Success - On Time, On Budget, On Demand

For us, the only way to measure success is through the results we deliver to each and every customer. Achieving effective IT security and regulatory compliance, in harmony with business objectives, is imperative for our customers' success - regardless of the uniqueness of their business, their culture and size. Here's how, in their words, we've helped thousands of companies get there.

Industry: Education

Headquarters: New London, New Hampshire

Students: 985+ undergraduates

Employees: 380+

"I can tell you that all of the time and effort we've invested in security has paid off. Our workload has been cut dramatically. We're much more efficient now — and much more secure. Qualys provides us the easiest way to prioritize and fix our software vulnerability and configuration issues. You plug it in, and it works."

Information Security Analyst

Objectives

Provide effective IT security throughout its network to ensure a secure and highly-available academic environment.
Manual vulnerability scans lacked visibility into Colby-Sawyer infrastructure, and failed to easily identify servers and vulnerabilities that jeopardized security and compliance efforts.

Results

QualysGuard quickly became a critical part of its risk management program, enabling the college to conduct daily scans of its critical servers and externally-facing network addresses.
Automated on demand security and vulnerability audits, highly accurate vulnerability and configuration scans, and comprehensive reporting capability.

Read Case Study

Industry: Education

Headquarters: Columbus, Ohio

Employees: 300+

Students: 3,115+

"QualysGuard not only helps us to secure our systems better, but it adds value because it makes us more efficient. It streamlines our vulnerability management efforts so that we can focus better on innovative IT initiatives that add value to the university."

CIO

Objectives

Improve risk management and IT governance efforts.
Automate vulnerability identification and remediation.
Ready the university for eventual ISO 17799 certification.

Results

The university was able to quickly move from manual vulnerability assessments to a fully automated vulnerability management and policy compliance program.
Rapidly remediate vulnerabilities across the university's network, and better manage IT assets through network discovery, detailed mapping, asset prioritization, vulnerability assessment reporting and remediation tracking.
Effectively put into place a mature security and risk management program, that is a core part of the university's IT governance program necessary for eventual ISO 17799 certification.

Read Case Study

Industry: Healthcare

Location: Greater Chicago Metropolitan Area

Business: The University of Chicago Medical Center (UCMC) is a nonprofit corporation providing medical care to residents of the Chicago metropolitan area and beyond

Size: $1+ billion

Employees: 9,500+

"QualysGuard enables us to automate our risk management and compliance functions, and we will continue to leverage QualysGuard to automate manual processes wherever possible. This is how QualysGuard improves our security and gives us more time to focus on other strategic things."

Lead Security Engineer

Objectives

Consolidate multiple vulnerability management applications across multiple locations
Provide security and IT operation teams as well as business managers with the risk and regulatory compliance reports they need for their specific job functions

Results

The QualysGuard suite automates and unites vulnerability management and policy compliance across the organization
Achieved continuous vulnerability management with high accuracy rate
Streamlined workflow with integrated remediation ticketing system improving overall security and HIPAA compliance

Read Case Study

Industry: Education

Headquarters: Moscow, Idaho

Employees: 850+

Students: 12,000+

"QualysGuard is accurate and easy to use. We didn't trust the open source tool we were using, and we couldn't get consistent results. Each time someone ran a scan, the settings and the results were different. With QualysGuard, anyone on my team can use it, and its results are accurate and consistent."

Networks and Systems Manager

Objectives

Improve the IT security of the university by distributing security responsibilities throughout its staff.
Maintain PCI DSS compliance for those systems that support its credit card payments.
Spot misconfigured PCs and servers, out of date operating systems and applications, and provide operations teams the crucial fixes they need for rapid remediation.

Results

QualysGuard enables the university to distribute the ability to conduct vulnerability assessments across its staff.
Streamlines University of Idaho's ability to maintain PCI DSS compliance.
QualysGuard virtually eliminated false positives.

Read Case Study

Industry: Education

Headquarters: Salt Lake City, Utah

Employees: 17,000+

Students: 28,000+

Business: One of the top public research universities in the nation that provides more than 100 undergraduate and 90 graduate degree programs

"Our security program is getting to the point we wanted to reach all along: where the vulnerability scans are transparent. It's as if there was this angst when the security team showed up before, and, 'oh no, we are going to get scanned again.' That's all gone now."

Manager of Information Security Operations

Objectives

Keep the University's IT infrastructure, which consists of thousands of servers and tens of thousands of endpoints totaling more than 30,000 individual IP addresses, secure and compliant to the Health Information Portability and Accountability Act, HIPAA.

Results

QualysGuard continuously assesses the security of the University's internal, and externally-facing IT systems.
QualysGuard provides the University the ability to better discover and manage all of its networked devices – desktops, servers, routers, and more to create detailed reports for regulatory compliance.
The quality of the assessment reporting has helped to improve the relationship between the security group and operation teams.

Read Case Study

Industry: Financial Services

Headquarters: Osceola, Iowa

Locations: 5 branches throughout Iowa

Total Assets: $289.4 million

"When we receive notifications from our QualysGuard scans we instantly see a comparison to the previous scan and know if everything is okay, or if there is a new vulnerability we need to take care of right away."

Network Administrator

Objectives

Secure American State Bank's new online banking services.
Meet internal and FDIC security compliance demands.

Results

QualysGuard Express enables the bank to quickly and cost-effectively reduce security risks throughout the organization and meet complex banking regulatory demands.

Read Case Study

Industry: Financial Services

Headquarters: San Francisco, California

Locations: 680+ branches throughout US

Employees: 10,700+

Customers: 3+ million households throughout 19 states

Total Assets: $54 billion

"The QualysGuard solution is easiest to deploy, requires the least maintenance in terms of day-to-day care and feeding, has the least potential for conflicts with our existing platforms and production environment, and is economical."

VP of Network Engineering and Operations

Objectives

Efficiently identify and eliminate network vulnerabilities across multiple operating system platforms and applications.
Regulatory reporting to prove security compliance.
Rapid deployment and user training for a reliable vulnerability management solution.
Ability to easily handle branch and company expansion.

Results

With QualysGuard, Bank of the West was able to scan their entire network within hours and successfully identify and eliminate risks.
Able to now meet regulatory security requirements using QualysGuard reports.
Bank of the West has been able to effortlessly increase their use of QualysGuard as the network demands of the bank grow without any additional overhead or staff.

Read Case Study

Industry: Financial Services

Headquarters: Romania

Locations: over 1200 branches

Employees: 7000 employees

"QualysGuard has helped us to bring a higher level of governance to our risk management program. And we plan to extend our use of QualysGuard to our disaster recovery data center and integrate QualysGuard still more deeply into our global information security strategy for many more years."

Chief information security officer, CEC Bank

Objectives

Centralized Risk Management program
Easy to deploy, integrate, and use of Vulnerability Management Solution

Results

QualysGuard is used in order to comply with the existing regulations of the Ministry of Communications and Informational Society and National Bank of Romania

Read Case Study

Industry: Financial Services

Headquarters: United Arab Emirates

Locations: 20+ branches

Business: Retail and commercial banking services

Annual Revenue: AED 600+ million

Total Assets: AED 18+ billion

"We no longer have to spend so much time checking the accuracy of scanner reports, or maintaining the software. We simply assess our network regularly and can trust Qualys' results."

Senior Manager and Head of IT Security

Objectives

Needed an effective and efficient way to keep its network and IT infrastructure secure and updated with the latest security patches.
Put into place an automated, repeatable, verifiable way to manage software vulnerabilities.
Open source vulnerability scanners lacked accuracy, and IT security team-members had to spend inordinate amounts of time sorting the false positives from actual vulnerabilities.

