Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
Cloud Security

Qualys Provides Free Network Scan and Remediation for Latest SANS Top 20 Vulnerabilities

Free Scan Available at

Slough, UK — October 16, 2003 — Qualys™, Inc., the market leader of on-demand security audits and vulnerability management, today announced the immediate availability of a free network scan to identify and eliminate the latest Top 20 critical security vulnerabilities reported today by the SANS Institute, The US Department of Homeland Security, the UK National Infrastructure Security Co-ordination Centre (NISCC), and the Canadian Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP). The free service is available immediately at

“The Top 20 Internet Security Vulnerabilities List defines the set of network security vulnerabilities that are most commonly used by hackers to break into systems. They should be addressed by network administrators as quickly as possible,” said Alan Paller, Director of Research, SANS Institute. “Qualys’ approach to scanning removes one of the biggest barriers for organizations that want to get started quickly, by allowing them to have their systems scanned without installing software and hardware. And the new free trial service lets organizations see what they need to do without committing anything other than a few minutes on the web.”

Gerhard Eschelbeck, chief technology officer of Qualys, contributed significantly to the SANS Top 20 initiative to build an industry-wide consensus on the most critical security vulnerabilities and to promote security awareness.

“The SANS Top 20 enables us to focus on what’s most important for securing our payment processing platform, currently used by over 200,000 merchants,” said Qualys customer, Jim Aviles, Manager of Products and Technology at Merchant e-Solutions. “Qualys’ web service allows us to scan continuously our critical assets and provides us automatically with a SANS 20 Report that helps us prioritize and eliminate the most critical threats.”

The Qualys Top 20 scan focuses on detecting the SANS Top 20 vulnerabilities on any target IP address. The SANS Top 20 includes vulnerabilities that affect all systems, vulnerabilities on WindowsT systems, and vulnerabilities that affect UnixR (and Linux) systems. In addition to detecting the vulnerabilities on a network, the QualysGuard free scan assesses their level of risk and offers suggestions on fixes.

Effective immediately, Qualys has also updated its QualysGuardR web service with the latest Top 20 information to help organizations automatically detect and eliminate these critical vulnerabilities. These vulnerabilities are tracked in real-time through Qualys’ web service architecture and enable companies to create individualized reports that show, graphically and statistically, whether their networks have been impacted by the Top 20 vulnerabilities and how to remediate them.

Complimentary to the SANS Top 20 scan, Qualys provides a dynamic, continuously up-to-date list of the ten most critical and prevalent security vulnerabilities, called RV10 (Real-Time Top Ten Vulnerabilities). The list is available at

About QualysGuard®

QualysGuard is the only fully automated Web security auditing and vulnerability management solution for the enterprise. QualysGuard’s proprietary inference-based methodology assures accurate and complete security auditing and vulnerability management and remediation, outside and inside the firewall. With an unparalleled KnowledgeBase of over 3,000 vulnerabilities, QualysGuard continuously and proactively audits all network systems and access points for the widest range of security threats - before hackers, worms and viruses can exploit them. The QualysGuard solution dramatically reduces security administrators’ time researching, scanning and fixing network exposures and eliminates the cost and maintenance associated with traditional hardware and software solutions.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey