QualysGuard 4.5 Implements New Industry Standards Support for Vulnerability Scoring, Asset Classification, Trusted Scanning and Remediation Workflow Enhancements
InfoSecurity Conference, New York — December 7, 2005 — Qualys Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced QualysGuard® 4.5 to help organizations better identify vulnerabilities, prioritize remediation and benchmark efforts against industry standards. The new version of QualysGuard supports the CVSS and OVAL industry standard initiatives. Additional features include dynamic host management, advanced asset classification features, trusted scanning enhancements, and advanced remediation workflow capabilities, making it easier for organizations to customize vulnerability management to their network environment.
“The process of measuring risk and reducing security vulnerability is unique to every organization; however, standards within the industry can give security administrators a way to compare their network environment to agreed-upon benchmarks, “said Gavin Reid, FIRST’s CVSS project manager and a member of Cisco’s Computer Security Incident Response Team. “With support for key industry standards including the Common Vulnerability Scoring System (CVSS), Qualys is helping drive the standardization and simplification of security processes for organizations.”
“As one of the first vulnerability management providers to ship support for the OVAL standard, Qualys continues to show its commitment to helping organizations better understand the vulnerabilities they face,” said Robert A. Martin, lead for The MITRE Corporation’s OVAL Compatibility effort. “The Open Vulnerability and Assessment Language (OVAL) is designed to provide a standard language and baseline for describing the checks used to determine the presence of vulnerabilities and configuration issues on computer systems. This vision continues to expand as more companies incorporate OVAL support in their products and services.”
QualysGuard 4.5 is the first vulnerability management solution to provide support for the CVSS and OVAL industry standards, two critical benchmarks in measuring the severity of vulnerabilities and outlining the process for finding vulnerabilities. The Common Vulnerability Scoring System (CVSS) provides universal severity ratings for security vulnerabilities. It gives security professionals, business executives and end users across industries a standard language for measuring vulnerability severity and prioritizing responses. CVSS was designed by a team of industry-leading companies, including Qualys, in support of the U.S. National Infrastructure Advisory Council (NIAC). With QualysGuard 4.5, organizations can easily view the CVSS severity rating of vulnerabilities that affect asset groups or hosts within their network environment.
The Open Vulnerability and Assessment Language (OVAL) offers an industry standard for identifying vulnerabilities and configuration issues on computer systems. Until OVAL there was no common or structured means for system administrators and other end users to determine the existence of vulnerabilities, configuration issues, and/or patches in local systems. OVAL standardizes the three main steps of the process: collecting system characteristics and configuration information from systems for testing; testing the systems for the presence of specific vulnerabilities, configuration issues, and/or patches; and presenting the results of the tests. With OVAL support in QualysGuard 4.5, organizations can create customized vulnerability scans to meet their security needs.
“The ability to quickly identify, prioritize and remediate vulnerabilities is essential to ensuring systems are protected against attacks. By standardizing these processes, organizations can better ensure network security and policy compliance,” said Philippe Courtot, chairman and CEO of Qualys, Inc. “With its on demand platform, Qualys can quickly and easily integrate support for initiatives like CVSS and OVAL on a global level without requiring users to deploy software or resources.”
QualysGuard 4.5 also includes new features to help organizations better customize their vulnerability management processes for their unique environment. New features include:
QualysGuard 4.5 is generally available now. The QualysGuard platform is automatically updated with all new product additions for current customers.
Qualys brings the speed, accuracy and cost-effectiveness of the software-as-a-service model to enterprise security. It’s QualysGuard on demand vulnerability management and policy compliance service enables organizations to assess and manage business risk. QualysGuard gives users an automated way to map global assets, identify vulnerabilities on their networks, prioritize remediation according to business risk, and ensure regulatory compliance—with no infrastructure to deploy or manage.
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.