Results

CBD selected QualysGuard from Qualys Inc., thus enabling the bank to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, and track security fixes.
The thorough QualysGuard scans not only provide the ability to identify and mitigate vulnerabilities and misconfigurations; its comprehensive reporting can be tailored for security teams, IT operations, and the bank's business executives.
Perhaps the greatest saving comes from QualysGuard's accuracy and the fact that security team members no longer have to waste extraordinary amounts of time chasing false positives.
Today, CBD conducts automated QualysGuard scans of its internal network every week, and of its external, Internet-facing networks every day.

Industry: Automative Manufacturing / Financial Services

Headquarters: Stuttgart, Germany

Locations: Worldwide

Employees: 260,100+

Annual Revenue: €97+ billion (2010)

Objectives

Provide a transparent, complete and current view on the entire IT landscape for risk assessment.
Continuously monitor infrastructure weaknesses and pinpoint root-causes across the globe.
Prioritize, coordinate and address local system remediation. Support compliance with internal and external policies and regulations.

Results

QualysGuard VM required little additional infrastructure (self-managed appliances only) to deploy or manage.
Automated many aspects of the vulnerability management lifecycle: network asset discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking.
Ability to segment network assessments and associated reporting based on role and responsibility.
Straightforward, easy-to-understand licensing regulations.

Read Case Study

Industry: Financial Services

Headquarters: Oswego, IL

Business: Credit union serving the Chicago metropolitan area

Total Assets: $200+ million

Employees: 84+

"Qualys went above and beyond the other vendors. It thoroughly demonstrated its service, and helped walk me through an actual scan. It spent time teaching me the product. None of the competitors came close. The quality of the product and the demonstration cinched Qualys for me."

Information Technology Manager

Objectives

Provide an additional, yet crucial, layer of defense to its existing IT and physical security safeguards through automated vulnerability assessments.
Improve its vulnerability risk management program, which includes the ability to discover network assets and applications, identify vulnerabilities, provide remediation information and workflow, and then validate that the vulnerabilities have been fixed.

Results

QualysGuard provided automated, and highly-accurate vulnerability identification.
QualysGuard provides the credit union the ability to better discover and manage all of its networked devices - desktops, servers, routers, and more to create detailed reports that are used throughout all levels of administrators and business leaders.
QualysGuard has dramatically improved vulnerability reporting, especially helpful for internal auditing and compliance efforts.

Read Case Study

Headquarters: Wroclaw, Poland

Scope: Growing retail bank with 3,100 employees and more than 500 bank branches across Poland

Size: 3,100 employees; 500 bank branches throughout Poland

"QualysGuard makes it possible for us to get so much more done with such less effort. With our previous scanner, it took 20 hours a week for us to conduct our work. With QualysGuard, that time is reduced to three hours a week. Most everything is accomplished automatically now with an 85 percent time savings."

IT security manager, Euro Bank

Objectives

The bank wanted to find a way to automate many aspects of its vulnerability management lifecycle.

Results

A single QualysGuard appliance can assess 30 of the bank's internal networks centrally.
Increased Automation and System Transparency.
Highly accurate vulnerability and configuration scans.
Detailed, comprehensive, actionable reporting.

Read Case Study

Industry: Finance Services

Headquarters: Karlsruhe - Germany

Employees: 3,000

"QualysGuard enables us to collect security and compliance information from all of our global IT assets without having to deploy agents and to leverage this data across multiple compliance and regulatory initiatives. This enables us to drastically reduce the cost of compliance reporting while gaining an accurate view of our security and compliance posture."

Chief Security Officer

Objectives

Replacement of the Nessus opensource solution with a commercial risk-management tool

Results

Easy implementation of the solution & self-explanatory
Various views and reports
Little administration and support required

Read Case Study

Industry: Financial Services

Headquarters: Cincinnati, Ohio

Business: Diversified financial services company

Locations: Operates 18 affiliates with 1,167 full-service banking centers throughout the US

Employees: 21,000+

Annual Revenue: $8.5+ billion

Total Assets: $220 billion in managed assets

"It's not about being secure the day the auditors show up. It's about being secure and compliant every month, week, day, and hour. And QualysGuard helps us to achieve and demonstrate that continuous level of security and compliance."

Manager of Information Security Vulnerability Management Team

Objectives

Fifth Third's vulnerability management team, dedicated to keeping 5,000 servers and 30,000 desktops secure, needed to move away from manual-based scanners that only allowed the team to run ad-hoc scans, and lacked the ability to centrally manage vulnerability data or trend the bank's risk management progress over time.
Attain more accurate scan results and organize data by business units, system platforms, and any other way needed.

Results

Fifth Third has 20 QualysGuard appliances deployed that continuously audit more than 30,000 specific IP addresses automatically throughout the bank's infrastructure.
Via QualysGuard's ability to assign highly-specific asset tags, the bank can now parse its vulnerability information in any way it needs. The bank can break down its reporting by machine types, business units, and many other ways.
Fifth Third has improved efficiency via the use of QualysGuard's API to automate report distribution to all IT managers, systems administrators and others.

Read Case Study

Industry: Financial Services

Headquarters: New Orleans, Louisiana

Locations: 9 branches throughout New Orleans

Employees: 200+

"Not only do we use QualysGuard to perform all of our vulnerability assessments, it also helps us demonstrate compliance with financial regulations and manage overall business risk. We now have direct control over assessment and remediation — and a truer picture of security for the Bank's management."

Data Security Officer

Objectives

Improve vulnerability assessment management and remediation processes.
Cost-efficiently strengthen the security of bank networks, computers and applications.

Results

QualysGuard Express provides cost-efficient, on demand vulnerability management - reducing risks and improving network security for the bank.

Read Case Study

Industry: Financial Services

Headquarters: Los Angeles, CA

Locations: 39 branch locations throughout the greater Los Angeles metropolitan area

Business: This full service bank offering an entire spectrum of financial products and services.

Total Assets: $6 billion

"The way QualysGuard is designed, everything — all the reports, all the scanning, all the results — is very easy to access from anywhere. All of this together: the automation, the detailed reports, and centralized management, translates into improved security. And that's exactly what we wanted to achieve."

Network Security Officer

Objectives

To ensure that its systems are both secure from breaches and always available to its customers

Results

QualysGuard provides First Fed a powerful and reliable way to protect and secure its systems throughout the entire vulnerability management life cycle, including asset discovery, asset grouping, vulnerability assessment and analysis necessary for effective vulnerability management.

Read Case Study

Industry: Financial Services

Headquarters: Singapore, a unit of ING Groep N.V

Business: Banking, insurance, and asset-management services

Annual Revenue: €15+ billion market value

Employees: 130,000+ employees

"QualysGuard helps us to complete the work we do every day more successfully. We can find security issues and close the gaps that need to be closed."

Chief Information Security Officer

Objectives

Move away from manual vulnerability scans, to automated and highly accurate vulnerability assessments.
Improve vulnerability assessment and mitigation reporting.

Results

Ability to discover and prioritize all network assets.
Accurately detect and eliminate the vulnerabilities that make network attacks possible.
Software-as-a-Service delivery model streamlines management.
Proactively identify and fix security vulnerabilities.
Manage and reduce business risk.
Enhanced the entire vulnerability management life cycle: asset discovery, vulnerability assessments, and tracking of security fixes.

Read Case Study

Industry: Financial Services

Headquarters: New York, New York

Locations: Global commodity futures and options trading exchange

"All it took was a phone call and less than an hour to get up and running. Implementation was amazingly easy. And the results were immediate. The return is instant; it was a no-brainer. I've got it to the point where, unless remediation is required, I spend 15 minutes a week to review reports from [our] security scans."

Chief Information Security Officer

Objectives

Ability to constantly monitor security posture, and implement controls to minimize risk of trade interruptions.
Consistently meet internal policy and regulatory requirements for NYBOT security and its backup trading sites.
Attain these objectives without any increase in IT security personnel.

