Qualys Sets New Standard In Managed Vulnerability Assessment

RSA Conference, San Jose — February 19, 2002 — Qualys™, Inc., the leader in the emerging category of Managed Vulnerability Assessment, today announced the first in a series of enhancements to QualysGuard, its Managed Vulnerability Assessment Platform that helps companies of every size proactively protect network assets against the alarming growth of Internet threats. According to CERT, 99% of all network and host intrusions result from exploitation of known vulnerabilities or configuration errors where countermeasures were readily available.

Managed Vulnerability Assessment secures networks, hosts and desktop PCs through automated scans that produce concise management reports, enabling better identification and elimination of vulnerabilities. Enterprise customers can protect their network resources, while at the same time radically decreasing the costs to assess, identify, fix and verify elimination of vulnerabilities.

“Managed Vulnerability Assessment is an emerging, rapidly growing category of managed security services,” said Allan Carey, Senior Research Analyst for Information Security Services at IDC. “Companies are facing an increasingly threatening Internet environment, and they are beginning to recognize that an automated, proactive security service, such as Managed Vulnerability Assessment, can help them considerably improve the protection of their digital assets cost-effectively. Qualys has developed a scalable platform that streamlines vulnerability identification and verification within the security process.”

QualysGuard identifies and eliminates network vulnerabilities, by delivering automated, scalable and cost effective assessment on a continuous basis. Enhancements to the service announced today include the following:

• Enhanced reporting engine provides concise and flexible reports for every level of the enterprise - from IT staff to CEOs;
• Patch and signature aggregation takes network analysis to a new level, simplifying the process of identifying and fixing known vulnerabilities;
• Ability to “try it and buy it” allows businesses of all sizes to trial the service, and obtain a free network security audit before making the purchase.
• “The world of security is becoming more complex and threatening every day. Today, firewalls and intrusion detection solutions simply aren’t enough. We need a solution that will not only help us identify potential vulnerabilities, but will also prioritize which vulnerabilities are the most important and what steps are needed to correct them,” said Deefay Young, Senior Network Security Analyst at Adobe Systems. “Qualys has created a Managed Vulnerability Assessment platform to help companies like ours anchor their security policies with an automated, scalable and proactive solution that will result in a bottom-line return on investment.”

QualysGuard Platform: Automated Identification, Elimination and Verification

QualysGuard is the first scalable, affordable web-service designed for companies of every size. Delivered over the Internet, QualysGuard employs advanced vulnerability detection techniques to assess a network’s security exposures and suggest remedies before intruders can take advantage of them.

“Until now, proactively identifying and eliminating known vulnerabilities was a complex, expensive and often inaccurate process requiring specialized expertise that only large enterprises could afford,” said Philippe Courtot, Chairman and CEO of Qualys. “We believe everyone, from Global 2000 corporations to small businesses, should have the ability to identify and correct vulnerabilities before they are exploited.”

Via a web interface, users can initiate a QualysGuard audit “on demand” by selecting networks or hosts to be audited and choosing which known vulnerabilities to scan. Upon completion, QualysGuard delivers a report detailing found vulnerabilities with suggested remedies to fix each vulnerability. All patches to the detected vulnerabilities are verified by Qualys’ security engineers and compiled into the platform. The next scheduled QualysGuard™ audit then verifies vulnerability elimination, enabling CIO’s to set service level agreements and monitor vulnerability based security policies.

New Concise, Flexible Reporting that Informs Every Level of the Enterprise

Available immediately, QualysGuard’s enhanced reporting engine enables enterprises to generate more robust security analysis reports in formats that are readily understandable at every level of the company - from corporate executives to technical engineers. With the new features embedded in these reporting capabilities, users can perform trend and differential analysis over time and from one scan to another, generate customized reports, produce graphical reports and generate on-demand executive level analysis and CIO reports.

“QualysGuard reporting enhancements are a first step in helping network administrators better explain their security policies and requests to others inside and outside of the organization,” said Courtot. “As an industry, we have to give enterprises tools like these that to ensure regular, understandable communication within the organization.”

World-Class Technological Backing

Qualys has built a world-class technology infrastructure to support its Managed Vulnerability Assessment services, including a centralized back-end scanning system that can scale to assess millions of devices connected to the Internet and can meet the needs of both small and large businesses.

In order to provide customers with the most realistic perspective into their networks’ security, QualysGuard mimics the workflow process that hackers use. The QualysGuard KnowledgeBase of exploits is continuously updated with the most current intelligence on network vulnerabilities empowering network administrators to test against the latest invasions. Currently, QualysGuard scans and audits more than 300 different applications on 20 different platforms and operating systems.

Extensible API Interface

The QualysGuard Application Program Interface (API) allows customers and partners to seamlessly integrate vulnerability assessment into their own services and applications. It enables third party solutions to integrate and access various components of the QualysGuard platform via an extensible XML interface.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com