Cloud Platform

Qualys Launches Network Scan for the Latest SANS/FBI Top 20 Vulnerabilities

Free Assessment Enables Companies to Immediately Verify Their Network Passes the Top 20 Vulnerability Checks

Washington, D.C. — October 2, 2002 — Qualys™, Inc., the leader in Managed Vulnerability Assessment, today announced the availability of a free network scan designed specifically to detect and eliminate the 20 critical categories of vulnerabilities announced today by the SANS (SysAdmin, Networking and Security) Institute, the FBI (Federal Bureau of Investigation) and FedCIRC (Federal Computer Incident Response Center). The free, Web-based service, available immediately at, enables companies of every size to identify and remedy these threats within their perimeter network.

“The SANS/FBI Top 20 list identifies the set of network security vulnerabilities that are most commonly used by hackers to break into systems. They should be addressed by network administrators as quickly as possible,” said Alan Paller, Director of Research, SANS Institute. “Qualys’ approach to scanning removes one of the biggest barriers for organizations that want to get started quickly, by allowing them to have their systems scanned without installing software and hardware. And the new free trial service lets organizations see what they need to do without committing anything other than a few minutes on the web.”

Qualys’ SANS/FBI Top 20 network scanning service offers security administrators a free network scan on any target IP address that leverages the infrastructure of Qualys’ Managed Vulnerability Assessment service, QualysGuard. QualysGuard combines a fully automated Web platform, with a proprietary Inference-Based Scanning Engine and the industry’s most comprehensive KnowledgeBase of vulnerabilities, to help enterprises more accurately identify and prioritize threats, eliminate false positives and quickly remedy security weaknesses, both inside and outside the firewall. Through an easy-to-use Web interface, a network administrator can scan a network and, in just a few minutes, receive a complete report detailing network vulnerabilities with the corresponding actionable remedies.

The Qualys scan focuses on detecting the SANS/FBI Top 20 vulnerabilities on any target IP address. The SANS/FBI Top 20 includes general vulnerabilities that affect all systems, vulnerabilities on Windows™ systems, and vulnerabilities that affect Unix® (and Linux) systems. In addition to detecting the vulnerabilities on a network, the QualysGuard free scan assesses their level of risk and offers suggestions on fixes.

“While identification of vulnerabilities is important, prioritization and management is essential. The SANS/FBI Top 20 sets a critical foundation for the vulnerabilities that must be remedied by every network connected to the Internet,” stated Philippe Courtot, Chairman and CEO of Qualys. “We commend the efforts and leadership of the SANS Institute for leading the industry’s initiative to assemble the Top 20 list and deliver it to the security community at large.”

About QualysGuard

The QualysGuard Web Service automates Network Security Audits and Vulnerability Management ensuring the security of information networks. With the highest degree of accuracy, data integrity, scalability, and ease of use, QualysGuard is available in a variety of packages designed to meet the specific needs of enterprises, SMBs, consultants, or managed service providers.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For media inquiries or to find the appropriate spokesperson

Contact: Megan Lamb
Merritt Group

For all other matters


Media Contacts:
Tami Casey
(650) 801-6196

Mariah Gauthier
(415) 963 4174