Results

QualysGuard provided an immediate way for NYBOT to implement a comprehensive vulnerability management system.
QualysGuard helped NYBOT to attain all key security and compliance objectives

Read Case Study

Industry: Banking and Financial Services

Headquarters: Hungary

Locations: OTP Group operates in eight countries including Bulgaria, Croatia, Romania, Serbia, Slovakia, Ukraine, Montenegro, and Russia

"The amount of work we are able to do now and the amount of risk we can reduce are not even remotely comparable with the past: we can manage many more systems and do so much more efficiently with QualysGuard VM."

Head of Information Security Department, OTP Bank Ukraine

Objectives

Automate Vulnerability Risk Management: automatically discover all network devices, identify vulnerabilities, and provide mitigation information and guidance based on business value.
Correlate assessment results efficiently and with accuracy.

Results

Greater Risk Reduction While Utilizing Fewer Resources.
Detailed network discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking according to business risk.
Maintain compliance with PCI DSS.

Read Case Study

Industry: Financial Services

Headquarters: London, UK

Locations: 1,400+ locations throughout more than 50 countries

Employees: 60,000+

"Being able to report on remediation and response plans has also helped us meet strict financial compliance requirements. QualysGuard reports give me and my security team an instant overview of the overall level of health of security in my organization."

Group Head of Information Security

Objectives

An effective way to quickly and efficiently tackle critical security problems in the bank's high risk, high profile environment.
Develop an effective, global, risk-driven approach to security in their highly distributed enterprise.

Results

QualysGuard Enterprise provides the bank fast and efficient automated network discovery, patching, and fix verification.
Effective patch prioritization and easy integration with the bank's existing proprietary security applications.

Read Case Study

Industry: Financial Services

Headquarters: Latvia

Employees: 248

Business: The oldest bank in Latvia

Total Assets: 6,896,000 Lats

"QualysGuard has helped us achieve exactly what we needed to do for vulnerability management and risk reduction."

IT Security Administrator

Objectives

Put into place a sustainable vulnerability management program
Maintain compliance to PCI DSS

Results

QualysGuard proved to be the effective, cost-efficient solution.
As an on demand service, QualysGuard VM requires no additional infrastructure to be deployed.
Able to run as many assessments as needed without additional costs.

Read Case Study

Industry: Financial Services

Headquarters: Overland Park, Kansas

Business: Full-service independent securities broker/dealer

Size: 300+ registered representatives, 80,000+ client accounts

"We wanted to secure our systems more efficiently, as well as prepare for new regulations. Qualys has helped us with both objectives."

Network Engineer

Objectives

Sought a more effective way to enhance their security and regulatory compliance efforts by putting in place an effective and sustainable vulnerability and risk management program.
Needed to move away from ad hoc security efforts to a more automated, accurate, and demonstrable way to maintain the security of the systems that support its 300 registered agents.
Obtain clear, actionable vulnerability and risk reports for administrative staff and management.

Results

VSR Financial chose QualysGuard from Qualys Inc., making it possible for the firm to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, and track security fixes.
The thorough QualysGuard scans not only provide the ability to identify and mitigate vulnerabilities and misconfigurations; its comprehensive and actionable reporting makes it possible to resolve issues as quickly as possible.
Today, QualysGuard has helped VSR Financial to obtain its vulnerability management goals. And the firm is confident that QualysGuard will also keep it prepared for all possible future regulations that will affect the broker/dealer industry.

Read Case Study

Industry: Financial Services

Headquarters: San Dimas, California

Locations: 1,000+ member/owner credit unions

Employees: 450+

Total Assets: $24+ billion

"In vulnerability management, it's all about response time. Qualys' remediation agent directly assigns tickets to fix things to my network technicians. The system then tracks those fixes."

Director of Enterprise Security

Objectives

Move away from time-consuming, manual scans to automated vulnerability assessments.
Ability to correlate and prioritize vulnerabilities to mitigate risks as soon as possible.

Results

QualysGuard made it possible for WesCorp to conduct automated, on demand vulnerability scans.
By correlating QualysGuard's vulnerability information with WesCorp's IT asset values, the financial services cooperative is able to instantly identify and remedy the most critical threats to its infrastructure.

Read Case Study

Industry: Government

Headquarters: Tallahassee, Florida

Locations: Throughout Florida

Employees: 17,000+

Customers: 17+ million

"With QualysGuard, we gained the ability to automatically scan everything we own for vulnerabilities. And it provides us with a documentation path for all servers including best security practices, vulnerability ranking and patches."

Bureau Chief, Strategic IT

Objectives

Revamp security policies and procedures to match legal requirements.
Cost-efficiently improve network security of public health services and personal health data.
Overcome lack of IT security staffing and distributed operations.

Results

After a three month analysis of market alternatives, the Florida Department of Health (DOH) selected QualysGuard as its primary way to find vulnerabilities, manage the remediation process, and verify the execution of other automated security processes such as patching.
The Florida DOH now scans its entire network once a month, and critical systems are scanned daily to ensure they meet all internal security and regulatory mandates.
QualysGuard's service-based model allows the department to save up to 90 percent of the cost associated with manual, software-based vulnerability management processes.

Read Case Study

Industry: Government

Headquarters: Arlington, VA

Employees: 315+

Business: Consulting firm that specializes in scientific, engineering, and security technologies.

"While we were testing QualysGuard, a serious client-side vulnerability had just come out. The day after the vulnerability was announced, Qualys was able to detect it."

Senior Network Security Engineer

Objectives

Move away from manual vulnerability scans, to automated and highly accurate vulnerability assessments.
Improve vulnerability assessment and mitigation reporting.

Results

Ability to discover and prioritize all network assets.
Qualys helps us meet our mission to ensure the efficiency of business operations by maintaining a resilient, flexible and secure network.
Accurately detect and eliminate the vulnerabilities that make network attacks successful.
Software-as-a-Service delivery model streamlines management.
Proactively identify and fix security vulnerabilities.
Manage and reduce business risk.
Ensure compliance with laws, regulations and corporate security policies.

Read Case Study

Industry: Government

Headquarters: Quantico, Virginia

Scope: MCCS provides members of the U.S. Marine Corps the services they need during their time in uniform — from helping them run their finances, further their education, or relocate to their next station. MCCS also provides a growing number of restaurants, clubs, and stores, including 17 main exchanges, 96 branch and convenience stores, service stations, and more than a dozen clothing stores.

"QualysGuard has increased our efficiency and accuracy, and saves us a whole lot of time. We don't have to do much of anything except act on its reports. We don't have to chase down remediation information. And we know that our patches have been pushed out successfully. We always know that we're patched across the board."

Network Services Manager

Objectives

Secure its IT infrastructure, which includes more than 900 routers, 300 Windows servers, approximately 160 UNIX servers, and about 160 IBM systems that handle retail point-of-sale and inventory.
More accurately discover, manage and remedy the vulnerabilities across its network.

Results

QualysGuard provided an automated, and highly-accurate way to help manage the MCCS' continuous vulnerability management program.
QualysGuard security assessment results are fed to the MCCS' Windows Server Update Services (WSUS), a Microsoft tool that helps to facilitate the deployment of software updates. Now, the vulnerability mitigation and patching processes associated with 160 different Windows applications is managed by a five person administrative staff.

Read Case Study

Industry: Healthcare

Headquarters: San Diego, California

Business: ASH provides complementary health benefits, fitness, and health improvement programs

Size: National, 13+ million members, Privately held

Employees: 380+

"I've never found any other vulnerability management tool that is as comprehensive as QualysGuard. We never have encountered a situation in which a third-party audit found something QualysGuard didn't."

