Cloud Platform
Contact us

Vulnerability Management.

Continuously detect and protect against attacks, anytime, anywhere.

2017 Global Vulnerability Management Market Leadership Award

Qualys continues to lead the market with new network coverage and security solutions that leverage its cloud-based platform for scalability, automation, and ease of use.

Fully cloud-based, Qualys VM provides global visiblity into where your IT assets are vulnerable and how to protect them.


Agent-based detection

In addition to our scanners, VM also works with the groundbreaking Qualys Cloud Agents, extending its network coverage to assets that can’t be scanned. The lightweight, all-purpose, self-updating agents reside on the assets they monitor— no scan windows, credentials, or firewall changes needed. Vulnerabilities are found faster, and network impact is minimal.

Constant monitoring and alerts

When VM is paired with Continuous Monitoring (CM), InfoSec teams are proactively alerted about potential threats so problems can be tackled before turning into breaches. You can tailor alerts and be notified about general changes or specific circumstances. CM gives you a hacker’s-eye view of your perimeter, acting as your cloud sentinel.

Comprehensive coverage and visibility

Qualys VM continuously scans and identifies vulnerabilities with Six Sigma (99.99966%) accuracy, protecting your IT assets on premises, in the cloud and mobile endpoints. Its executive dashboard displays an overview of your security posture and access to remediation details. VM generates custom, role-based reports for multiple stakeholders, including automatic security documentation for compliance auditors.

VM for the perimeter-less world

As enterprises adopt cloud computing, mobility, and other disruptive technologies for digital transformation, Qualys VM offers next-generation vulnerability management for these hybrid IT environments whose traditional boundaries have been blurred. With its fast deployment, low TCO, unparalleled accuracy, robust scalability, and extensibility, Qualys VM is relied upon by thousands of organizations throughout the world.

Discover forgotten devices and organize your host assets

With Qualys, you can quickly determine what’s actually running in the different parts of your network—from your perimeter and corporate network to virtualized machines and cloud services such as Amazon EC2. Uncover unexpected access points, web servers and other devices that can leave your network open to attack.

  • Visually map your network with our graphical host map

  • Prioritize your remediation by assigning a business impact to each asset

  • Identify which OS, ports, services and certificates are on each device on your network

  • Organize hosts to match the structure of your business—e.g., by location, region, and company department

  • Control which hosts can be scanned by which users

  • Continuously monitor your perimeter for unexpected changes with our optional Continuous Monitoring service

  • Dynamically tag assets to automatically categorize hosts by attributes like network address, open ports, OS, software installed, and vulnerabilities found

Scan for vulnerabilities everywhere, accurately and efficiently

Scan systems anywhere from the same console: your perimeter, your internal network, and cloud environments (such as Amazon EC2). Since Qualys separates scanning from reporting, you can scan deeply and then create custom reports showing each audience just the level of detail it needs to see.

  • Select target hosts by IP address, asset group or asset tag

  • Scan manually, on a schedule, or continuously

  • Scan behind your firewall securely with Scanner Appliances, remotely managed by Qualys 24/7/365

  • Scan complex internal networks, even with overlapping private IP address spaces

  • Securely use authentication credentials to log in to each host, database or web server

  • Scan in Amazon EC2 without filling out request forms—Qualys is pre-approved

  • Save time with our Six Sigma accuracy rate—no more chasing after false positives

  • Store configuration information offsite with secure audit trails

Identify and prioritize risks

Using Qualys, you can identify the highest business risks using trend analysis, Zero-Day and Patch impact predictions.

  • Track vulnerabilities over time: as they appear, are fixed, or reappear

  • Monitor certificates deployed throughout your network—see what’s about to expire, which hosts they are used on, what their key size is, and whether or not they are associated with any vulnerabilities

  • Put critical issues into context with the Qualys’ industry-leading, constantly updated KnowledgeBase

  • See which hosts need updates after Patch Tuesday every month

  • Examine your network’s vulnerabilities over time, at different levels of detail, instead of just single snapshots

  • Predict which hosts are at risk for Zero-Day Attacks with the optional Qualys Zero-Day Risk Analyzer

Remediate vulnerabilities

Qualys tracks the disposition of each vulnerability on each host over time. This helps you document the actions taken in response to each vulnerability and monitor the effectiveness of your remediation efforts.

  • Automatically generate and assign remediation tickets whenever vulnerabilities are found

  • Get consolidated reports of which hosts need which patches

  • Integrate with third-party IT ticketing systems

  • Manage exceptions when a vulnerability might be riskier to fix than to leave alone

  • Exceptions can be set to automatically expire after a period of time for later review

Custom reports anytime, anywhere — without rescanning

Qualys’ ability to track vulnerability data across hosts and time lets you use reports interactively to better understand the security of your network. Use a library of built-in reports, change what’s shown or choose different sets of assets — all without having to rescan. Reports can be generated on demand or scheduled automatically and then shared with the appropriate recipients online, in PDF or CSV.

  • Create different reports for different audiences—from scorecards for executives, to detailed drill-downs for IT teams

  • Document that policies are followed & lapses get fixed

  • Provide context & insight about each vulnerability, including trends, predictions, and potential solutions

  • Track ongoing progress against vulnerability management objectives

  • Share up-to-the-minute data with GRC systems & other enterprise applications via XML-based APIs

Better vulnerability visibility with highly customizable dashboards

Qualys VM’s dashboard has been improved by making it more customizable as part of our overall efforts to add more flexibility to the platform. With the new VM dashboard, you can:

  • Conduct searches and create widgets without leaving the VM app

  • Build vulnerability widgets with vulnerability counts, in addition to asset widgets with asset counts

  • Use new search filters to quickly build queries, so you don’t have to type up long queries in the search box

  • Replace current reports with live widgets, and enjoy benefits like finding where a CVE is across your environment very quickly without having to run a report

Don’t settle for just VM. Add Detection and Response for a complete security solution – all from a single cloud app!

Introducing Qualys

All-in-One Vulnerability Management, Detection and Response

The #1 Vulnerability Management solution expands to establish a new, game-changing category

Learn more

VMDR with Transparent Orchestration

Powered by the Qualys Cloud Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.