Qualys Announces Availability of QualysGuard PCI 4.0

Gartner IT Security Summit, London - September 21, 2009 - Qualys, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced availability of QualysGuard® PCI 4.0 which adds network discovery capabilities and introduces PCI Connect features to the most popular PCI platform in the industry, already in use by 60 percent of all Approved Scanning Vendors (ASVs) and 49 percent of Qualified Security Assessors (QSAs) to help merchants streamline PCI DSS certification and validation.

QualysGuard PCI 4.0 offers merchants and acquirers the following new features:

• Discovery of live devices to help merchants define systems that are in scope for PCI.
• Automated referral program where merchants connect directly with partners offering PCI DSS solutions to validate PCI requirements within the Self Assessment Questionnaire (SAQ).
• Merchants can upload evidence to support SAQ validation in multiple formats including documents and images. This may include reports from log management systems, firewall or other device configuration settings, security policies and procedures, and anything else the merchant wishes to attach to the submission. The merchant can also chose whether or not they want to share that detail with the acquirer.
• PCI Connect technology partners can provide XML uploads from their solutions for SAQ validation. Such XML data includes a summary of compliance posture for any of the requirements in the SAQ. Technology partners that joined PCI Connect include AirTight Networks, Core Security, Imperva, RedSeal Systems, Splunk and Third Brigade.
• Acquiring banks have additional security controls of merchants when validating merchants for compliance. This assists acquires to evaluate whether merchants have met PCI requirements and whether sufficient evidence has been submitted for validation.

“PCI compliance is here to stay. Continuous automated monitoring and audit related processing will help keep organizations PCI compliant by reducing the number of errors introduced by humans and lax business practices,” said Avivah Litan, VP and distinguished analyst, Gartner Inc.

The QualysGuard PCI on demand platform provides businesses, online merchants and acquirers with the easiest, most cost-effective and highly automated way to validate PCI DSS compliance. Qualys is an Approved Scanning Vendor (ASV), and is fully certified to assess PCI DSS compliance. Currently, 60 percent of all PCI DSS ASVs and 49 percent of QSAs utilize QualysGuard to deliver PCI certification and validation to their global clients.

As a new addition to the widely adopted QualysGuard PCI DSS Platform, PCI Connect streamlines business operations related to PCI compliance and validation for merchants and acquirers, all from a combined collaborative application with automated report sharing and distribution. Merchants who use PCI Connect can easily identify areas in the SAQ where they may not be meeting compliance requirements and are then presented with technology solutions that will help them complete their compliance validation. Acquirers who use QualysGuard PCI now have an easy way to validate key risk areas contained within their merchants’ PCI DSS SAQ. This component of the application will allow acquirers to make more informed risk decisions and be able to manage the compliance risk in their merchants’ portfolio more effectively.

“We take PCI Compliance validation very seriously at Heartland which is why we are always looking for best of breed solutions that will help us automate the process and reduce cost and complexity,” said Steven Elefant, chief information officer, Heartland Payment Systems. “We chose QualysGuard PCI for continuous PCI scanning and reporting due to its flexible capabilities and accurate results which improve the visibility of the security of our network.”

QualysGuard PCI Connect is an open platform with XML APIs that will allow partners and solution providers to provide automated data feeds into PCI Connect to demonstrate compliance. Thus, enhancing the oversight capabilities of both the merchant management team and the acquirer compliance team.

“QualysGuard PCI 4.0 helps merchants of all sizes better scope their PCI efforts upfront and provides the necessary workflows to connect them with leading PCI DSS solutions in order to complete the SAQ and furnish evidence of compliance. It also provides acquiring banks with a centralized view of the security posture of their merchants and therefore better assessing their risk profile,” said Philippe Courtot, CEO and Chairman of Qualys.

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 3,500 organizations in 85 countries, including 40 of the Fortune Global 100 and performs more than 200 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For media inquiries or to find the appropriate spokesperson
Contact: Jason Morris or Jen Spark
Schwartz Communications
(415) 512-0770
qualys@schwartz-pr.com

For all other matters
Contact: pr@qualys.com

Media Contact:
Tami Casey
Qualys
media@qualys.com