New Version of QualysGuard Allows Companies to Detect Wireless Vulnerabilities

— September 16, 2002 — Qualys, the leader in Managed Vulnerability Assessment, today announces the latest version of its QualysGuard platform for the automatic audit of the wireless enterprise. The new version addresses the fact that many companies are unaware not only of the vulnerability of their wireless networks, but of the fact that they have wireless access points at all.

“Wireless technology has reached a stage where an employee can add a wireless access point to a corporate network without necessarily informing their employer,” explains Adil Pastakia, UK managing director of Qualys. “Companies may be spending time securing their wired networks, unaware that a number of gaping holes have been opened up by wireless. QualysGuard will identify all access points on a corporate network and assess the security of each, offering fixes for any vulnerabilities uncovered.”

The insecurity of wireless networks has already been brought to the attention of the British public this year. I-SEC, a wireless security specialist and Qualys partner, staged a highly-publicised controlled drive-round in the City of London. Equipped with a makeshift antenna rigged up with a Pringles can, freely-downloadable software and a £60 wireless network card, I-SEC showed how a would-be hacker could pick up over 60 wireless networks in only 45-minutes. “In the past year, many companies have bought wireless access points to see what they can do. In doing so, they may have unintentionally opened a back door to their corporate networks,” said Geoff Davies, I-SEC managing director. “The biggest danger is usually not the access points you know about, it’s the ones that have been plugged in without authorisation. We know of many large companies where this has happened.”

The new platform includes scanning for inadvertently introduced wireless and remote access VPN (Virtual Private Network) devices. Devices that can now be scanned using QualysGuard include 802.11 access points from vendors including Cisco, Apple, Nokia, LINKSYS, 3Com and Lucent.

How QualysGuard Works

Mapping

To ensure accuracy, QualysGuard uses its proprietary fingerprinting technology to identify every accessible device on a corporate network. This allows system administrators to discover unauthorised systems that are in violation of the company’s security policy. QualysGuard then creates a complete architectural map of the network, enabling immediate identification of vulnerabilities and rogue systems that could expose the network to intrusions. Network administrators can also generate reports on differential changes that often open the door to hackers.

Assessment and Resolution

To detect and resolve vulnerabilities, QualysGuard’s Inference-Based Scanning Engine assesses each system against its proprietary KnowledgeBase. This is the industry’s most comprehensive and up-to-date vulnerability database, containing nearly 2000 vulnerability signatures for over 300 applications on more than 20 operating systems, and updated daily as new vulnerabilities emerge. Reports detail vulnerabilities, rank them by severity and provide one-click links to verified fixes. Differential reporting and trend analysis are available so users can monitor for new systems that have connected to the network. Vulnerability assessments can be initiated as frequently as necessary, either pre-scheduled or on-demand. Because QualysGuard is a Web-based solution, assessments can be activated and reports securely viewed from any Web browser.

About QualysGuard

QualysGuard is a fully automated, Web-based vulnerability assessment solution that employs a proprietary inference-based methodology to assure accurate and complete system detection, outside and inside the firewall. By continuously and proactively monitoring all network access points, Qualys dramatically reduces security administrators’ time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com