Qualys Extends its Vulnerability Assessment Platform to Secure Wireless and VPN Points-of-Entrance on Corporate Networks

Redwood City, CA — September 16, 2002 — Qualys™, Inc., the leader in Managed Vulnerability Assessment, today announced a new version of QualysGuard™ to automatically audit the wireless enterprise. Available immediately to all customers, this version of QualysGuard allows network security professionals to inventory all networked devices and systems, including inadvertently introduced wireless and remote access VPN (Virtual Private Network) devices, and proactively secure their networks before vulnerabilities can be exploited by intruders.

“The introduction of new entry points into a corporate network, particularly through wireless and VPN access, significantly challenges the integrity of corporate security,” said Mike Schiffman, Director of Security Architecture of @stake, Inc., the world’s leading digital security consultancy, and the well-known author of network security books. “In today’s inherently insecure wireless access environment, one vulnerable point of entry on a network can drastically compromise corporate data assets. Each end point on the network must be continuously monitored for any change in security exposure, a job that is simply not feasible without an automated solution that is accurate and available any time from anywhere.”

The new version of QualysGuard extends the power of network discovery and vulnerability management to wireless and VPN access points that have been traditionally left exposed on corporate networks and susceptible to hackers and automated attacks. Devices that can now be scanned using QualysGuard include 802.11 access points from vendors including Cisco, Apple, Nokia, LINKSYS, 3Com, Lucent, and many others.

To ensure accuracy, QualysGuard leverages its proprietary fingerprinting technology to identify every accessible device on a corporate network, allowing system administrators to discover unauthorized systems that are in violation of the company’s security policy. QualysGuard then creates a complete architectural map of the network, enabling immediate identification of vulnerabilities and rogue systems that could expose the network to intrusions. Network administrators can also generate reports on differential changes that often open the door to hackers.

To detect and resolve vulnerabilities, QualysGuard’s Inference-Based Scanning Engine assesses each system against its proprietary KnowledgeBase, the industry’s most comprehensive and up-to-date vulnerability database, containing nearly 2000 vulnerability signatures for over 300 applications on more than 20 operating systems, and updated daily as new vulnerabilities emerge. Near instant, actionable reports detail vulnerabilities, rank them by severity, and provide one-click links to verified fixes. Differential reporting and trend analysis are available so users can monitor for new systems that have connected to the network. Vulnerability assessments can be initiated as frequently as necessary, either pre-scheduled or on-demand. Because QualysGuard is a Web-based solution, assessments can be activated and reports securely viewed from any Web browser.

“Historically, networks were much easier to protect, but with wireless and VPN access, the points of entry multiply and the perimeter of the network weakens. Even a simple configuration error on a VPN server can expose the network to unauthorized entry that threatens the entire company,” stated Philippe Courtot, Chairman and CEO of Qualys. “By extending the scope of QualysGuard to automatically monitor remote access points, Qualys simplifies IT administrators’ inventory management on their perpetually evolving networks reducing their window of exposure against cyber attacks.”

About QualysGuard

The QualysGuard Web Service automates Network Security Audits and Vulnerability Management ensuring the security of information networks. With the highest degree of accuracy, data integrity, scalability, and ease of use, QualysGuard is available in a variety of packages designed to meet the specific needs of enterprises, SMBs, consultants, or managed service providers.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com