Senior Director of IT Operations and Information Security Officer

Objectives

Cost-effectively achieve ongoing IT security and regulatory compliance risk mitigation for its own network.
Simplify PCI compliance.
ASH doesn't have a staff dedicated to IT security; as a result, its IT director and system administration team need the most automated way to keep its systems secure and compliant.

Results

QualysGuard provides the company the ability to centrally manage the risks associated with all of its networked assets, and quickly identify and remedy those that are out of policy, misconfigured, or otherwise vulnerable.
As a PCI DSS-approved scanning vendor, Qualys makes it straightforward for ASH to conduct its annual self-assessments and quarterly network scans.
QualysGuard provides ASH's system administrators with a proactive way to protect the company's network throughout the entire vulnerability management life cycle, including asset discovery, asset prioritization, vulnerability assessment and analysis, remediation planning, and fix verification.

Industry: Healthcare

Headquarters: Danville, Pennsylvania

Locations: 38 throughout Pennsylvania

Employees: 9,900+

Customers: 2.5+ million

Total Assets: $1.5+ billion

"QualysGuard reports are an excellent solution for documenting IT security controls and compliance with regulatory requirements. QualysGuard helps us protect the security and integrity of our systems supporting our electronic medical record systems."

Chief Information Security

Objectives

Protect the security and integrity of EMR accessed online by clinical providers and patients, and comply with HIPAA security regulations.
Provide and verify security for a complex system of several patient and clinical provider Web portals with more than 435 network applications, 70 of which feed data to the EMR system.

Results

QualysGuard automatically finds vulnerabilities and documents remediation for its network that supports Geisinger's EMR system.
QualysGuard proved to save time by automating the processes associated with vulnerability management: from host discovery and vulnerability assessment to fix verification.

Read Case Study

Industry: Healthcare

Location: Greater Chicago Metropolitan Area

Business: The University of Chicago Medical Center (UCMC) is a nonprofit corporation providing medical care to residents of the Chicago metropolitan area and beyond

Size: $1+ billion

Employees: 9,500+

Lead Security Engineer

Objectives

Consolidate multiple vulnerability management applications across multiple locations
Provide security and IT operation teams as well as business managers with the risk and regulatory compliance reports they need for their specific job functions

Results

The QualysGuard suite automates and unites vulnerability management and policy compliance across the organization
Achieved continuous vulnerability management with high accuracy rate
Streamlined workflow with integrated remediation ticketing system improving overall security and HIPAA compliance

Industry: Insurance

Headquarters: Paris, France (Parent)

Locations: Worldwide

Employees: 17,000+

Annual Revenue: $104+ billion

Customers: 17+ million

Stock Symbol: AXA (NYSE)

"QualysGuard is technically the best vulnerability management solution... and epitomizes my vision of the ideal vulnerability management platform."

Global Security Architect

Objectives

Ability to ensure that public servers are highly secure, patches are up-to-date, and security policy standards are met without exception.
Maintain operating efficiencies and optimize profitability by deploying cost-saving technologies.
Accurate vulnerability data with comprehensive reporting.

Results

QualysGuard Enterprise provides a comprehensive, 360-degree view of AXA's network security.
A fully automated vulnerability management and workflow system for fast detection and remediation of security risks.
Dynamic reporting presents immediate visibility of network security posture across the entire organization.

Read Case Study

Industry: Healthcare

Headquarters: Philadelphia, Pennsylvania

Locations: Worldwide

Employees: 32,700+

Total Assets: $44+ billion

Stock Symbol: CI (NYSE)

"Before QualysGuard we had an ad hoc process; Qualys brought much stronger control and visibility into our processes. QualysGuard gives us the ability to detect our vulnerabilities across our network and really ensure that we have the level of security and compliance we need."

Chief Information Protection Officer

Objectives

Meet diverse regulatory compliance mandates, including: Sarbanes-Oxley, Gramm-Leach-Bliley, the Health Insurance Portability and Accountability Act (HIPAA), and others.
Ensure all systems are adequately secured, and that compliance controls remain in place.
Quickly and accurately detect systems not in compliance as well as the ability to take quick corrective actions.
Eliminate complex, ad-hoc processes for end-to-end vulnerability management.

Results

QualysGuard enabled CIGNA to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, track security fixes, and meet federal, state, and internal policy regulations.
Ability to quickly assess its complex infrastructure to make certain that proper security and mitigating controls are always in place.

Read Case Study

Industry: Financial Services

Headquarters: Latvia

Employees: 248

Business: The oldest bank in Latvia

Total Assets: 6,896,000 Lats

"QualysGuard has helped us achieve exactly what we needed to do for vulnerability management and risk reduction."

IT Security Administrator

Objectives

Put into place a sustainable vulnerability management program
Maintain compliance to PCI DSS

Results

QualysGuard proved to be the effective, cost-efficient solution.
As an on demand service, QualysGuard VM requires no additional infrastructure to be deployed.
Able to run as many assessments as needed without additional costs.

Read Case Study

Industry: Healthcare

Headquarters: Netherlands

Employees: 2,300+

Customers: 106+ million

Annual Revenue: $7+ billion

"We have a responsibility to protect the health care information of our customers. With QualysGuard, we know we're doing just that."

ICT System Security Consultant at VGZ-IZA-Trias

Objectives

VGZ-IZA-Trias sought an easy-to-deploy, highly accurate and automated way to manage and mitigate the vulnerabilities that threaten the security and regulatory compliance of its infrastructure.
VGZ also needed a vulnerability management solution that would enable the company to scan its infrastructure whenever needed, be up-to-date with the latest security checks, and not prone to time-consuming false positives.
Make certain VGZ's infrastructure remains compliant with Dutch government health care privacy regulations.

Results

VGZ-IZA-Trias selected QualysGuard Enterprise to automatically identify and mitigate system vulnerabilities.
QualysGuard eliminates the need for VGZ to deploy, maintain, and update any vulnerability management software.
The in-depth remediation information provided from QualysGuard helps VGZ to quickly remedy any uncovered vulnerabilities.
QualysGuard's 99.997% accuracy rate virtually eliminates all false positives.

Industry: Automative Manufacturing / Financial Services

Headquarters: Stuttgart, Germany

Locations: Worldwide

Employees: 260,100+

Annual Revenue: €97+ billion (2010)

Objectives

Provide a transparent, complete and current view on the entire IT landscape for risk assessment.
Continuously monitor infrastructure weaknesses and pinpoint root-causes across the globe.
Prioritize, coordinate and address local system remediation. Support compliance with internal and external policies and regulations.

Results

QualysGuard VM required little additional infrastructure (self-managed appliances only) to deploy or manage.
Automated many aspects of the vulnerability management lifecycle: network asset discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking.
Ability to segment network assessments and associated reporting based on role and responsibility.
Straightforward, easy-to-understand licensing regulations.

Industry: Manufacturing

Headquarters: London, UK

Locations: Worldwide

Employees: 32,000+

Annual Revenue: $11.9+ billion

Stock Symbol: ICI (NYSE)

"If you can't measure security, you can't manage it. Qualys lets me measure and manage my network security. Their reports demonstrate ongoing security improvement in working with IT suppliers."

Director of Global Information Security

Objectives

Attain a clear and accurate picture of at risk ICI devices.
Worldwide deployment of network security auditing solution.
Validate the network security of suppliers and ICI partners. And on demand ability to scan and see results from anywhere.

Results

QualysGuard worldwide deployment completed within hours.
ICI can now scan its entire global infrastructure for vulnerabilities at least once a week.
Automated security audits and remediation workflow across the enterprise.
Comprehensive documentation of ongoing security audits for management, auditors and government regulators.

Read Case Study

Industry: Food Manufacturing

Headquarters: Charlotte, NC

Business: Premier provider of consumer-preferred, niche snack food brands and snack food solutions in North America.

