Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Free Vulnerability Scan Now Available for New SANS Top-20

London, UK — October 8, 2004 — Qualys, Inc., the leading provider of on-demand vulnerability management solutions, today released a free network scanning service to help companies find and eliminate the vulnerabilities announced today in the new SANS Top-20 list. Updated annually, the SANS Top-20 defines the 20 most serious security exposures identified by experts from around the world and provides organisations with clear guidance on the core threats to their networks. Qualys’ free service for the SANS Top-20 is available immediately at

“The amount of information about security threats and vulnerabilities in our industry has grown to the point where it has become virtually unusable due to the sheer volume,” said Howard A. Schmidt, former White House cyber security advisor and Qualys board member. “The SANS Top-20 gives organisations around the world a head start in identifying and prioritizing the most critical security vulnerabilities, and Qualys free scan provides the tools to find and fix them.”

The SANS Top-20 list was announced today at a gathering of international security experts in London. The Top-20 is compiled every year as the result of analysis conducted by security researchers around the world. It reflects the experience and expertise of its sponsoring organisations, which this year includes government agencies such as the GCHQ (Government Communications Headquarters), CSIA (Central Sponsor for Information Assurance), NISCC (National Infrastructure Security Co-ordination Centre) and independent institutions such as the SANS Institute, as well as leading security experts from Microsoft, Symantec, ISS, Qualys, AFENTIS and others. Hazel Blears, Minister for Resilience and Counter-Terrorism at the Home Office has provided a statement supporting this unique initiative. The SANS Top-20 announcement and list can be found at

Gerhard Eschelbeck, chief technology officer of Qualys, a panellist on the event in London and author of the “Laws of Vulnerabilities,” provided contributions to the development of the SANS Top-20 list along with other experts in the community.

“The SANS Top-20 has become the industry standard for prioritizing the most critical security vulnerabilities impacting our networks. For every organisation, identifying and addressing these vulnerabilities should be a first step in managing their security risk,” said Eschelbeck, who participated in the SANS event. “We applaud the industry-wide participation in this annual initiative. Qualys is pleased to contribute to the development of the Top-20 list and to offer a complimentary service that allows all organisations to immediately scan their networks for the Top-20 vulnerabilities.”

In addition to providing a free scan, Qualys has updated its QualysGuard® vulnerability management service to detect the SANS Top-20. Qualys’ on-demand model provides customers with immediate vulnerability updates, such as the Top-20 listing, without the need for additional hardware or software infrastructure. Organisations can customize scanning and reporting to determine if they have been impacted by any of the Top-20 vulnerabilities and quickly remediate these critical threats.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey