New Version of Qualys’ Widely Adopted On Demand PCI Scanning Application Allows Organizations to Proactively Secure Web Applications to Meet PCI 6.6 Requirements
Gartner IT Security Summit, London - 1 October, 2008 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard® PCI 3.0, a new version of the industry’s most widely used on demand scanning application for ongoing management of PCI compliance efforts. QualysGuard PCI 3.0 now includes a Web Application Scanning (WAS) module that combines the application’s traditional compliance scanning, remediation and e-filing capabilities with automated web application scanning. This advancement helps merchants in their efforts to effectively meet requirement 6.6 for maintaining secure web applications.
The now mandatory requirement, within the just released PCI Data Security Standards 1.2, states that all public-facing web applications are subject to either 1) reviews of applications via manual or automated vulnerability assessment tools or methods, or 2) installing an application-layer firewall in front of public-facing web applications.
“Compliance with the PCI data security standard is a continuous process, and not a one-time event,” said Avivah Litan, VP and distinguished analyst, Gartner Inc. “Organizations are best off leveraging tools that automate as much of this process as possible on a continuous basis.”
QualysGuard PCI 3.0 Web Application Scanning module is an automated tool for evaluating web applications before and after deployment. This ensures that the applications are built and maintained in a secure way. Delivered via Software-as-a-Service (SaaS), the WAS module fully automates the scanning of vulnerability types within customized code and allows customers to crawl web applications, identify cross-site scripting vulnerabilities, isolate SQL injection attacks and conduct authenticated and unauthenticated scanning.
The QualysGuard PCI 3.0 WAS module includes the following features and benefits:
“Since the introduction of PCI DSS, we’ve diligently worked to integrate the latest updates into Qualys’ SaaS offering to help customers automate their process while reducing cost as Gartner recommends,” said Philippe Courtot, Chairman and CEO of Qualys. “Adding WAS support to QualysGuard PCI allows our customers to satisfy the new PCI 6.6 requirement without having to deploy any additional software and gives our partners the ability to provide expanded services for expert review of the results.”
Qualys’ On Demand PCI solution continues to be the de facto standard for merchants needing to comply with PCI’s ever-changing requirements. Over 1,500 organizations use QualysGuard PCI to scan over 500,000 hosts per quarter. QualysGuard PCI also gives partners the tools they need to quickly become an Approved Scanning Vendor (ASV) for PCI compliance. More than 57 percent of all PCI DSS ASVs and Qualified Security Assessors (QSAs) utilize QualysGuard to deliver PCI certification and PCI-related services to their clients.
QualysGuard PCI 3.0 is generally available on October 13, 2008. Annual subscriptions start at £795 or Euros 995, which includes unlimited scans for three IP addresses, 1 Web application and 24x7 customer support.
Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures. The QualysGuard® service is used today bymore than 3,500 organizations in 85 countries, including 35 of the Fortune Global 100 and performs more than 200 million IP audits per year. Qualys hasthe largest vulnerability management deployment in the world at a Fortune Global 50 company. Qualys has established strategic agreements with leadingmanaged service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, SecureWorks, Symantec, TELUS and VeriSign. For more information, please visit www.qualys.com.
For media inquiries or to find the appropriate spokesperson
Contact: Jane Folwell
+44 (0)1344 845132
For all other matters