On Demand, Easy-to-Use, Cost Effective PCI Compliance
The Payment Card Industry Data Security Standard , known as PCI DSS, provides organizations the guidance they need to ensure that credit cardholder information is kept secure from possible security breaches.
QualysGuard PCI provides businesses, online merchants and Member Service Providers the easiest, most cost-effective and highly-automated way to achieve PCI DSS compliance. QualysGuard PCI draws upon the same highly accurate scanning infrastructure and technology as Qualys' flagship solution, QualysGuard - used by thousands of organizations around the world to protect their networks from the security vulnerabilities that make attacks against networks possible. Qualys is an Approved Scanning Vendor (ASV), and is fully certified to assess PCI DSS compliance.
Delivered as an on demand Web application, QualysGuard PCI is the most accurate, easiest to use tool for turnkey PCI compliance testing, reporting and submission. QualysGuard PCI enables merchants and Member Service Providers to promptly complete the PCI self-assessment questionnaire, and conduct network security scans to efficiently identify and eliminate security vulnerabilities. The QualysGuard PCI "auto submission" feature completes the compliance process, allowing users to submit compliance status to one or multiple acquiring banks.
QualysGuard PCI is well-suited for any organization that must achieve PCI compliance, and is ideal for small and mid-sized businesses, consultants and other organizations that must:
- Protect cardholder information and keep networks secure from attacks
- Complete an annual PCI DSS "Self-Assessment Questionnaire"
- Pass a network security scan every 90 days by an approved scanning vendor
- Document and submit proof of compliance to acquiring banks
Core Features
Achieve PCI Compliant Status and Secure Your Network
Through QualysGuard PCI, achieving PCI compliance status becomes a streamlined process that also provides the assurance that your network is highly secure. Qualys is an approved scanning vendor, fully certified to assess PCI DSS compliance.
Conveniently Complete the PCI "Self-Assessment Questionnaire" Online
QualysGuard PCI makes it easy to answer and automatically submit the 12-section PCI Self-Assessment Questionnaire through an online form.
Quickly Eliminate Security Threats with Highly Detailed Remediation Instructions
QualysGuard PCI provides reports with a detailed description for every vulnerability it detects, including:
- An overview of the security threat
- Consequences to your infrastructure if the vulnerability is exploited
- Verified solution to fix the vulnerability, including links to appropriate patches
Auto-Submit Compliance Status Directly to Acquiring Bank
With QualysGuard PCI, you can decide whether to submit PCI compliance status directly to your acquiring banks though the auto-submission feature or through downloadable reports.
Unique Benefits
Easy-to-use, 3 Step Tool
With no installation or associated overhead, QualysGuard PCI enables merchants to attain compliance as quickly as possible. Using QualysGuard PCI's easy-to-use 3 step guided process, merchants and service providers find that in most cases they can secure their networks and reach compliance without costly outside assistance.
Turnkey Deployment Requires No Software to Deploy or Maintain
As an on demand solution, QualysGuard PCI doesn't require any software be deployed or maintained. Setup is completed within minutes through a secure Web connection from any browser. It's that simple.
Extremely Accurate Results You Can Trust
Through its Six Sigma program, Qualys is continuously improving the quality of its on demand solutions. Since QualysGuard PCI is delivered as a Web service, our engineering team continuously updates and enhances the accuracy of the service and vulnerability signatures, without requiring any software upgrades or manual updates. This dedication to accuracy and quality means that you won't be wasting time chasing false-positives, a common problem with software-based vulnerability scanners.
Cost Efficient On Demand Solution
Since there is no infrastructure to deploy or software to configure, QualysGuard PCI eliminates the capital expenditures and labor costs associated with traditional software-based solutions. With QualysGuard PCI there are no hidden costs.
Compliance with Section 11.2 of PCI DSS
The QualysGuard Express/PCI package allows achieving compliance with section 11.2 of PCI DSS. It provides the capability to run both internal and external network vulnerability scans regularly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).
Customer Service 24 Hours a Day, Every Day
Our dedicated staff of Security Engineers specializes in network security to assist customers quickly and effectively—24 hours a day, seven days a week by telephone, e-mail or the Web, so that your questions are answered quickly.
