Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys to Showcase Next-Generation Cloud Web Application Firewall Service at the RSA Conference 2012

New QualysGuard Web Application Firewall (WAF) Provides Protection and Increased Performance for Business Critical Web Sites

SAN FRANCISCO – RSA Conference USA 2012 Booth #1431 - February 27, 2012 - Qualys Inc., the pioneer and leading provider of information security and compliance cloud solutions, today at RSA Conference USA 2012 unveiled its new QualysGuard WAF service for securing web applications. The new service, delivered as part of the QualysGuard cloud platform and suite of integrated applications, provides protection against known and emerging web application threats. Additionally, the service provides increased web site performance through caching, compression and content optimisation to subscribers anywhere in the world, affordably and with no equipment needed.

Qualys will showcase this new service tonight at RSA Conference USA 2012 at 7 p.m. PT – booth #1431.

“A WAF is intended to protect applications accessed via HTTP and HTTPS against attack. WAFs focus primarily on Web server protection at the application layer, but they may also include safeguards against attacks at other layers, such as distributed denial of service (DDoS) attacks. These products focus on classes of ‘self-inflicted’ vulnerabilities commonly found in commercial Web applications or in custom-developed code, such as cross-site scripting, command injection, directory traversal and other common exploits. A WAF operates as a shield and does not ‘fix’ the underlying vulnerability, although developers can use WAF reporting as a guide to what requires remediation. WAFs are most often deployed in front of business-critical Web servers, especially in Internet-facing e-commerce servers due to PCI requirements.” *

The QualysGuard WAF service provides:

  • Zero-Footprint, Low Cost Deployment. There is no hardware or software to install. Customers need only make a simple DNS change to benefit from the QualysGuard WAF’s cloud delivery and protection network.
  • Ease of Use, Ease of Maintenance. The cloud delivery model means that hardware and software updates are handled transparently throughout the globally available service. Qualys security experts keep rules up-to-date with current threats, while flexible policies let customers match the strength of defence to the value of the web asset.
  • Real-Time Attack Prevention. The service’s holistic approach to web application security combines an extensive database of security heuristics with IP reputation, geo-location awareness, traffic analysis, and protocol and user agent analysis. The result is real-time defence against known, unknown, and even highly customised attacks.
  • Application Hardening and Virtual Patching. The QualysGuard WAF reduces the attack surface of vulnerable web applications, giving attackers a smaller and harder target. In addition, attacks against known-vulnerable servers, frameworks, and applications may be “virtually patched” with purpose-written rules, providing needed protection during long remediation cycles (for example, waiting for vendor updates or developing and testing in-house patches and configuration changes).
  • Plugged Information Leaks. The service safeguards both requests and responses, protecting against the accidental disclosure of business-sensitive information and mitigating the risk of overly informative error pages intended for developers’ eyes only.
  • Seamless Integration with Other QualysGuard Services. QualysGuard’s integrated suite of applications allows WAF subscribers to leverage the insight and protection from QualysGuard Web Application Scanning (WAS) and QualysGuard Malware Detection

“With the proliferation of cloud computing, web applications have become the soft belly of the Internet and the main target for attackers,” said Philippe Courtot, chairman and CEO for Qualys. “Until now, the cost and complexity of deploying WAFs and managing rules have made them inaccessible to most companies. Our forthcoming next generation WAF service will bring the power and cost-effectiveness of the cloud to enterprises of all sizes.”

Availability and Pricing
QualysGuard WAF will be available in a limited beta in Q2 2012. For more information or to sign up for the beta, visit:

*Gartner, Inc., “IT Market Clock for Infrastructure Protection, 2011,” by John Pescatore, John Girard, Greg Young, Ray Wagner, Peter Firstbrook and Joseph Feiman, December 1, 2011.

About Qualys

Qualys, Inc. is the pioneer and leading provider of information security and compliance cloud solutions with 5,500+ customers in 85 countries, including 51 of the Forbes Global 100. The QualysGuard Cloud Platform and integrated suite of applications helps businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organisations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters

Media Contact:
Tami Casey