Employees: 5000+

Locations: Multiple factories in the US

"With QualysGuard, we now have an entire set of processes for performing assessments on all of our servers. We continually assess all of our critical systems and, unlike before, we now know exactly where we stand when it comes to IT risk."

IT Risk Manager

Objectives

IT security solution to protect IT assets
Continuously identify IT assets and network changes
Quickly and easily find systems in need of patching, software and configuration updates

Results

Ability to quickly, easily and accurately identify vulnerabilities
Automated life cycle of network auditing and vulnerability management across the enterprise
Discovery and mapping, asset prioritization, reporting and remediation tracking according to business risk
Ability to remedy flaws that make the latest exploits and attacks possible

Read Case Study

Industry: Manufacturing

Where: International

Headquarters: Manitowoc, WI

Annual Revenue: $4.5+ billion (2008)

Employees: 12,000+

Business: Manufacturer of equipment to the foodservice and construction industries

"QualysGuard gives us a comprehensive view of all of our endpoints around the world. Now we're always aware of the security posture of our systems, and QualysGuard provides a way to consistently audit to make sure administrators are getting the patching done."

IS Security Analyst

Objectives

Manitowoc wanted to make certain it was approaching its vulnerability management program as effectively as possible. And with more than 100 manufacturing and services facilities in 27 countries, that meant centralized management of its vulnerability management program.

Results

QualysGuard's deep vulnerability KnowledgeBase and automated ticketing system saves Manitowoc an enormous amount time.
QualysGuard enables Manitowoc to maintain a secure and sustainable IT infrastructure.
Manitowoc can manage IT vulnerabilities and risks, centrally, from around the world.
QualysGuard's powerful API enables the company to customize reports and effectively enforce security policy.

Read Case Study

Industry: Manufacturing

Branch of industry: Optical industry (digital cameras, endoscopes and microscopes)

Headquarters: Hamburg, Germany

Annual Revenue (FY 2009-2010): € 1,383.712 million

Employees: 4,700

"QualysGuard is the central basis for communication with our executives."

IT Audit Manager IT Security

Objectives

Assure that its IT infrastructure remains secure and in conformity with regulations
Automation and centralized guidance of weak-point analyses
Automate existing test schemata and to integrate them into the workflow

Results

The API from QualysGuard leaves the user all freedoms with regard to inclusion in other software solutions
Without requiring onsite installation of software or hardware, the SaaS concept makes it simple to use the solution's scanner in Olympus Europa's various business units
QualysGuard serves as an ideal basis for communication between the specialists responsible for IT security and the business' executives.
The licensing model, which is based on scanned IP addresses, is equitable and readily comprehensible.

Read Case Study

Industry: IT Security Services

Headquarters: Columbus, Ohio

Business: Security assessments and consulting for small to medium-sized businesses and state agencies

Size: Statewide. Five consultants.

"The reporting is so clean with Qualys that I don't need a high-dollar consultant explaining data to the customer. This boosts our margins and makes everyone happy."

CEO and Principal Consultant

Objectives

Required a more reliable up-to-date vulnerability management tool that would free consultants.
Prior software-based solutions were time-consuming and created enormous financial burdens to maintain and use.
Sought an affordable vulnerability management solution.

Results

QualysGuard proved to be the effective, cost-efficient solution.
Jacadis can deliver security to small organizations without on-staff technical expertise.
Jacadis has improved the security services it delivers to its clients and improved the efficiency of its consulting operations.

Read Case Study

Industry: Arts / Not-for-Profit

Headquarters: London, United Kingdom

Business: Produces plays in its three theatres -- the Olivier, Lyttelton, and the Cottesloe - and a programme of platform performances, outdoor events, exhibitions, backstage tours throughout the year.

Employees: 900

"The reporting functionality provides all of the detail that the technical staff needs, as well as comprehensive summaries that we need to send to our bank."

IT security manager at the UK-based National Theatre

Objectives

Streamline the way to secures its infrastructure, and maintain compliance to the rigorous PCI DSS.
Find a vulnerability assessment solution that was more accurate, easier to use, and provide better support for PCI DSS compliance, while also reducing its dependence on outside consultancies.

Results

For the National Theatre, QualysGuard automates the process of vulnerability management and policy compliance across its network, including network discovery, detailed mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking
National Theatre relies on QualysGuard to maintain continuous PCI DSS compliance and uses QualysGuard to complete all of its validation requirements.
Using QualysGuard PCI, National Theatre easily can complete and submit the PCI self-assessment questionnaire online, and perform predefined PCI scans on all relevant systems to identify and resolve network and system vulnerabilities.

Industry: Not-For-Profit

Headquarters: Washington, DC

Business: Leading animal protection non-profit that fights for the protection of animal rights through advocacy, education, legislative, and hands-on programs.

Size The nation's largest animal protection organization with 10+ million members and constituents.

"By turning to QualysGuard PCI, we significantly save on the time and resources we need to dedicate to maintaining PCI Compliance."

Chief Information Officer

Objectives

While the Humane Society had maintained a secure network, it was a costly and time-consuming process to continuously maintain PCI compliance.
Needed a streamlined way to complete the required PCI DSS questionnaires and network vulnerability audits, and validate compliance to its acquiring banks.

Results

QualysGuard PCI helps the Humane Society to automatically validate its PCI DSS compliance.
QualysGuard helps the Humane Society protect its member and contributor information.
The Humane Society is now able to quickly complete PCI DSS 'Self-Assessment Questionnaires' via QualysGuard.
QualysGuard allows the Humane Society to document and submit proof of compliance to acquiring banks.

Read Case Study

Industry: Media

Headquarters: Milwaukee, Wisconsin

Business: Diversified media company that operates 49 community newspapers and shoppers, 35 radio stations, and 12 TV stations in twelve states, plus 96 individual web sites

Employees: 3,500+

"It used to take us a month, or more, from the time a vulnerability was announced to when we knew it was resolved on our systems. Now, thanks to QualysGuard, it's down to hours."

VP of Information Technologies & CIO

Objectives

Move away from slow, manual vulnerability scans, to automated and highly accurate vulnerability assessments.
Automate many IT related compliance efforts through verifiable processes.

Results

Through QualysGuard, Journal Communications is now able to conduct automated vulnerability assessments on internal systems every week, and Internet-facing systems are evaluated daily.
QualysGuard makes it possible for Journal Communications to cost-effectively generate SOX-specific reports that measure, help to align, and document ongoing efforts to safeguard financial systems and data.

Read Case Study

Industry: Gaming and Entertainment

Headquarters: Ledyard, Connecticut

Employees: 12,000+ employees

Business: Operates six casinos that offer more than 7,000 slot machines and 400 gaming tables, 340,000 square feet of gaming space, 1,416 guest rooms and suites; and for conventions and group events, Foxwoods features more than 55,000 square feet of meeting space and 25 conference rooms.

"QualysGuard is our main tool for PCI compliance. It helps to automate many of our tasks associated with PCI, from assessing relevant systems to providing our reports to the banks."

Network Engineer

Objectives

Effectively maintain PCI DSS compliance.
Become less reliant on external consultants.
Move toward more automated vulnerability management processes.

Results

QualysGuard, being an approved PCI scanning vendor, helped to streamline Foxwoods' compliance efforts.
SaaS model increases efficiencies by decreasing management burden.
QualysGuard enables Foxwoods' to conduct vulnerability assessments as needed.
QualysGuard is now an integral part of Foxwoods' change control program:
every time a system is updated or new system added, it's vetted through QualysGuard.
Foxwoods' has integrated QualysGuard's highly-accurate assessment data into its Security Event and Information Management System.

Read Case Study

Industry: Manufacturing

Headquarters: Fairfield, California

Locations: Worldwide

Employees: 670+

"We don't want the hassles of maintaining this type of software. It's pretty much hands-off to get the benefits with QualysGuard. We have not had any successful attacks since we installed QualysGuard."

