Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Provides Free Network Scan and Remediation for Latest SANS Top 20 Vulnerabilities

Free Scan Available at

Redwood City, CA — October 8, 2003 — Qualys™, Inc., the market leader of on-demand security audits and vulnerability management, today announced the immediate availability of a free network scan to identify and eliminate the latest Top 20 critical security vulnerabilities reported today by the SANS Institute, The US Department of Homeland Security, the UK National Infrastructure Security Co-ordination Centre (NISCC), and the Canadian Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP). The free service is available immediately at

“The Top 20 Internet Security Vulnerabilities List defines the set of network security vulnerabilities that are most commonly used by hackers to break into systems. They should be addressed by network administrators as quickly as possible,” said Alan Paller, Director of Research, SANS Institute. “Qualys’ approach to scanning removes one of the biggest barriers for organizations that want to get started quickly, by allowing them to have their systems scanned without installing software and hardware. And the new free trial service lets organizations see what they need to do without committing anything other than a few minutes on the web.”

Gerhard Eschelbeck, chief technology officer of Qualys, contributed significantly to the SANS Top 20 initiative to build an industry-wide consensus on the most critical security vulnerabilities and to promote security awareness.

“The SANS Top 20 enables us to focus on what’s most important for securing our payment processing platform, curreny used by over 200,000 merchants,” said Qualys customer, Jim Aviles, Manager of Products and Technology at Merchant e-Solutions. “Qualys’ web service allows us to scan continuously our critical assets and provides us automatically with a SANS 20 Report that helps us prioritize and eliminate the most critical threats.”

The Qualys Top 20 scan focuses on detecting the SANS Top 20 vulnerabilities on any target IP address. The SANS Top 20 includes vulnerabilities that affect all systems, vulnerabilities on Windows™ systems, and vulnerabilities that affect Unix® (and Linux) systems. In addition to detecting the vulnerabilities on a network, the QualysGuard free scan assesses their level of risk and offers suggestions on fixes.

Effective immediately, Qualys has also updated its QualysGuard® web service with the latest Top 20 information to help organizations automatically detect and eliminate these critical vulnerabilities. These vulnerabilities are tracked in real-time through Qualys™ web service architecture and enable companies to create individualized reports that show, graphically and statistically, whether their networks have been impacted by the Top 20 vulnerabilities and how to remediate them.

Complimentary to the SANS Top 20 scan, Qualys provides a dynamic, continuously up-to-date list of the ten most critical and prevalent security vulnerabilities, called RV10 (Real-Time Top Ten Vulnerabilities). The list is available at

About QualysGuard

QualysGuard is an on-demand security audit service delivered over the web that enables organizations to effectively manage their vulnerabilities and maintain control over their network security with centralized reports, verified remedies, and full remediation workflow capabilities with trouble tickets. QualysGuard provides comprehensive reports on vulnerabilities including severity levels, time to fix estimates and impact on business, plus trend analysis on security issues. By continuously and proactively monitoring all network access points, QualysGuard dramatically reduces security managers’ time researching, scanning and fixing network exposures and enables companies to eliminate network vulnerabilities before they can be exploited.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey