Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

MetricStream and Qualys Partnership Brings Actionable Security and Risk Intelligence to IT-GRC

Integration partnership enables corporations to continuously take full inventory of their IT assets, and proactively address security vulnerabilities, ensuring compliance, and mitigating risks

Palo Alto, Calif. - January 4, 2012 - MetricStream, Inc., the market leader in enterprise-wide Governance, Risk and Compliance (GRC) solutions, and Qualys, Inc., the leading provider of Software-as-a-Service (SaaS) IT security, risk and compliance management solutions, today announced the integration of MetricStream IT-GRC Solution with QualysGuard® Vulnerability Management (VM). The joint solution provides a single robust framework to automatically monitor and capture all asset and network vulnerabilities, and route them through a systematic process of investigation and remediation. This integration enables customers to quickly identify and report on the vulnerabilities affecting business critical assets, map security issues to business applications, and aggregate and rollup risk information across their enterprise for proactive mitigation.

Many compliance regulations today lay out requirements for IT security and business risks. This has led to a greater convergence between the disciplines of IT security and IT-GRC. The joint solution addresses this convergence, providing an integrated and efficient approach to managing IT risks. QualysGuard VM locates and identifies network devices and applications, scans those devices and applications to detect vulnerabilities, and provides detailed information on the nature of those vulnerabilities. MetricStream IT-GRC solution imports this data in real time, and initiates immediate remedial action by assigning investigative responsibilities to the appropriate personnel. Automatic alerts ensure that action plans are carried out to closure, while advanced dashboards and reports provide in-depth visibility into the status of each case, enabling real-time tracking and trend analysis.

The joint solution also strengthens the “bottom-up” approach to IT-GRC. According to Mark Nicolett and Paul E. Proctor in Gartner’s ‘MarketScope for IT Governance, Risk and Compliance Management (ITGRCM),’ report, 2011, “A bottom-up approach implies greater detail in IT controls for an IT-centric audience. Many organizations use IT GRCM to organize their vulnerability scan, patch and configuration control data.”

“Companies must keep up with rapidly changing regulatory requirements, while protecting data and assets against the latest security threats,” said Philippe Courtot, chairman and CEO of Qualys. “The integrated MetricStream and QualysGuard solution gives management the visibility required to effectively manage security risks, and ensure compliance.”

The integrated solution provides a centralized and scalable framework to efficiently manage IT network vulnerabilities across departments, business units and locations. With the joint system, IT security managers will be able to accelerate the identification and remediation of network exposures, and proactively eliminate vulnerabilities before they are abused.

“IT security managers are under enormous pressure to protect IT assets – a task that becomes more challenging as networks grow more complex, and security threats become more sophisticated,” says Vidya Phalke, CTO at MetricStream. “The use of virtualized infrastructure is rising, smart phones and tablets are proliferating, reliance on managed IT services is increasing, and business managers are independently driving the adoption of cloud applications. These trends are introducing a whole new class of risks and threats that enterprises need to deal with. Our partnership with Qualys will strengthen organizations’ ability to tackle these security risks and compliance challenges.”

The MetricStream solution has been integrated with QualysGuard VM through MetricStream’s intelligent connectors or Infolets which also enable seamless integration with SIEM, Log Management, Problem Management, Operations and Asset Management systems. MetricStream GRC Platform is empowering customers to facilitate a holistic and sustainable top-down, risk driven intelligence by integrating Business, Security and IT-GRC on a common architecture.

About Qualys

Qualys, Inc. is the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions. Qualys solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 5,000 organizations in 85countries, including 50 of the Fortune 100, and performs more than 500 millionIP audits per year. Qualys has the largest vulnerability management deploymentin the world at a leading global company, and has been recognized by leadingindustry analysts for its market leadership. Qualys was recently named BestSecurity Company in the Excellence Awards category of the 2011 SC Awards U.S.

Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is a founding member of the Cloud Security Alliance (CSA).

For more information, please visit

About MetricStream
MetricStream is a market leader in Enterprise-wide Governance, Risk, Compliance (GRC) and Quality Management Solutions for global corporations. MetricStream solutions are used by leading corporations such as Pfizer, Philips, NASDAQ, UBS, SanDisk, Fairchild Semiconductor, Constellation Energy and Cummins in diverse industries such as Healthcare, Pharmaceuticals, Medical Devices, Automotive, Food, High Tech Manufacturing, Energy and Financial Services to manage their quality processes, regulatory and industry-mandated compliance and corporate governance initiatives, as well as by over a million compliance professionals worldwide via the portal. MetricStream is headquartered in Palo Alto, California and can be reached at

About Gartner’s MarketScope
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters

Media Contact:
Tami Casey