Network Administrator and Security Specialist

Objectives

As Jelly Belly brought many of its Web operations in-house, the company sought a way to enhance its network security capabilities to protect its e-commerce operations. This required its small IT staff to be able to conduct timely and comprehensive security analysis, scanning and remediation.

Results

QualysGuard provides vulnerability and risk management monitoring for all of its external-facing servers and IT devices including routers, firewall, Web site, and e-mail.
No need to dedicate staff to keep up with new vulnerabilities or update the on demand QualysGuard solution.

Read Case Study

Industry: Manufacturing

Headquarters: Paris, France

Locations: 1,084+ restaurants (France)

Employees: 45,000+ (France)

Annual Revenue: $3.5+ billion (France)

Stock Symbol: MCD (NYSE)

"QualysGuard enables us to automate our internal and external vulnerability audits. We get a concise report of how both insiders and outsiders can view our systems, so we always can know how our systems are in compliance with our internal policies as well as regulations."

Manager of IT Infrastructure

Objectives

McDonald's France, a subsidiary of McDonald's Corp., needed a way to automate its vulnerability assessments to make certain they're in continuous compliance with internal security policies, as well as such regulations as Sarbanes-Oxley and the Payment Card Industry Data Security Standard.
Needed to automate many of the processes associated with vulnerability risk management: system discovery, vulnerability identification, and remediation.

Results

McDonald's France turned to QualysGuard's on demand Web service and appliance to automatically identify and more effectively mitigate system vulnerabilities and misconfigurations.
QualysGuard enables the company to streamline control of its entire vulnerability management life cycle — asset discovery, vulnerability assessment, security fix tracking — and meet federal, state and internal policy regulations.
QualysGuard now plays a vital role in McDonald's France regulatory compliance efforts, helping the company to not only achieve security, but also to demonstrate to auditors how its system patches are always well maintained.

Industry: Retail

Headquarters: Naperville, Illinois

Employees: 33,000+

Revenue: $8+ billion

Information Security Manager, OfficeMax Mexico

Objectives

Improve risk management and IT governance efforts.
Automate vulnerability identification and remediation.
Conduct automated security audits and ensure compliance with internal policies and external regulations, such as PCI DSS.

Results

QualysGuard provides OfficeMax Mexico a proactive way to protect the company's network throughout the entire vulnerability management lifecycle, including asset discovery, asset prioritization, vulnerability assessment, and analysis, remediation, and fix verification.
The improved accuracy of OfficeMax's assessment scans has proven extremely beneficial for the security team.
OfficeMax can generate remediation tickets based on its specific policy rules and track each ticket until successful patch deployment has been verified.
OfficeMax Mexico uses QualysGuard PCI to conduct its PCI DSS assessments to both make sure its systems remain within compliance and to ready its systems for the mandated quarterly PCI DSS assessment and report filing.

Read Case Study

Industry: Agriculture

Headquarters: Zagreb, Croatia

Business: Retail, food production and beverages, agriculture

"We now have a centralized vulnerability platform that is used by different members of the Agrokor Group so they can manage the infrastructure for which they are responsible. This allows us to bring consistency to our vulnerability management program."

Chief Information Security Officer at Agrokor Group

Objectives

Because of Agrokor's growth and rapid expansion through acquisition, sound IT governance and vulnerability management was crucial for continued success and to maintain an adequate level of security.

Results

QualysGuard provides Agrokor a powerful way to protect networks and applications throughout the entire vulnerability management life cycle, including asset discovery, asset prioritization, vulnerability assessment and analysis, remediation, and fix verification.

Read Case Study

Industry: Financial Services

Headquarters: Swindon, United Kingdom

Business: Arval, a subsidiary of BNP Paribas, provides vehicle fleet financing and long-term contract hire

Size 5,500 employees

Locations: 30 countries, primarily throughout Europe

"While Qualys allows us to define our problems more clearly, the solution also enables us to focus our forces on resolving them (via incident and problem management) and anticipate conformity by providing the permanent audit unit with the indicators required in line with new legislation."

Corporate Information Security Officer

Objectives

Streamline manual vulnerability analysis into an automated, seamless process that supports Arval's ITIL best practices and ISO 27001 framework.
Enable Arval's security managers, working with limited resources and tight budgets, and rising regulatory constraints, to more effectively manage IT security and regulatory compliance risks.

Results

QualysGuard provides automated and highly accurate vulnerability identification, while also integrating tightly within Arval's ITIL and ISO 27001 management practices.
QualysGuard continuously assesses the security of Arval's internal, and externally-facing IT systems and has proven to scale along with Arval's rapid business expansion.
QualysGuard provides Arval the ability to better discover and manage all of its networked devices - desktops, servers, routers, and more - to create detailed reports that are used by all levels of administrators and business leaders.
QualysGuard has helped Arval to more proactively monitor and manage its internal auditing and compliance efforts.

Read Case Study

Industry: Services

Business: Arval, a BNP Paribas subsidiary, provides vehicle fleet financing and long-term contract hire

Locations: Multiple in Italy

Employees: 750 employees; 110,000 vehicles managed

"QualysGuard is a completely independent, automated platform. I can schedule regular scans on our internal and external networks. Not only is it very accurate, but it doesn't disrupt our network operations. We've never had any performance issues from running QualysGuard."

Information System Security Officer

Objectives

Migrate vulnerability analysis from manual processes to automated and seamless processes, and maintain regulatory compliance.
With limited resources and tight budgets, Arval's security managers needed to accomplish more by putting an automated, effective vulnerability management program in place.

Results

High-performance, automated vulnerability analyses.
Comprehensive reports that intelligently inform management, operations, and internal auditors.
Qualys' international reach, and the availability and competence of technical support teams.
Discovery and management of all networked assets.
Ease of deployment, implementation, and automated management capabilities.

Read Case Study

Industry: IT Services Provider

Headquarters: Oslo, Norway

Business: Provides a full range of IT and security services to small and mid-sized businesses.

"QualysGuard provides us a way to help prioritize the remediation efforts of our clients, and to make sure they can attain a level of acceptable security quickly."

Security Architect, Cartagena

Objectives

Provide its clients with professional, highly accurate, on-demand vulnerability assessments from a trusted third party so they can keep their systems secure and within regulatory compliance.

Results

Currently, a number of Cartagena's clients subscribe to its QualysGuard security assessment service. Cartagena analyzes the assessments and helps its clients to better manage and reduce their IT risks.

Read Case Study

Industry: Online Services

Headquarters: Leeds, United Kingdom

Business: Online child protection specialist

Locations: UK and USA

"QualysGuard achieved exactly what Qualys said it would. It's helped us to cost effectively and quickly manage our IT vulnerabilities and risks."

General Manager

Objectives

Establish and maintain an effective vulnerability management program to ensure continuous security.
Small IT team needed highly-automated way to find and fix IT related vulnerabilities.

Results

Automated on-demand security and vulnerability audits.
Highly accurate vulnerability and configuration scans.
Easy to deploy, manage, and operate.
Scalable enough to secure global network.
Comprehensive reporting capabilities.

Read Case Study

Industry: Services

Headquarters: Warsaw, Poland

Employees: 35

Business: The most experienced independent payment cards personalization service provider in Poland. Delivering personalized magnetic stripe, smart, contact, and contactless identity and payment cards.

"In the first year that we used it, QualysGuard proved to be very effective in helping us communicate to our auditors that we are PCI DSS compliant."

Security Manager, Elkart

Objectives

Since ELKART provides payment cards personalization services, it must remain compliant with the Payment Card Industry Data Security Standard (PCI DSS). The certified Integrated Management System ELKART implemented requires and mature, systematic approach to the risk and vulnerability management of its IT infrastructure.

