Qualys and RSA Expand IT-GRC Collaboration

Redwood City, Calif., - May 5, 2010 - Qualys®, Inc., a leading provider of on demand IT security risk and compliance management solutions, and RSA, The Security Division of EMC (NYSE: EMC), today expanded their technology collaboration to make QualysGuard® vulnerability management and IT policy compliance data available to RSA’s client base.

The integration of QualysGuard Policy Compliance with RSA’s Archer GRC Framework is designed to allow organizations to automatically import comprehensive policy compliance scan information and report on misconfigurations identified on their global assets in a single view. They can then assign ownership to individual issues, track remediation efforts or accept the associated business risk.

• Quickly report on misconfigurations affecting business-critical assets
• Measure technical control effectiveness to corporate security policies
• Map security issues to business applications and roll-up risks across their enterprise
• Access centralized compliance reporting in one central location

This pre-built integration is available on RSA’s Archer Exchange, an online marketplace supporting enterprise governance, risk and compliance (GRC) initiatives. Companies can download the QualysGuard Policy Compliance integration package and import it into RSA’s Archer GRC Framework with no services or development resources needed.

“IT organizations are constantly challenged with expanding regulatory requirements, changing threats, and shrinking or static security budgets,” said Philippe Courtot, chairman and CEO of Qualys. “We are pleased to expand our integration with RSA’s Archer GRC Framework to offer customers a scalable and cost effective solution to assess risk and collect IT compliance data for all systems within their networks at a cost they can afford. The joint solution helps our customers make informed decisions based on IT risk management.”

According to recent Gartner research,* “By facilitating the mapping of controls to specific IT resources, and by automating the collection and reporting of information on the degree to which those controls are being performed, IT GRCM can be used to improve an organization’s external audit posture, reduce compliance reporting costs and improve an organization’s capability to address IT risks.”

QualysGuard Policy Compliance allows security managers to collect compliance information from hosts and systems on a global scale. It extends the global scanning capabilities of QualysGuard Vulnerability Management to collect operating system configuration and application access controls from hosts and other assets within the enterprise, and maps this information to user-defined policies in order to accurately document compliance with security regulations and business mandates.

“Through the integration of QualysGuard with the RSA’s Archer GRC Framework, our customers will be able to expand their view of vulnerability and compliance issues, making it possible to proactively address potential and existing organizational compromises and expedite compliance reporting,” said Jon Darbyshire, Archer General Manager for RSA, The Security Division of EMC.

For more information on the QualysGuard integration package on RSA’s Archer Exchange, visit https://exchange.archer-tech.com/offering/5451.aspx.

*Source: Gartner Research “Critical Capabilities for IT Governance, Risk and Compliance Management”, April 16, 2009 by Mark Nicolett and Paul Proctor.

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk andcompliance management solutions – delivered as a service. Qualys’Software-as-a-Service solutions are deployed in a matter of hours anywhere inthe world, providing customers an immediate and continuous view of theirsecurity and compliance postures.

The QualysGuard® service is used today by more than 4,000 organizations in 85countries, including 42 of the Fortune Global 100 and performs more than 500million IP audits per year. Qualys has the largest vulnerability managementdeployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters
Contact: pr@qualys.com

Media Contact:
Tami Casey
Qualys
media@qualys.com