Free Qualys Vulnerability Scan Available for the SANS Top-20 2005 Update

London — November 22, 2005 — Qualys, Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced the availability of a free network scanning service to help companies find and eliminate vulnerabilities listed in the annual SANS Top-20 announced today. The SANS Top-20 is designed by the SANS Institute and security experts from industry and government to provide organisations with a prioritised list of newly discovered exposures to their networks. Qualys’ free scan for the SANS Top-20 is available at https://sans20.qualys.com.

In addition to identifying vulnerabilities in Windows and UNIX categories, this year’s Top-20 also includes Cross-Platform Applications and Networking Products. The change reflects the dynamic nature of the evolving threat landscape. The full SANS report can be found at http://www.sans.org/top20.

“The SANS Top-20 provides an invaluable tool for helping businesses prioritise their efforts in addressing security vulnerabilities. This year’s SANS Top-20 identified two growing areas of risk for organisations: increasing threats in client-side applications and critical vulnerabilities in networking equipment. These are issues that should be identified and addressed within organisations of every size,” said Gerhard Eschelbeck, CTO and VP of Engineering at Qualys. Eschelbeck, along with other experts in the community, provided contributions to the development of the SANS Top-20 list and presented the Top-20 at the launch event at the DTI in Westminster.

The shift from server-side to client-side vulnerabilities was also a significant finding in the latest “Laws of Vulnerabilities” research published by Eschelbeck last week. According to the research, more than 60 percent of new critical vulnerabilities occur in client applications. Client-side vulnerabilities require a user to take action, such as visiting a malicious website or opening an infected email attachment. The research can be found at www.qualys.com/laws.

Qualys’ on demand model provides customers with immediate vulnerability updates, such as the Top-20 listing, without the need for installing software or building out additional infrastructure. In addition to the free scan, the QualysGuard® service detects new exposures in the SANS Top-20.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For any further UK press information please contact:

Contact: Jane Folwell
Folwell PR
07950 033370
07921 158459

Contact: Celine Mathias
Qualys
078341 68241

For all other matters

Contact: pr@qualys.com

Media Contacts:
Tami Casey
Qualys
(650) 801-6196
tcasey@qualys.com

Mariah Gauthier
HighwirePR
(415) 963 4174
qualys@highwirepr.com