Results

QualysGuard, which helps to create the technical and business reports ELKART needs to reduce risk and to prove its compliance with ISO27001 and PCI DSS.

Read Case Study

Industry: Marketing Services

Headquarters: Oldsmar, FL

Employees: 70+

Business: A marketing services firm that provides sophisticated, integrated marketing solutions across multiple channels.

"Qualys just pulls it all together, making it so easy that one doesn't have to be an information security expert to attain PCI compliance. It's easy to use, does network discovery and mapping, and its dashboard provides the information we need."

PCI Compliance Administrator

Objectives

Build and maintain a secure and sustainable IT infrastructure and validate PCI DSS compliance.

Results

QualysGuard, being an approved PCI scanning vendor, helped to streamline Ignite Media's compliance efforts.
SaaS model increases efficiencies but decreasing management burden.
QualysGuard enables Ignite Media the flexibility to conduct vulnerability assessments as needed.

Read Case Study

Industry: IT Security Services

Headquarters: Jericho, New York

Business: Risk management assurance and advisory services

Locations: Throughout US

"I couldn't compete with the larger IT consulting firms without QualysGuard."

Founder and Principal

Objectives

Find an easy-to-use and accurate way to manage vulnerabilities for the firm's financial services customers.
Prior software-based solutions were-time consuming and created enormous financial burdens to maintain and use.
Sought an affordable vulnerability management solution.

Results

QualysGuard enables Joel Lanz to provide clients highly accurate and thorough security assessments.
Ease of identifying client network assets and vulnerabilities through Qualys' on demand architecture.
Cost-effective.
Comprehensive and customizable reporting features.

Read Case Study

Industry: Food and Management Services

Headquarters: France

Business: A world leader in Food and Facilities Management services

Locations: Worldwide

Employees: 342,000+ employees in 80+ countries

Annual Revenue: € 13.4 billon (2007)

"Five years on, we are still using the same solution but on a much broader geographic and functional scope. Herein lies the strength of the Software as a Service model : continuous and transparent integration of the evolution of our specific needs and those of the market in general."

Chief Information Security Officer

Objectives

Gain greater insight into network topology, system configurations, and level of overall security.
Attain a centralized vulnerability management program, with proactive autonomy throughout various subsidiaries.

Results

QualysGuard made it possible for Sodexo to attain consistent levels of security throughout the enterprise, while also preserving its decentralized management hierarchy.
Effective, accurate, on-demand vulnerability management that's easy to use and requires no infrastructure to deploy.
Independent audits with reliable, comprehensive, and easy to use interface.
Reporting provides both security and business managers with security information tailored to their specific needs and job functions.

Read Case Study

Industry: Technology

Headquarters: Waltham, MA

Business: Blueport Commerce provides trusted, managed e-commerce technology and services to retail chains around the nation representing 2,000+ stores that represent $8+ billion in sales.

"At Blueport Commerce, we always seek the highest quality technology partners, selecting only the best companies in their respective areas of expertise. For vulnerability management, the search was not long: it always came down to Qualys."

Chief Operating Officer

Objectives

Blueport Commerce must remain compliant with PCI DSS, and its customers need assurance that its systems operate to the highest security and compliance standards.

Results

QualysGuard's on-demand delivery means Blueport Commerce IT teams can focus on PCI DSS compliance and the vulnerability management life cycle, including asset discovery, asset prioritization, vulnerability assessment and analysis, remediation and fix verification.

Read Case Study

Industry: Technology

Headquarters: San Francisco, CA

Employees: 60+

Business: On-demand web content management

"Qualys is the most accurate [vulnerability assessment solution] we've used, and the SaaS solution makes it easy and transparent because we don't have to maintain the server or the software, or manage the updates."

VP of Technical Operations

Objectives

Streamline vulnerability and IT risk management.
Substantiate the company's security posture to clients and prospective clients.

Results

QualysGuard provided Clickability with an automated, on-demand way to conduct its security and vulnerability audits.
SaaS model increases efficiencies but decreasing management burden.
Clients, already aware of Qualys' excellent reputation, are reassured to learn that Clickability relies on QualysGuard to audit the security posture of its IT and WCM systems.

Read Case Study

Industry: Technology

Headquarters: San Jose, California

Locations: Worldwide

Major Brands eBay, Skype, PayPal, Shopping.com, Rent.com

Employees: 13,000+

Annual Revenue: $5.9+ billion

Stock Symbol: EBAY (NASD)

"QualysGuard has made the job of auditing our network much easier. We used to have to dig through results and do a lot of manual analysis to get meaningful reports, and those were inconsistent. Qualys takes care of that nightmare."

Senior Manager, Information Security

Objectives

Reliable identification of network vulnerabilities across global network.
A practical way to audit the network security of business partners and to help those partners quickly remediate vulnerabilities and eliminate risks.
Rollout an automated solution that would find the most recent vulnerabilities without requiring constant and time-consuming staff research.
Provide senior management the ability to audit and review security posture at any time.

Results

After a careful market evaluation, eBay selected QualysGuard Enterprise for both perimeter scanning and the auditing of vulnerabilities on network segments within the corporate firewall, and on partner networks.
eBay now has a default vulnerability management standard to evaluate security throughout both eBay's network and partner networks.
Simplified reporting gives senior executives a concise, real-time view into the company's security risks. QualysGuard facilitates measuring the change in those risks as security measures are implemented.

Read Case Study

Industry: Technology

Headquarters: Redwood City, California

Business: Enterprise software and services, including Oracle Database and Grid, Middleware, On Demand services, and enterprise applications

Employees: 56,000+

Annual Revenue: $14.3+ billion

Stock Symbol: ORCL (NASD)

"QualysGuard's easy-to-use and intuitive web interface, and granular access controls combined with Qualys' no cost training, enabled Oracle GIT Security to extend the vulnerability assessments, as a self-service, to other security organizations within the company. It allows us to accelerate rollout of the scans, improved security awareness without increasing headcount, or risk to the assets and data."

Senior Manager, Oracle's GIT Security Engineering Team

Objectives

Put into place a vulnerability management solution that would scale to meet its global operations.
Find most accurate and secure way to identify and fix IT vulnerabilities.
The vulnerability management solution must provide a highly secure way to store Oracle's vulnerability information to meet its internal security policy and customer security and confidentiality agreements.

Results

QualysGuard Enterprise provides a solution that would scale to meet Oracle's global operations, and provide the automated, on-demand security and vulnerability audits the company sought.
Accurate vulnerability and configuration scans, according to Oracle's in-house testing.
QualysGuard@Customer scales to millions of scans per month, and provides Oracle assurance that vulnerability information remains confidential.
QualysGuard's PCI DSS capabilities mean that Oracle can conduct compliance scans for its internal hosting operations.

Read Case Study

Industry: Technology

Locations: United States and Puerto Rico

Business: Paylocity provides web-based payroll, HR and time and attendance solutions across the U.S.

"QualysGuard saves us a significant amount of time, especially when you consider the amount of effort it takes to manually identify vulnerabilities and research the potential impact of vulnerabilities on your system. It's just tremendous."

Director of Information Technology

Objectives

To make certain its rapidly growing applications and dynamic infrastructure remains resilient to failure and resistant to breaches.

Results

QualysGuard helped Paylocity to streamline its vulnerability and IT risk management processes. Today, IT managers can focus on more strategic things as a result of QualysGuard saving so much time by accurately identifying vulnerabilities, and providing actionable fix information.

Read Case Study

Industry: Technology

Headquarters: Bozeman, Montana

Employees: 1,100

Annual Revenue: $185.5 million

"Our major concerns included the ability to track vulnerabilities historically in our environment, and to have a reliable reporting mechanism. Those are two key points Qualys has solved for us."

