New Research From Qualys Underscores the Importance of Regular Scanning to Expedite Compliance

Data Collected from More Than 5 Million Scans on Over 53 Million Hosts Across 12,000 Checks Over a Period of 12 Months

REDWOOD CITY, Calif., April 23, 2013 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance management solutions, today announced that it analyzed QualysGuard Policy Compliance (PC) data from more than five million scans performed by organizations worldwide to help enterprises understand key trends as they plan their compliance strategies. Information from this research will aid organizations in their compliance project planning, i.e. the most used controls, the pass/fail ratio for key controls and how often the controls are checked, so they can stay abreast of key trends and best practices in compliance.

As regulatory compliance pressure mounts and the trend towards continuous monitoring increases, enterprise security teams are adapting and are using solutions like QualysGuard PC to automate General Computer Controls (GCC) to adopt a broad and proactive auditing approach. The use of such solutions provides enterprises with the ability to move from a sampling, point in time approach to 100% coverage with near real-time results while reducing costs.

Key data and trends from this data include:

  • A large number of devices scanned – more than half of the scan target – are out of support. Companies are depending on a large number of computer technologies, especially operating systems that are no longer supported by their manufacturers through standard support. Examples include Windows 2000, Windows 2003, Windows XP, RHEL, AIX 5, Solaris 8 and Solaris 9. Windows 2003 Server and Windows XP account for the vast majority of technologies under extended support, which will end in July 2015 and April 2014, respectively.
  • Newer computer technologies have a higher rate of passing compliance, confirming the general trend of higher security for newer technologies also on the compliance side.
  • Companies with more frequent compliance scans have a higher rate of passing scans. This trend confirms recent findings in the area of Continuous Monitoring, where organizations that monitor more frequently also show accelerated improvements.
  • Passwords are high on controls lists. Thirteen out of the top 20 controls are password-related. At the same time, top failing controls are password related

Compliance by Vendor Compliance by Technology

“This data from over five million scans released by Qualys provides a glimpse into the state of policy compliance across companies worldwide, highlighting some simple ways that organizations can improve their security efforts,” said Scott Crawford, research director for EMA. “For example, the data highlights the need to establish processes for managing key controls such as settings for accounts, passwords, audits and databases. It also shows how regular, automated scans can highlight where and how organizations can more efficiently target remediation, attain compliance objectives and lower their IT security risk.”

About QualysGuard Policy Compliance

QualysGuard Policy Compliance, or QualysGuard PC, allows customers to analyze and collect configuration and access control information from their networked devices and web applications and automatically maps this information to internal policies and external regulations in order to document compliance. QualysGuard PC is fully automated and helps reduce customers’ cost of compliance without requiring the use of software agents. For more information, visit https://www.qualys.com/pc.

About Qualys

Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and

consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com