New Vulnerabilities Found in Server-Side Applications and Networking Equipment Can Be Identified at https://sans20.qualys.com — Qualys CTO Presents Top-20 at Launch Event in London
London — November 22, 2005 — Qualys, Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced the availability of a free network scanning service to help companies find and eliminate vulnerabilities listed in the annual SANS Top-20 announced today. The SANS Top-20 is designed by the SANS Institute and security experts from industry and government to provide organisations with a prioritised list of newly discovered exposures to their networks. Qualys’ free scan for the SANS Top-20 is available at https://sans20.qualys.com.
In addition to identifying vulnerabilities in Windows and UNIX categories, this year’s Top-20 also includes Cross-Platform Applications and Networking Products. The change reflects the dynamic nature of the evolving threat landscape. The full SANS report can be found at http://www.sans.org/top20.
“The SANS Top-20 provides an invaluable tool for helping businesses prioritize their efforts in addressing security vulnerabilities. This year’s SANS Top-20 identified two growing areas of risk for organisations: increasing threats in client-side applications and critical vulnerabilities in networking equipment. These are issues that should be identified and addressed within organisations of every size,” said Gerhard Eschelbeck, CTO and VP of Engineering at Qualys. Eschelbeck, along with other experts in the community, provided contributions to the development of the SANS Top-20 list and presented the Top-20 at the launch event in London.
The shift from server-side to client-side vulnerabilities was also a significant finding in the “Laws of Vulnerabilities” research presented by Eschelbeck last week at the CSI Conference in Washington, D.C. According to the research, more than 60 percent of new critical vulnerabilities occur in client applications. Client-side vulnerabilities require a user to take action, such as visiting a malicious website or opening an infected email attachment. The research can be found at www.qualys.com/laws.
Qualys’ on demand model provides customers with immediate vulnerability updates, such as the Top-20 listing, without the need for installing software or building out additional infrastructure. In addition to the free scan, the QualysGuard® service detects new exposures in the SANS Top-20.
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
For media inquiries or to find the appropriate spokesperson
Contact: Megan Lamb
Contact: Jonathan Bitle
For all other matters