Qualys Expands QualysGuard PCI Cloud Platform to Help Organizations Meet New Internal Scanning Requirements of PCI DSS 6.2
Unified Solution to Address Both Internal and External PCI Scanning Requirements
REDWOOD CITY, Calif., Oct. 11, 2012 – Qualys Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that it has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements. The solution, used by thousands of businesses, online merchants and Member Service Providers, now includes workflows for risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements, pass quarterly scans and maintain continuous PCI compliance. Qualys is an Approved Scanning Vendor (ASV).
Merchants dealing with credit card transactions must comply with PCI DSS to ensure that customers’ sensitive payment card information is protected. For smaller organizations, PCI DSS compliance can be overwhelming, especially with the latest PCI DSS 6.2 changes that became effective June 30, 2012 that require robust internal scanning and reporting. The new requirements for risk ranking vulnerabilities and passing quarterly internal scans add new process requirements, taking significant effort. QualysGuard PCI, which automates the quarterly scanning requirements for PCI DSS 11.2 for external systems, now includes new workflows for scanning internal systems with customized risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements.
“Implementing PCI DSS controls, passing a PCI assessment, and then maintaining PCI DSS compliance in the face of changes present a critical challenge for all organizations subject to PCI mandates. As the standard itself evolves in parallel with IT and the business environment, the need for actionable guidance on how to deal with such ever-present change can only grow,” said Anton Chuvakin, research director at Gartner.
QualysGuard PCI provides a broad solution that helps customers meet the latest PCI DSS internal requirements, enabling them to:
- Utilize Approved Scanning Vendor (ASV) solution to meet both external and internal scanning to satisfy the requirements for PCI DSS.
- Perform unlimited PCI scanning on both external and internal systems and Web applications.
- Rank vulnerabilities according to the criticality of the assets to manage the overall risk and customize it for each organization.
- Generate PCI specific reports to document both internal quarterly scan compliance and external ASV scan requirements with executive, technical, and risk-rank reporting.
“The QualysGuard PCI Cloud Platform is now used by more than 69 percent of ASVs, 50 percent of QSAs and 2,000 organizations worldwide, and with this new release provides a unified solution to address both internal and external PCI DSS scanning requirements,” said Philippe Courtot, chairman and CEO for Qualys. “Because it is cloud-based, it offers an easy-to use, cost-effective solution helping companies of all sizes continuously meet PCI DSS standards to secure their data and IT assets from cyber attacks.”
About QualysGuard PCI Compliance
QualysGuard PCI Compliance, or QualysGuard PCI, works to provide organizations that store cardholder data with a cost-effective and highly automated solution to verify and document compliance with PCI DSS. QualysGuard PCI allows merchants to complete the annual PCI Self-Assessment Questionnaire, or SAQ, to perform vulnerability scanning for quarterly PCI audits and to meet the demands of PCI for web application security.
About QualysGuard Cloud Platform
The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions helps provide organizations of all sizes with a global view of their security and compliance posture, while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enable customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.
Qualys Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 5,800 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
 Gartner, Inc., “Maintaining PCI Compliance: Assess the Impact of Changes in Business, Technology, and PCI DSS,” by Anton Chuvakin, November 15, 2011