Top 10 Questions From Prospective Partners
- What is QualysGuard?
- Why scan for vulnerabilities?
- What makes Qualys different from its competitors?
- Why should I partner with Qualys?
- What does Qualys look for in a partner?
- What support does Qualys provide to its Partners?
- How secure is the QualysGuard solution?
- What training is required to become an effective partner?
- What are good prospects for a QualysGuard solution?
- How do I apply/get started?
What is QualysGuard?
QualysGuard provides on-demand vulnerability assessment and management through a Web services platform. QualysGuard offers:
- Device identification
- Vulnerability detection
- Remediation advice and workflow
- Security policy enforcement
- Fix verification
QualysGuard enables users to measure their vulnerability status and enforce corporate remediation standards in order to comply with corporate and government data security policies.
Why scan for vulnerabilities?
There are many reasons to perform regular vulnerability assessments, including:
- Prevent business loss — System downtime, lost revenue, cleanup costs, and loss of trade secrets due to network compromises cost businesses millions each year. Hacks cost an average of $53,000 each for response, investigation, recovery, and prosecution, not including the potentially immeasurable business cost of lost proprietary or confidential data.
- Everyone is a target for attack — Today, everyone with an Internet connection is a potential target for attack. A 2002 CIA/FBI survey showed that 90% of respondents had detected security breaches within the last 12 months. Even if your network does not hold any data that an attacker would want, it can still serve as a launching pad for attacks on others. Automated attack tools - such as worms like Blaster - simply look for vulnerable hosts, without consideration of who owns them. Unauthorized wireless access points are now becoming commonplace, providing an additional attraction to potential hackers.
- Perimeter Defenses are no longer sufficient — Recent worms such as SQL Slammer and Blaster use covert channels to target internal networks, proving that traditional perimeter defense mechanisms alone (such as IDS, Anti Virus, and Firewalls) cannot provide adequate protection from the latest generation of attacks.
- Regulatory compliance — Privacy regulations such as Gramm-Leach-Bliley Act (GLBA), HIPAA, SB1386 and Sarbanes-Oxley carry requirements for protecting the privacy and confidentiality of patient, customer and financial data, with legal and monetary penalties for failures to comply. Today, almost all companies doing business over the Internet- directly or through partners are subject to some form of compliance regulation.
- Business and Trading Partner security — Companies with extranets that support partnerships, supply-chain management, and other business processes need to be sure that their partners' networks have been secure, and that their own network does not threaten their partners' data security.
What makes Qualys different from its competitors?
Qualys is solely and exclusively focused on building the best vulnerability management solution available. As the market leading Web service for vulnerability management, we focus our resources on innovation, quality assurance and customer support for the following competitive advantages.
- Accuracy — Third party analysis demonstrated that QualysGuard maintains the most comprehensive list of critical security vulnerabilities (nearly twice that of our nearest competitor). More important than shear number is Qualys' accuracy. Unlike open source solutions, Qualys continually checks the accuracy of all reported vulnerabilities, patches and fixes. Through continuous improvement and monitoring, Qualys has virtually eliminated false positive and false negatives, making Qualys the solution you and your customers can rely on.
- Always Up to Date — Since all scanning accesses the latest QualysGuard vulnerability database, customers are protected from the latest vulnerabilities. Qualys updates its databases three times a day, and automatically checks that remedies and links remain valid.
- Distributed Scanning With Centralized Reports — Global scanning infrastructure inside and outside the firewall.
- Lowest Cost of Ownership — There are no hidden costs for hardware, supporting software or labor to install or maintain QualysGuard over time. These costs tend to be $3-5 per $1 of software for other solutions. QualysGuard automatically consolidates data into professional reports, a difficult and time consuming activity for standalone solutions. Finally, industry-leading accuracy means that users do not need to waste time investigating false positives, one of the biggest hidden costs of vulnerability scanning.
- Performance — Because Qualys accurately identifies types of devices, operating systems, versions and available ports, our inference-based scanning engine is able to very efficiently scan for applicable vulnerabilities, making QualysGuard among the fastest scanners available. Our hosted scanning service automatically distributes scanning workload among multiple servers worldwide to provide an unmatched scalability for large, multi-location scans.
- Easy to Implement/Maintain — A Web service uses the Internet as its infrastructure, and can therefore be deployed in minutes anywhere. Updates and maintenance occur automatically. Training on Qualys is minimal. In just a few hours, a professional can become proficient at using and applying the full suite of QualysGuard capabilities. All of this allows an organization to focus IT and security resources on supporting its core business, not on managing their vulnerability assessment solution.
Why should I partner with Qualys?
There are many reasons to partner with Qualys, depending upon the type of business you are in.
- Resellers are able to provide a high-value, in-demand service to address their customers increasing data security and regulatory compliance concerns. The recent flurry of high-profile network attacks, along with a growing number of broad security compliance regulations have made security management a top of mind, board level issue for small and large enterprises.
- Consultants are able to dramatically reduce their engagement costs for one-time and ongoing security services, while providing superior results and a third-party service to document results over time.
