Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Announces Web Application Firewall (WAF) Beta Availability for Amazon EC2 and for On-Premise Deployments

Next-Generation Distributed WAF Delivers Organisations Protection Against Known and Emerging Threats for Web Applications Running in the Cloud or on Premise

REDWOOD CITY, Calif., July 31, 2013 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that it will release the beta of its new cloud WAF solution as an Amazon Machine Image (AMI) and as a VMware virtual image for on-premise deployments starting August 1. Qualys’ new WAF service is delivered through the multitenant, highly scalable QualysGuard® Cloud Platform, providing customers centralised management capabilities, distributed protection and ease-of-use, whether applications are running on premise or in the cloud.

Qualys will showcase these new capabilities at Black Hat USA 2013 Briefings – booth #401 – from July 31 to August 1.

WAFs work by shielding web sites by applying a set of rules to HTTP conversations to prevent them from being attacked. However, WAF technology is costly and complex to apply because these rules need to be customised to the applications, and they must be updated often to cover changes to the applications and to address new and emerging threats. As a result, many organisations cannot afford to deploy WAFs, or they can only deploy them on a select number of mission critical web properties.

“It can be challenging for companies to use WAFs because initial costs are high compared with other technologies,” said Phil Hochmuth, program manager, security products, IDC. “They can also be expensive to maintain because once they are deployed, they must be carefully monitored and maintained by skilled web application security specialists or developers. This can be challenging to manage, and lead to configuration mistakes.”

Qualys has developed a cloud WAF service, delivered as part of the QualysGuard Cloud Platform and suite of integrated applications, as an affordable, automated, always up-to-date solution for protecting web sites and increasing their performance. Leveraging the QualysGuard Cloud Platform, the new QualysGuard WAF is designed to provide:

  • Real-time application defense, blocking attacks against websites as they happen.
  • Application hardening, minimising application attack surfaces by providing a shield around coding defects, application framework flaws, web server bugs and loose configurations.
  • Low-cost, automated service maintained and updated by Qualys’ security experts providing new defenses and features transparently to users and site visitors.
  • A multitude of deployment options for distributed WAF protection points managed through a common, central policy administration and reporting interface with APIs for integration.

Customers using WAF will experience benefits including:

  • Always up-to-date rules.
  • Immediate rules deployment on all WAFs connected to QualysGuard.
  • Maximum efficiency as rules are strengthened with security events from all WAF customers.
  • In-cloud or on-premise web site protection, with a SaaS platform providing centralised management for distributed WAF virtual appliances.

“Qualys is committed to delivering powerful, effective cloud solutions that remove the cost and complexity associated with IT security and compliance, and we are excited to provide an affordable, automated solution with our next generation WAF,” said Philippe Courtot, chairman and CEO for Qualys. “The debut of our WAF service in beta for Amazon EC2, as well as with an on-premise virtual appliance image, will offer customers the flexibility they need to protect their applications no matter where they reside.”


Starting 1st August, Amazon Web Services (AWS) users can launch WAF appliances from an Amazon Machine Image (AMI) to gain real-time defense of their websites and applications running on Amazon EC2, protecting them against attack. Starting September 1, users can download our WAF appliance VMware virtual image to protect web applications residing on premise within datacenters.

About QualysGuard Cloud Platform
The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions help provide organisations of all sizes with a global view of their security and compliance posture while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enables customers to identify their IT assets, collect and analyse large amounts of IT security data, discover and prioritise vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organisations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organisations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey