Qualys Delivers First Integrated SaaS Solution for Security and Compliance

RSA Conference (Booth # 1738) - April 7, 2008 - Qualys, Inc. today introduced the QualysGuard® Security and Compliance Suite, a suite of SaaS products aimed at helping global organizations to better manage the operational challenges and costs associated with securing their IT infrastructure, and complying with the ever increasing set of regulations. Qualys is unveiling this converged offering at the RSA Conference this week, and will be demonstrating the company’s new on demand policy compliance application, QualysGuard Policy Compliance 1.0, at booth # 1738.

“Gathering IT security and configuration data for compliance purposes is a daunting task and quite expensive for a distributed organization like ours,” said Victor Hsiang, Director of Security Architecture at TransUnion. “QualysGuard enables us to collect security and compliance information from all of our global IT assets without having to deploy agents and to leverage this data across multiple compliance and regulatory initiatives. This enables us to drastically reduce the cost of compliance reporting while gaining an accurate view of our security and compliance posture.”

“A basic responsibility of the IT security organization is to protect the business from internal and external threats. Moreover, the IT security organization is also under pressure to help the business satisfy the business requirements and complying with the demands of internal and external auditors for multiple regulations. Auditors want to see: policies that describe how an organization will provide security and integrity; proof that the policies have been operationalized; and evidence that the organization can discover and fix policy compliance lapses,” said Mark Nicolett, vice president, distinguished analyst, Gartner, Inc . “An effective vulnerability management and compliance program can make an organization more efficient in reducing the risk of internal and external threats, while, at the same time, provide proof of compliance demanded by auditors.”

The QualysGuard Security and Compliance Suite is comprised of the following products, all of which are delivered as a service with no new software to deploy or infrastructure to maintain:

• QualysGuard Policy Compliance 1.0—Qualys’ new SaaS compliance solution helps organizations pass audits and document compliance tied to corporate security policies, laws and regulations, enabling them to satisfy the requirements of internal and external auditors. Additional Policy Compliance features and customer benefits include:
  • Simplified Compliance Management—Customers can set automated compliance scans with controls based on CIS and NIST standards, while mapping to major industry regulations, including COBIT, ISO, NIST, Sarbanes-Oxley, HIPAA, GLBA, Basel II and others.
  • Automated Compliance Reporting—Security and business managers can map compliance to policy by asset group or by host, allowing them to meet the reporting requirements of individual internal policy or regulation. They also can create and manage exceptions based on a new workflow and enterprise role—Auditor.
  • Seamless Integration—Policy Compliance 1.0 integrates seamlessly with QualysGuard Vulnerability Management, leveraging the same safe, reliable and secure SaaS infrastructure relied upon by more than 3,400 organizations worldwide.
• QualysGuard Vulnerability Management—Qualys’ full lifecycle solution for discovering all devices and applications across the network, while identifying and mitigating vulnerabilities that make network attacks possible.
• QualysGuard PCI Compliance— Qualys’ PCI compliance application dramatically streamlines the PCI compliance process. QualysGuard PCI provides small and medium-sized businesses with enterprise-level scanning and reporting, while enabling large corporations to facilitate PCI compliance on a global scale.

“Addressing the security and compliance posture of a global IT infrastructure is harder than ever due to emerging threats, new and ever-changing regulations and the expanding geographic distribution of offices, partners, people and IT assets,” said Philippe Courtot, CEO and chairman, of Qualys. “IT security and policy compliance management delivered together as a service answers all of these challenges by providing accurate, actionable and on demand information to the right audience, at the right time, anywhere in the world. Thousands of end-user organizations around the globe made an early commitment to the SaaS model because they were visionaries in recognizing how their businesses and the regulatory environments in which they operate were changing.”

Pricing & Availability

The QualysGuard Security and Compliance Suite comes in two editions:

1. Enterprise Edition ideal for large, distributed organizations. Annual subscriptions start at $25,000, which includes unlimited vulnerability and compliance scans in multiple locations, unlimited number of users, enterprise and scorecard reports and 24x7 customer support.
2. Express Edition ideal for small to medium-sized organizations. Annual subscriptions start at $2,500, which includes unlimited vulnerability and compliance scans and 24x7 customer support.

QualysGuard Policy Compliance is available to all US customers on April 22nd, 2008 and EMEA customer on May 22nd, 2008. QualysGuard Vulnerability Management and QualysGuard PCI are currently available and already in use by 3,400 active subscribers around the world. QualysGuard is deployed at 35 of the Fortune 100, and more than 240 of the Forbes Global 2000.

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions. Qualys is the only security company that delivers these solutions through a single Software-as-a-Service platform. QualysGuard® allows organizations to strengthen the security of their networks and conduct automated security audits to ensure compliance with policies and regulations. As a scalable and open platform, QualysGuard enables partners to broaden their managed security offerings and expand their consulting services. Qualys’ on demand solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate view of their security and compliance posture. QualysGuard is the most widely deployed security on demand solution in the world, performing over 150 million IP audits per year. For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters
Contact: pr@qualys.com

Media Contact:
Tami Casey
Qualys
media@qualys.com