TippingPoint and Qualys Partner to Tightly Integrate Intrusion Prevention with Vulnerability Management

AUSTIN, TX & REDWOOD SHORES, CA - October 21, 2009 - TippingPoint and Qualys today announced a partnership that will give organizations the ability to more quickly defend their networks against the latest security attacks. As part of the agreement, the TippingPoint® Intrusion Prevention System (IPS) will be integrated with Qualys’ QualysGuard® Vulnerability Management (VM) solution, allowing organizations to simulate the results of IPS configuration changes against indentified vulnerabilities and make the needed changes. The resulting mitigation reports show IT administrators how to remediate these vulnerabilities, which gives them more time to test and deploy patches in a structured manner.

A recent report issued by the SANS Institute, TippingPoint and Qualys found that organizations are extraordinarily vulnerable to attacks at the application level – this includes attacks targeted at customized Web applications or from unpatched user-side applications like PDF readers. Attacks aimed at these applications are often very damaging and are also very quick to impact business operations, making it critical for organizations to be able to respond quickly to protect themselves.

“Not only are security attacks increasing in frequency, but they are coming at our networks from every conceivable angle and are potentially more dangerous if they are not caught. It is absolutely critical to be able to respond quickly to protect the network from these attacks,” said Walter Petruska, Information Security Officer at University of San Francisco. “The integration of Qualys and TippingPoint will give us the tools to react quickly to looming threats and ensure our networks are safe.”

Faster Response for Better Protection

QualysGuard Vulnerability Management actively monitors the network access points on an organization’s networks to determine where it is vulnerable. The TippingPoint IPS provides active vulnerability protection through its Digital Vaccine® service. Customers of both TippingPoint and Qualys will – in a matter of seconds – get a combined view of their vulnerabilities mapped specifically to the Digital Vaccine filters that virtually patch these vulnerabilities, protecting them from being exploited by the latest viruses and worms.

Specifically, the integration, built using the QualysGuard API, will give customers the ability to:

• Select the QualysGuard Asset Groups that are protected by TippingPoint IPS;
• Generate a differential vulnerability report to demonstrate the benefit of the TippingPoint IPS by showing all the vulnerabilities of the targets and highlighting the vulnerabilities mitigated by the TippingPoint IPS.
• Adjust the TippingPoint filter set for desired protection, thereby extending the time IT administrators have to test and deploy patches in a structured manner.

“Qualys is a leader in vulnerability management and has developed an extensive knowledge base of vulnerabilities,” said Alan Kessler, president of TippingPoint. “Mapping our Digital Vaccine filters to these known vulnerabilities provides our customers with an effective solution for improving security, achieving compliance with regulatory requirements and reducing total cost of operation. We are thrilled to be able to offer our customers the benefits of this integration.”

Compliance Drives Need to Operationalize Security

As security and industry regulations become more interconnected, it is becoming necessary to make key controls quantifiable to demonstrate compliance. The days of separate tool silos that provide a snapshot view of one aspect of security are gone. Combining vulnerability information with attack protection details provides organizations with documented, actionable data and processes that can be used for auditing and tracking to demonstrate compliance.

“More than ever, collaboration between security vendors is paramount to tackling the threat landscape ahead of us as no one vendor can do it all,” said Philippe Courtot, chairman and CEO at Qualys. “We are delighted to partner with TippingPoint, a leading IPS vendor, to tightly couple vulnerability management with intrusion prevention thus bringing to market a joint solution that helps our customers become more effective in defending against cyber attacks and expedite their compliance initiatives at a cost they can afford.”

About TippingPoint and 3Com

TippingPoint is the enterprise security brandof 3Com Corporation (NASDAQ: COMS), a $1.3 billion global enterprise networkingsolutions provider that sets a new price/performance standard for customers.3Com has three global brands—H3C, 3Com, and TippingPoint—that offer high-performancenetworking and security solutions to enterprises large and small. The H3C^®enterprise networking portfolio—a market leader in China—includes products thatspan from the data center to the edge of the network, while TippingPoint is aleading global provider of comprehensive network security solutions thataddress the security and regulatory compliance needs of complex networkenvironments for enterprises, government agencies, service providers andacademic institutions to deliver in-depth, no-compromise application, infrastructureand performance protection. For moreinformation on TippingPoint, please visit www.tippingpoint.com, or the press center at www.tippingpoint.com/press

About Qualys

Qualys, Inc. is the leading provider of on demand IT security, risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 4,000 organizations in 85 countries, including 40 of the Fortune Global 100 and performs more than 200 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters
Contact: pr@qualys.com

Media Contact:
Tami Casey
Qualys
media@qualys.com