Qualys Reveals Unknown Gap in Security of Large Scale Web Sites

Sunnyvale, Calif. — October 30, 2000 — Qualys™, Inc., a leading provider of network vulnerability assessment services, today announced the release of a solution to one of the most significant security challenges facing enterprises operating large scale Web sites. Qualys’ new Load Balancer scanner for its flagship QualysGuard™ service enables CIOs and network security managers to identify weaknesses that, to date, have been practically impossible to see. The Load Balancer scanner checks front-line hardware and applications located behind load-balancing systems designed to distribute high-volume traffic. Supporting news of the Qualys scanner launch is a recent audit made by Qualys of the top 500 Web sites, revealing the types of machines used behind load balancing systems and opening the opportunity for enterprises to dramatically enhance the effectiveness of their security measures.

“A number of major sites are unaware of the vulnerabilities that exist on their networks,” said Gilles Samoun, Chairman and CEO of Qualys. “These sites are not vulnerable for lack of diligent attention, but for lack of the easy tools required to comprehensively assess network vulnerability.”

Many large-scale sites use load balancers to distribute traffic among multiple machines. Yet this improvement in traffic management introduces a major challenge to assessing network vulnerability. Load balancers themselves do not introduce any vulnerabilities to networks, but until today, no other vulnerability assessment service could verify security weaknesses on a specific machine located behind load-balancing systems. This lack of visibility mean that network security managers could discover vulnerabilities only after hackers found them first, forcing major Web sites to operate reactively rather than proactively.

In addition to the new Load Balancer module for QualysGuard™, the company also disclosed a recent audit performed on the most popular 500 Web sites. This audit was conducted completely non-invasively, requiring only a few seconds per site, and revealed several items about the systems behind the load balancers. Subscribers to the Qualys service can use the same feature to scan their networks on demand, revealing much deeper information about which components of hardware, operating systems, applications and their combinations are vulnerable.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com