliminate malware and vulnerabilities from public or Internet-facing web sites. Available at, the free service is called FreeScan and Qualys will showcase it at the RSA Conference Europe 2011 in booth P1 on October 11-13.

"In a few minutes, Qualys FreeScan can help organizations get visibility of their web site security postures so they can be proactive and take the next steps needed to protect their web sites and online visitors from malware and loss of customer data," said Philippe Courtot, chairman and CEO for Qualys. "Thanks to the power of our security as a service platform, we are able to deliver such a valuable service to the community as a free service."

Read the full announcement.

Qualys Presents New Consultant Edition, WAS 2.0 and New UI at Black Hat 2011

Today at Black Hat in Las Vegas, NV, Qualys will be showcasing in Booth 206:

  • New UI for the QualysGuard IT Security and Compliance SaaS Suite, now available in beta for all customers. The new context-based UI features interactive dashboards, streamlined workflows, actionable menus and filters with improved visual feedback, making it easier for customers utilize the comprehensive services in the QualysGuard Suite. Click here to view a demo of the new beta UI.
  • QualysGuard WAS 2.0, enabling organizations to leverage the power and scalability of the cloud to discover, catalogue and scan large numbers of web applications. The new version also simplifies the complexity and reduces costs of web application scanning with an intuitive, easy-to-use automated solution with an extremely low false positive rate and a rich dynamic user interface (UI) that simplifies the workflows for scanning and reporting
  • The new edition of the QualysGuard Consultant service, featuring virtualized scanner appliances (vScanners) and a report customization module. The new edition delivers accurate network auditing, comprehensive vulnerability assessments, policy compliance and web application scanning, reducing time on-site for consultants and providing data-rich, customizable reports – all at a lower cost. Learn more and sign up for the vScanner beta here.

Qualys is also hosting tonight with Dell SecureWorks the "Absolut Cloud Party" at the Bank at the Bellagio.

Qualys Wins CEO of the Year and Best SME Security Solution at the 2011 European SC Magazine Awards

sc_awards_2011_124436.gifQualys today announced that it has received SC Magazine Europe 2011 awards for Best SME Security Solution and CEO of the Year. Qualys Chairman and CEO Philippe Courtot accepted the awards presented by SC Editor Paul Fisher at a special gala event held on April 19th at the London Hilton on Park Lane.

"We are delighted to see QualysGuard Express gain recognition for Best SME Security Solution for the second year in a row, and I feel very honoured to be named CEO of the Year," said Courtot. "These awards are a testament to the accelerated adoption of the SaaS model for security by large and small companies across the world. We want to thank our early adopters and customers who, like us, believed in the promises of SaaS and supported us over the years."

Read the full news release.

Dimension Data Partners with Qualys

Today at InfoSecurity Europe, Qualys announced that Dimension Data will offer the QualysGuard IT Security and Compliance Suite as part of its portfolio of solutions to organizations around the globe. As a QualysGuard Managed Security Services Partner (MSSP), Dimension Data plc, a specialist IT services and solutions provider, will offer the QualysGuard suite of SaaS applications to help global organizations of all sizes to successfully achieve both vulnerability management and policy compliance initiatives cohesively, while reducing costs and streamlining operations

"We are looking forward to bringing the QualysGuard offerings to organizations aiming to build and maintain effective pro-active risk management strategies," said Neil Campbell, General Manager, Security Solutions for Dimension Data. "As we work with clients to support their business and technology objectives, the QualysGuard suite of security offerings delivered from the cloud provides powerful, flexible security services that complement and integrate well with other solutions and services that we offer."

Read the full announcement.

Qualys Partners with StopBadware to Help Combat Malware on the Internet

Qualys today announced that it is partnering with the non-profit anti-malware organization StopBadware. The two organizations will leverage one another’s strengths to bolster the Web’s collective defenses against malware. Qualys CEO Philippe Courtot is also joining the StopBadware Board of Directors. Qualys joins industry leaders including Google, Mozilla, PayPal, Nominum, and Verizon in supporting StopBadware.

"Qualys' track record as an industry leader is indisputable," said Maxim Weinstein, StopBadware’s executive director. "The company brings not only considerable expertise to this partnership, but also data, research and tools that we at StopBadware are excited to utilize in expanding our reporting capabilities and strengthening our own initiatives to protect Internet users."

StopBadware has, since its creation in 2006, worked to provide educational resources and an appeals process for webmasters whose sites have been blacklisted for badware content. Read the full news release.