Free Vulnerability Scan Now Available for SANS Top 20 Quarterly Update

Redwood City, CA — May 2, 2005 — Qualys, Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced the availability of a free network scanning service to help companies find and eliminate the vulnerabilities discussed in today’s SANS Top 20 list quarterly update. The SANS Top 20 defines the 20 most serious security exposures identified by experts from around the world and provides organizations with clear guidance on the core threats to their networks. Qualys’ free scan for the SANS Top 20 is available at https://sans20.qualys.com.

See also today’s announcement “Security Experts Issue Update of SANS Top 20 Most Critical Internet Vulnerabilities List” at www.qualys.com/rd/?id=3.

More than 600 new Internet security vulnerabilities were discovered during the first quarter of 2005, according to the SANS Institute and a team of experts from industry and government. The new report released today (www.sans.org/top20/Q1-2005update) identifies the most critical vulnerabilities disclosed in Q1 that pose critical risks to help organizations prioritize patching and other defensive actions. Individuals and organizations that do not correct these problems face a heightened threat that hackers will take control of their computers and use them for illegal activity.

“These critical vulnerabilities are widespread and many of them are being exploited right now,” according to Alan Paller, director of research for the SANS Institute. “We’re publishing this list as a red flag for individuals and IT departments who may be unaware of these vulnerabilities, or mistakenly believe their computers are protected.”

Gerhard Eschelbeck, chief technology officer of Qualys and author of the “Laws of Vulnerabilities,” along with other experts in the community, provided contributions to the development of the SANS Top 20 list.

“The SANS Top 20 list is a widely recognized benchmark for identifying the most critical security vulnerabilities,” said Gerhard Eschelbeck, CTO and VP of Engineering at Qualys. “Threats are evolving at a much faster rate, necessitating regular updates to the list to ensure organizations have the most current information possible on critical security vulnerabilities.”

In addition to providing a free scan, Qualys has updated its QualysGuard® vulnerability management platform to detect the SANS Top 20. Qualy’ on demand model provides customers with immediate vulnerability updates, such as the Top 20 listing, without the need for installing software or building out additional infrastructure.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com