Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Launches Top 4 Security Controls Cloud Service in Collaboration with the SANS Institute and the Council on CyberSecurity

Free Service Helps Organizations Prevent Up to 85% of Cyber Attacks

SAN FRANCISCO, Calif. – RSA Conference USA 2014 Booth #2821, February 26, 2014 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud security and compliance solutions, today announced that it has collaborated with the SANS Institute and the Council on CyberSecurity to release a new free service to help organizations implement the Top 4 Critical Security Controls to fend off attacks. The new service, available at, helps organizations quickly determine if the PCs in their environments have properly implemented the Top 4 Critical Security Controls, which the Council on CyberSecurity estimates can help companies prevent 85% of cyber-attacks.

Qualys will unveil this free service with representatives from the SANS Institute and the Council on Cyber Security at the RSA Conference Booth #2821 today at 11:30 am PT.

“The Qualys Top 4 service is an extremely elegant and effective solution that helps both small and large businesses determine how resilient they are to today’s advanced threats,” said Jonathan Trull, CISO for the State of Colorado. “This is exactly the type of public-private partnership our country needs to address the cyber attacks threatening our economy and critical infrastructure.”

“This is the first time that a major security vendor has implemented a scoring and reporting algorithm that allows organizations to compare themselves with peers,” said Alan Paller, director of research for the SANS Institute. “Scoring like this is the only technique I have ever seen that causes organizations to implement the changes that lead to effective security.”

Built on the QualysGuard Cloud Platform, the new Top 4 cloud service helps businesses easily and quickly identify whether Windows PCs in their environments have implemented the Top 4 controls for:

  1. Application Whitelisting – only allowing approved software to run
  2. Application Patching – keeping applications, plug-ins and other software up to date
  3. OS Patching – keeping operating systems current with the latest fixes
  4. Minimizing Administrative Privileges – preventing malicious software from making silent changes

IT Administrators can then use the reports from the free service to track endpoints that are not in compliance and apply the necessary measures to make them more resilient to attacks.

“The strength of the Security Controls is that they reflect the combined knowledge of actual attacks and effective defenses from experts that have extensive knowledge about current threats,” said Philippe Courtot, chairman and CEO of Qualys. “We built this cloud service in collaboration with the SANS Institute and the Council of CyberSecurity to help organizations ensure that these controls are in place and as a result identify the PCs in their environments that require immediate attention.”

The new free service is available at The Top 4 controls will also be added to the QualysGuard Cloud Platform and made available to all customers at no additional charge.

About QualysGuard Cloud Platform
The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions help provide organizations of all sizes with a global view of their security and compliance posture, while reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enables customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 6,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the CloudSecurityAlliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey