Qualys Adds Exploitability Data to QualysGuard Vulnerability Management From Core Security, Immunity, Metasploit and The Exploit-DataBase

Black Hat, Las Vegas, NV - July 27, 2010 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced that QualysGuard Vulnerability Management (VM) now includes correlated exploitability information from real-time feeds to provide customers with up-to-date references to exploits and related security resources. With this new feature, customers running vulnerability scans can easily view the latest correlated exploits from third party vendors including Core Security, Immunity, and related exploit information from Metasploit and The Exploit-DataBase. This helps customers to prioritise remediation activities according to risk assessment performed by the correlated running exploits.

Previously, when running vulnerability scans, customers would get a list of Common Vulnerabilities and Exposures (CVEs), and have to manually look up exploits for each CVE, taking up the time and energy of security staff or consultants. Now, QualysGuard VM scans automatically, producing a list of correlated exploits for each CVE, using the most comprehensive databases of tested exploits from Core Security, Immunity, The Exploit-DataBase or Metasploit, enabling customers to quickly and easily assess the impact of each vulnerability from a risk standpoint, helping them prioritise their remediation plans. The exploit information can also be included in scanning reports, providing a more complete view of security risk. Customers who use these penetration testing tools can also produce actionable reports to apply the exploits on target hosts.

“Qualys’ work with leading penetration test vendors eliminates the manual process of linking vulnerabilities to exploits,” said Wolfgang Kandek, CTO of Qualys. “This provides security professionals and consultants a clearer view of the exploitability of their IT assets so they can spend more time remediating issues and proactively planning their security strategies.”

The new exploitability correlation feature includes:

• Live exploit feeds from Core Security, Immunity (and their partners Agora, Dsquare, Enable Security, White Phosphorous), Metasploit and The Exploit-DataBase. Customers can choose the source of exploit data.
• An “Exploitability” column in the QualysGuard KnowledgeBase indicating whether exploitability information is available for the vulnerability from third party vendors and/or publicly available sources.
• Exploit details for any vulnerability selected, including the CVE reference, a description of the exploit provided by the source and a link to the exploit when available.
• The ability to include exploitability information for vulnerabilities in scan reports.

“For years Core has lead the way in the integration between scanning and security testing solutions, and customers have been using the integration between QualysGuard and IMPACT Pro to enhance and improve their vulnerability management processes,” said Fred Pinkett, vice president of product management at Core Security. “This new level of information available will provide QualysGuard users with more valuable and useful information to help prioritise remediation and make their security programs more effective and efficient.”

“With today’s growing threat landscape and corporate adoption of new computing architectures, it is more important than ever to proactively plan security measures to protect valuable company data,” said Justine Aitel, CEO for Immunity. “By integrating the exploit information from Immunity CANVAS with vulnerability information from QualysGuard VM, we are providing joint customers with a single solution that will enable them to definitively understand their existing exposure. This approach will enable organisations to effectively prioritise remediation efforts therefore increasing the coordination between the Security and IT Operation Teams.”

Availability
The new exploitability feature is now available in QualysGuard VM. More information about this feature and a live demo are available at the Qualys Community at: http://community.qualys.com/community/qualysguard/vm.

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk andcompliance management solutions – delivered as a service. Qualys’Software-as-a-Service solutions are deployed in a matter of hours anywhere inthe world, providing customers an immediate and continuous view of theirsecurity and compliance postures.

The QualysGuard® service is used today by more than 4,000 organizations in 85countries, including 42 of the Fortune Global 100 and performs more than 250million IP audits per year. Qualys has the largest vulnerability managementdeployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For media inquiries or to find the appropriate spokesperson
Contact: Melanie Johnson and Kim Smith
éclat Marketing
+44 (0)1276 486000
pr-uk@qualys.com

For all other matters
Contact: pr@qualys.com

Media Contact:
Tami Casey
Qualys
media@qualys.com