How It Works
As an on demand solution with no installation or associated overhead, QualysGuard PCI enables merchants and service providers to attain compliance as quickly as possible. Through a user friendly and guided interface, QualysGuard PCI helps you meet all PCI validation actions in 3 easy to follow steps:
1) Complete Self-Assessment Questionnaire Online
PCI DSS requires businesses to complete a PCI Self-Assessment Questionnaire every 12 months. The QualysGuard PCI online questionnaire is organized in 12 sections based on the requirements outlined in PCI DSS. QualysGuard PCI makes it quick and painless to fill out and auto submit the questionnaire to acquiring banks.
2) Run a Network Security Scan
PCI DSS also requires businesses to perform a network security scan every 90 days on all Internet facing networks and systems. To achieve compliance, businesses must identify and remediate all critical vulnerabilities detected during the scan. QualysGuard PCI automates and greatly simplifies this daunting process by providing easy to use reporting and identification of vulnerabilities that will cause you to fail PCI DSS. QualysGuard PCI draws upon the same highly accurate scanning infrastructure and technology as Qualys' flagship solution, QualysGuard. For each vulnerability discovered, QualysGuard PCI provides detailed instructions with links to verified patches, so that you can quickly eliminate each vulnerability.
3) Submit Compliance Report to Acquiring Bank
Once you have met the validation actions in step 1 and 2, the QualysGuard PCI "auto-submission" feature completes the compliance process, allowing users to submit compliance status directly to their acquiring banks. Entering your bank and merchant IDs in your "Account Info" activates the auto-submission feature. You can also download PCI compliance reports in PDF to submit to your acquiring bank(s) or use to assist in remediation efforts.
Ensuring PCI Success
The QualysGuard PCI web application walks you thru the PCI compliance process with its easy to follow 3 step approach, step by step instructions and compliance tips. Our user-friendly interface, coupled with online help and 24x7x365 email/telephone support ensures success in understanding and achieving PCI compliance.
The SaaS Advantage
The concept is simple and attractive: Customers pay simply for using software, as opposed to owning the software itself. In other words, rather than buying a software license for an application and installing the software on individual machines, a business subscribes (via a monthly or yearly fee) to use the application hosted by the company that develops and sells the software.
Software as a Service (Saas) gives the buyer more flexibility to switch vendors and puts a stop to the continuous cycle of buying a software license, paying for a maintenance contract, and then having to go through time-consuming and expensive upgrades. SaaS eliminates these headaches, and enables businesses to achieve a lower and predictable total cost of ownership. Furthermore, since there are no capital expenditures, extra human resources or infrastructure (hardware and software) to deploy and manage, a SaaS solution is highly scalable, easily deployed, fully distributed and can be used anytime, anywhere on demand.
Another unique advantage to the SaaS model is that updates to the solution, including patches and vulnerability updates, are made in real time for all customers. As a result of these continuous improvements, QualysGuard scans are highly accurate and bugs are generally fixed within 48 hours.
As an added benefit to customers, SaaS solutions are especially secure and tamper proof, since support for operating and maintaining the solution falls squarely on the SaaS vendor. For example, Qualys encrypts all of its in-transit and in-storage data, and undergoes constant third-party security audits following standards such as the SAS70 Type II.
The bottom line, more and more organizations are making the shift to SaaS for one simple reason: it works and is cost effective.
Pricing
Annual Subscription — Pricing is based on the number of IP addresses.
Pricing Includes:
- Unlimited questionnaires
- Unlimited perimeter scans
- Unlimited user accounts
- 24x7x365 email/telephone customer & technical support
- Weekly, Web-based customer training & regional certification workshops
- Free attendance to all Qualys user conferences and seminars
Contact sales for an immediate price quote.
Customers & Awards
Performing over 150 million IP audits per year, QualysGuard is the widest deployed security on demand solution in the world. Qualys is utilized by thousands of large and small organizations around the world.
QualysGuard is overwhelmingly recognized as the leader in its space. QualysGuard has won awards ranging from Best Vulnerability Management Solution, Best Security Product, Best Security Company, Best Network Protection Service and much more.