Chief Information Security Officer

Objectives

RightNow's customers (many in highly regulated industries) were increasingly asking vendors to prove their IT security due diligence.
Automated, accurate, process-oriented detection of security risks for its 2,700 host systems and networked devices.
Detailed vulnerability and risk management reporting.

Results

QualysGuard VM provided the complete 360-degree cycle of discovery, remediation, tracking, and reporting - all in a single service.
Comprehensive reports deliver quantifiable proof of security levels and effectiveness of risk-reduction program.
QualysGuard PCI Compliance ensures implementations meet compliance.

Read Case Study

Industry: Technology

Headquarters: Cary, North Carolina

Business: Leader in business intelligence and analytics software helps companies in every industry transform their data into predictive insights about company performance, customers, markets, risks and more.

Locations: Worldwide

Employees: 10,000+

Annual Revenue: $1.9+ billion

"The quality of our vulnerability reports is just phenomenal now. QualysGuard, through its well documented API, gives us the ability to include anything we need in our reports. There hasn't been a report that we wanted to build that we couldn't easily create."

Network Security Engineer, Systems and Information Security

Objectives

To fully automate and simplify its vulnerability management processes for its global Internet-facing operations.
SAS' previous vulnerability scanner failed to provide the level of accuracy and reporting capabilities the company sought.
Network audits were very time-consuming, with security managers having to manually research the false positives and correlate the real risk of vulnerabilities.

Results

QualysGuard helped SAS to centrally manage the risks associated with all of their network assets, and quickly identify those that could be at risk.
QualysGuard enables IT assets to be custom tagged for enhanced classification levels - simplifying the management of networked devices, grouping them by specific business units so actionable reports can be generated.
Automated approach to vulnerability management has increased SAS' security team's ability to understand its risk posture and reduced costs by eliminating the need for outside consulting audits.

Read Case Study

Industry: Technology

Headquarters: Santa Clara, California

Locations: Worldwide

Employees: 2,500+

Annual Revenue: $380 million

Stock Symbol: WEBX (NASD)

"We don't ever have to spend time keeping the Qualys appliance ready and online. It's just stable, reliable, and always there. QualysGuard is a very good example of a product that we've been able to deploy and rely upon, and not have to worry about being its architects."

Manager of Security Engineering and Operations

Objectives

Maintain an effective vulnerability management program to ensure continuous security and maintain various third-party security certifications and audit reports, including WebTrust and SAS-70.
Replace manual process using vulnerability scanners due to lack of reliability and flexibility required for WebEx's IT risk management program.

Results

WebEx selected QualysGuard's on-demand Web service and internal scanners to automatically identify and more effectively mitigate vulnerabilities.
QualysGuard delivers comprehensive reports for various executive and technical groups within WebEx for ongoing security measurement.
WebEx has reduced network security risks and improved its overall vulnerability management process.

Read Case Study

Industry: Telecom

Headquarters: Ukraine

Annual Revenue: $339+ million (2010)

Business: Third largest Ukrainian mobile telephone network operator.

Employees: around 1,100 people

"Though QualysGuard, we now have a centrally managed vulnerability management program."

Manager of Information Security Management Unit

Objectives

Required a more reliable, up-to-date vulnerability management tool that would free consultants.
Prior software-based solutions were time-consuming and created enormous financial burdens to maintain and use.
Sought an affordable vulnerability management solution.

Results

Ability to manage system vulnerabilities and reduce risk more cost effectively.
QualysGuard provides Astelit with the detailed network discovery and mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking.
Insightful, easy-to-grasp reports for both business and technical managers

Read Case Study

Industry: Telecom

Headquarters: United Arab Emirates

Locations: throughout sixteen markets in the Middle East, Africa, and Asia

Annual Revenue: $6+ billion (2007)

Business: Etisalat provides an array of communication services from phone to mobile, broadband, and cable television to specialized e-Government offerings, traditional e-mail, hosting, and domain name system (DNS) management services.

"We had a strong need to make sure our services and security were enhanced for the integrity and availability of all of our services. We believe QualysGuard is a service that provides the ability to quickly assess and maintain our security posture."

Manager of Security Performance, Security Operations and Maintenance

Objectives

Build an automated risk management program that could scale with Etisalat's rapid growth.
Tight IT security team needed more security insight and manageability than could be provided by open source tools.

Results

Automated on-demand security and vulnerability audits
Ability to manage vulnerability management process for multiple IT operations teams
Group IT assets according to business value
Highly accurate vulnerability and configuration scans
Easy to deploy, manage, and operate
Scalable enough to secure international network
Comprehensive reporting capabilities

Read Case Study

Industry: Telecom

Headquarters: International

Annual Revenue: part of the $62.5 billion Tata Group

Business: Telecommunication Services

Employees: 5,825

"QualysGuard just works. Once we've shipped and configured a QualysGuard appliance, there's nothing else our customers have to do. We don't think there is another prospective partner out there that could enable us to do what we want the way Qualys does."

Director of Managed Security Services

Objectives

Required a more reliable, up-to-date vulnerability management tool that would free consultants.
Prior software-based solutions were time-consuming and created enormous financial burdens to maintain and use.
Sought an affordable vulnerability management solution.

Results

QualysGuard VM saved Tata Communication engineers and customers time by avoiding false-positives.
Comprehensive, insightful reports are delivered to specific customer internal teams based on business role and objectives.
QualysGuard VM provides a streamlined way to identify and mitigate infrastructure vulnerabilities.
Qualys' network infrastructure scans do not disrupt the critical systems of customers.

Read Case Study

Industry: Transportation

Headquarters: Prague, Czech Republic

Business: This airline serves roughly 70 cities in 40 countries throughout Europe, North Africa, the Middle East, North America, and Asia.

"QualysGuard provides rapid, comprehensible, and consistent reporting concerning our vulnerability trends. QualysGuard's accurate assessment data enables us to quickly assess the effectiveness of our vulnerability remediation processes."

Security & Technical Architect

Objectives

Maintain a vulnerability management program that not only helped the airline keep its PCI DSS compliance, but also mitigate risk across its IT infrastructure.

Results

Today, as a result of QualysGuard deployment, the company is able to conduct automated scans of its external Web-facing network, part of its internal network, and all of the PCI DSS governed systems.

Read Case Study

Industry: Transportation

Headquarters: Denver, Colorado

Business: Affordable-fare airline

Locations: Frontier is the second-largest carrier in Denver, operates about 280 flights per day, and services 58 cities throughout North America, including Canada and Mexico.

Annual Revenue: $1.2+ billion (2006)

Employees: 5,600+

"QualysGuard PCI works smoothly. We didn't realize that it was possible for us to scan and assess ourselves for compliance, but that's exactly what we do with QualysGuard PCI. It's helped us to be even more efficient with our security program."

IT Security Manager

Objectives

To meet PCI DSS compliance, Frontier had turned to the expertise of a security solutions provider and Qualified Security Assessor (QSA). But Frontier wanted the flexibility to conduct a scan whenever needed. Business technology and networks change quickly, and whenever Frontier wanted to evaluate a server or application that changed, it would have to call the QSA, schedule a scan and pay an additional fee for each evaluated IP address.
Frontier needed a way to streamline how it attains and manages its compliance to the PCI Data Security Standard for its Web site.

Results

QualysGuard PCI, delivered as an on-demand Web service required no software or infrastructure for Frontier to deploy and manage.
QualysGuard PCI streamlined the compliance operations for Frontier, and enabled the company to move all of its PCI compliance efforts in-house, save time and free much of its security budget for more strategic investments.

QualysGuard Trials

Free Tools

Success - On Time, On Budget, On Demand

Consulting / Services

Education

Financial Services

Government

Healthcare

Insurance

Manufacturing

Managed Service Providers / Consultants

Not-for-Profit

Publishing / Media

Retail

Technology

Telecom

Transportation

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives

Results

Objectives