Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Free Vulnerability Scan Now Available for New SANS Top-20

London, UK — October 8, 2004 — Qualys, Inc., the leading provider of on demand vulnerability management solutions, today released a free network scanning service to help companies find and eliminate the vulnerabilities announced today in the new SANS Top-20 list. Updated annually, the SANS Top-20 defines the 20 most serious security exposures identified by experts from around the world and provides organizations with clear guidance on the core threats to their networks. Qualys’ free service for the SANS Top-20 is available immediately at

“The amount of information about security threats and vulnerabilities in our industry has grown to the point where it has become virtually unusable due to the sheer volume,” said Howard A. Schmidt, former White House cyber security advisor and Qualys board member. “The SANS Top-20 gives organizations around the world a head start in identifying and prioritizing the most critical security vulnerabilities, and Qualys free scan provides the tools to find and fix them.”

The SANS Top-20 list was announced today at a gathering of international security experts in London. The Top-20 is compiled every year as the result of analysis conducted by security researchers around the world. It reflects the experience and expertise of its sponsoring organizations, which this year includes independent institutions such as the GCHQ (Government Communications Headquarters), CSIA (Central Sponsor for Information Assurance), NISCC (National Infrastructure Security Co-ordination Centre) and the SANS Institute, as well as leading security experts from Microsoft, Symantec, ISS, Qualys and others. The SANS Top-20 announcement and list can be found at

Gerhard Eschelbeck, chief technology officer of Qualys and author of the “Laws of Vulnerabilities,” along with other experts in the community, provided contributions to the development of the SANS Top-20 list.

“The SANS Top-20 has become the industry standard for prioritizing the most critical security vulnerabilities impacting our networks. For every organization, identifying and addressing these vulnerabilities should be a first step in managing their security risk,” said Eschelbeck, who participated in the SANS event. “We applaud the industry-wide participation in this annual initiative. Qualys is pleased to contribute to the development of the Top-20 list and to offer a complimentary service that allows all organizations to immediately scan their networks for the Top-20 vulnerabilities.”

In addition to providing a free scan, Qualys has updated its QualysGuard® vulnerability management service to detect the SANS Top-20. Qualys’ on demand model provides customers with immediate vulnerability updates, such as the Top-20 listing, without the need for additional hardware or software infrastructure. Organizations can customize scanning and reporting to determine if they have been impacted by any of the Top-20 vulnerabilities and quickly remediate these critical threats.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey