QualysGuard Data Security Model Achieves Highest Rating from Independent Auditors

Infosecurity 2003, New York, NY — December 11, 2003 — Qualys™, Inc., the market leader of on-demand Network Security Audits and Vulnerability Management, today announced its QualysGuard® web service has passed a penetration test from @stake, awarding QualysGuard with its highest rating (“exceptional”) in data security. In addition to the @stake testing, QualysGuard has successfully completed an independent Statement on Auditing Standards No. 70 (SAS 70) Type I Service Audit performed by Ernst & Young, confirming that proper controls are in place to protect customer data.

The @stake testing of the QualysGuard web service occurred over the first and second quarter of 2003 and consisted of an in-depth security architecture review, aggressive penetration testing, application and user account security analysis, authorization and access control analysis, extended QualysGuard service analysis, and best practice-based network architecture evaluation. The results of the @stake testing concluded that the QualysGuard service complies with a wide range of best practices to protect customer data using secure data transmissions, a protected database, strong encryption standards, and sound architectural design to minimize any threats of attack.

“In our testing process, Qualys successfully protected against all of our attacks, exhibiting no security weaknesses that could be used to compromise the security of the QualysGuard service or its deployment environment,” said Chris Wysopal, Vice President of Research & Development for @stake, Inc.

In the SAS 70 certification, Ernst & Young examined the controls placed in operation at Qualys in accordance with the internationally-recognized standards developed by the American Institute of Certified Public Accountants. The SAS 70 accreditation means that Qualys has implemented controls that are suitably designed to achieve the specified control objectives and activities, affirming Qualys’ reputation as a trusted provider of network security audits and vulnerability management solutions.

The SAS70 audit is available upon request.

About QualysGuard

The QualysGuard Web Service automates Network Security Audits and Vulnerability Management ensuring the security of information networks. With the highest degree of accuracy, data integrity, scalability, and ease of use, QualysGuard is available in a variety of packages designed to meet the specific needs of enterprises, SMBs, consultants, or managed service providers.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com