- MSSPs and outsourcers can offer a differentiated managed vulnerability scanning service with minimal investment. Through correlation of QualysGuard results with other managed services, MSSPs can dramatically reduce the cost of dealing with irrelevant alerts or "false positives". Finally, Qualys offers an indelible, independent third-party audit mechanism to validate SLAs and meet regulatory audit requirements.
What does Qualys look for in a partner?
While accurate vulnerability management is critical to protecting information security, we recognize that it is only one piece of a comprehensive security program. Qualys seeks partners who:
- Provide a variety of high-value, complementary security and regulatory compliance consulting, services and solutions,
- Serve specific industries or associations facing common security challenges and/or
- Provide local market and regional security expertise throughout the globe.
Having built a strong brand and reputation for quality and integrity, Qualys seeks partners who will invest time in training and development to provide a valuable, accurate and ethical representation of Qualys' security services to our mutual customers.
What support does Qualys provide to its Partners?
Qualys provides a variety of tools to make our partners successful. These include:
- Listing on Qualys partner Web site
- Co-branded FreeScan automated trial and referral system
- Co-branded service offering
- Generous referral and revenue-sharing programs
- Online sales and marketing resource kit
- Access to sales and technical training
- Access to QualysGuard back office
- Preferred technical support via phone and email
In addition, Qualys provides marketing, telesales and field sales support to help our partners in the education and sales process.
Finally, as a hosted service, Qualys provides a turnkey solution for your customers, including technical support, allowing our partners to focus on their core business.
How secure is the QualysGuard solution?
A central feature of QualysGuard service is secure storage of centralized vulnerability data. By maintaining encrypted scan results in a secure data vault, accessible only by the account owner or designee, Qualys is able to provide the highest level of data protection for our clients, an indelible audit trail of data access, and the ability to create consolidated and historical trend reports that are simply not possible with traditional software VA scanners.
Software solutions that leave sensitive scan results on a corporate network, standalone PC or laptop leave a company vulnerable to having these machines compromised by the very vulnerabilities and attacks they are trying to prevent! In addition, this data may be taken offsite, lost, accessed, used or misused without ever leaving a history or audit trail.
The QualysGuard Web service is designed around secure standards designed to protect again these problems.
- Strong-encrypted (Blowfish) vulnerability data - only the customer has the key to decrypt their data. Even Qualys cannot access this data.
- All communication via HTTPS (SSLv3)
- Qualys security procedures are also subject to at least an annual SSAE 16 or industry standard alternative audit by an internationally-recognized accounting firm. Another third party security firm found the security of Qualys' solution and data vault to be "exceptional," with no additional security actions needed.
- High availability, redundant and audited data centers with physical and biometric restricted access.
- Indelible audit trail showing all scanning and reporting history for distributed, global networks. Secure multi-user authorization and authentication built in to service.
- Secure scanning appliance for inside the firewall: Our secure intranet scanner is built around a hardened Linux kernel. There are no listening services or open ports. All communication to the Qualys system is through a secure SSL connection, initiated by the appliance, requiring no changes to firewall policy.
These security features cannot be replicated in software solutions. This is why thousands of customers, including government, financial institutions and health care providers, trust their data and security to Qualys.
What training is required to become an effective partner?
Partner training is a key component and requirement of Qualys partner program. Qualys typically provides on-site training at Qualys for a limited number of key partner employees.
Large partner organizations are typically trained via a 2-3 hour Webinar. At the end of this Webinar, practitioners are able to competently demonstrate and use the QualysGuard solution. In addition, they will be prepared to discuss key security drivers and concerns, present QualysGuard advantages and business case, and address common issues and objections. A short test will be made available shortly to help "certify" representatives to represent and refer Qualys to your customers.
Qualys conducts regular Webinars on special topics of interest to partners, including industry trends and new product developments. Qualys also provides a wide variety of on-line training and marketing resources to help keep our partners up to date on the latest information about Qualys and security.
What are good prospects for a QualysGuard solution?
Any organization or enterprise that has a concern for data protection and privacy can benefit from the QualysGuard solution. Vertical markets with either subject to information security regulations (e.g., financial institutions, retail and on-line merchants, health care, government, pharmaceutical organizations) and/or network and data intensive groups (e.g., high-technology manufacturing, state universities, entertainment, and transportation) are frequent purchasers of Qualys. These organizations may have a Chief Security Officer, or similar high-level individual assigned to manage corporate security. However, recent security legislation and highly publicized attacks have brought in interest from enterprises in all industries.
Organizations that have an existing open source or software vulnerability scanning solution are ideal candidates, as they understand the value of scanning and have experienced firsthand the challenges, limitations and costs of working with other solutions.
How do I apply/get started?
To begin the partner application process, please fill out the following form. Become a Partner. This will allow us to learn more about your company and provide the best possible support to you. Qualys will review your application promptly and contact you shortly with additional details.
Together, we will make sure that there is a good fit between our organizations, and identify next steps, including any necessary non-disclosure agreements, to move forward.