Cloud Platform
Contact us

Qualys Unveils New Add-on to Vulnerability Management to Help Customers Automate Security Configuration Assessment (SCA)

New add-on provides organizations the ability to assess, report and remediate security-related configuration issues leveraging latest CIS security benchmarks

NATIONAL HARBOR, Md., – Gartner Security and Risk Management Summit, Booth #609 – June 12, 2017 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced Security Configuration Assessment (SCA), a new add-on for Vulnerability Management (VM) that provides customers cloud-based tools to automate configuration assessment of global IT assets using the latest out-of-the-box Center for Internet Security (CIS) benchmarks.

Qualys will showcase this new solution during the 2017 Gartner Security and Risk Summit at booth #609.

Configuration issues are a major source of breaches, and basic hardening of all systems — whether on-premise or in the cloud — is required to protect today’s complex environments. To help customers with this challenge, Qualys is introducing SCA for automated configuration assessment of large and small IT environments. SCA provides benchmark-based guidance and simplified workflows for scanning and reporting, eliminating the cost, resource and deployment issues associated with traditional configuration management software point products. Leveraging the Qualys Cloud Platform, SCA enables more customers to better safeguard global endpoints, on-premise and cloud assets against today’s evolving cyber threats.

“In the era of plug and play, rapid application development, one-click installations, and pressing business deadlines, systems are often put into production with default settings and without hardening,” according to Gartner. “In such cases, readily available and approved baseline configuration standards can be used prior to deployment to ensure and maintain a standard and consistent configuration throughout the enterprise. This will not only help to achieve a better security posture, but also increased compliance and business effectiveness and efficiency.” [1]

“Recent global cyber-attacks have served as a reminder that companies must take a proactive stance in securing the infrastructure and operations underpinning their digital transformation,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Qualys SCA helps customers automate the security best practices behind leading benchmarks, and integrate them with DevSecOps for a more proactive approach towards securing today’s digital business.”

Qualys SCA offers:

Broad Coverage: Qualys’ SCA add-on offers leading CIS benchmark coverage with support for the latest CIS benchmark releases of operating systems, databases, applications and network devices.

Accountability for Controls: Qualys SCA controls are developed and validated in-house by Qualys security experts and certified by CIS. The controls are optimized for performance, scalability, and accuracy.

Ease of Use: SCA provides CIS assessment via a web-based user Interface and delivered via the Qualys Cloud Platform, enabling centralized management with minimal deployment overhead. CIS controls can be selected and customized per an organization’s security policies.

Remote Scanning and Auto-discovery of Instances: SCA uses the same data collection technologies as Qualys Policy Compliance and VM, allowing for agent or agentless data collection.

Reports and Dashboards: SCA users can schedule assessments, automatically create downloadable reports of configuration issues, and view dashboards for improving their security posture.

Availability and Pricing

SCA will be generally available starting July 2017 as an add-on to VM, and annual subscriptions are priced on a cost-per-IP basis.

Additional Resources:

About Qualys

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.


[1] Gartner, Best Practices for Secure Policy Configuration Assessment, Oliver Rochford and Prateek Bhajanka, October 2016

Media Contact:
Tami Casey