The QualysGuard Cloud Platform
A Unified View of Your Security and Compliance
The QualysGuard Cloud Platform and integrated suite of solutions enable organizations to simplify the process and reduce the cost of securing their IT assets and achieving compliance with internal policies and external regulations.
Qualys’ solutions help organizations with globally distributed data centers and IT infrastructures to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritize vulnerabilities, recommend remediation actions and verify the implementation of such actions.
By deploying our solutions, organizations can gain actionable security intelligence into potential vulnerabilities and malware in their IT infrastructure and enable their compliance with internal policies and external regulations.
The QualysGuard suite of solutions are used today by more than 6,700 organizations in over 100 countries, including a majority of the Forbes Global 100, and perform more than 1 billion IP audits per year.
Delivered as a multi-tenant cloud platform,the QualysGuard integrated suite of solutions incorporates Qualys’ industry leading vulnerability management service, with a robust IT compliance solution, comprehensive web application scanning and malware detection services; and coming soon a web application firewall (WAF) for automated protection of web sites.
The QualysGuard Cloud Platform consists of a suite of IT security and compliance solutions that leverage shared and extensible core services and a highly scalable multi-tenant cloud infrastructure.
Our infrastructure layer, which we refer to as our Infrastructure, includes the data, data processing capabilities, software and hardware infrastructure and infrastructure management capabilities that provide the foundation for our cloud platform and allow us to automatically scale our Infrastructure and Core Services to scan millions of IPs.
Scalable Capacity.We have designed a modular and scalable infrastructure that leverages virtualization and cloud technologies. This allows our operations team to dynamically allocate additional capacity on-demand across our entire QualysGuard Cloud Platform to address the growth and scalability of our solutions.
Big Data Indexing and Storage.Built on top of our secure data storage model, this engine indexes petabytes of data and uses this information in real-time to execute tags or rules to dynamically update IT assets’ properties, which are used in various workflows for scanning, reporting and remediation.
QualysGuard KnowledgeBase.QualysGuard relies on our comprehensive repository, which we refer to as our KnowledgeBase, of known vulnerabilities and compliance controls for a wide range of devices, technologies and applications that powers our security and compliance scanning technology. We update our KnowledgeBase daily with signatures for new vulnerabilities, control checks, validated fixes and improvements.
Managed Scanner Appliances.As part of our cloud platform, we host and operate a large number of globally distributed physical scanner appliances that our customers use to scan their externally facing systems and web applications. To scan internal IT assets, customers can also deploy our scanners, which are available on a subscription basis as physical appliances or downloadable virtual images, within their internal networks. Our scanner appliances self-update daily in a transparent manner using our automated and proprietary scan management technology. These scanner appliances allow us to scale our cloud platform to scan networked devices and web applications across organizations’ networks around the world.
Our Core Services enable integrated workflows, management and real-time analysis and reporting across all of our IT security and compliance solutions.
Asset Tagging and Management.Enables customers to easily identify, categorize and manage large numbers of assets in highly dynamic IT environments and automates the process of inventory management and hierarchical organization of IT assets.
Reporting and Dashboards.A highly configurable reporting engine that provides customers with reports and dashboards based on their roles and access privileges.
Questionnaires and Collaboration.A configurable workflow engine that enables customers to easily build questionnaires and capture existing business processes and workflows to evaluate controls and gather evidence to validate and document compliance.
Remediation and Workflow.An integrated workflow engine that allows customers to automatically generate helpdesk tickets for remediation and to manage compliance exceptions based on customer-defined policies, enabling subsequent review, commentary, tracking and escalation. This engine automatically distributes remediation tasks to IT administrators upon scan completion, tracks remediation progress and closes open tickets once patches are applied and remediation is verified in subsequent scans.
Big Data Correlation and Analytics Engine.Provides capabilities for indexing, searching and correlating large amounts of security and compliance data with other security incidents and third-party security intelligence data. Embedded workflows enable customers to quickly assess risk and access information for remediation, incident analysis and forensic investigations.
Alerts and Notifications.Creates email notifications to alert customers of new vulnerabilities, malware infections, scan completion, open trouble tickets and system updates.
The QualysGuard Security and Compliance Suite - built on Qualys' cloud platform - incorporates the following solutions, all of which are delivered as a service; there is no new software to deploy or infrastructure to maintain. Users can subscribe to one or more of solutions based on their initial needs and expand their subscriptions over time to new areas within their organization or to additional QualysGuard solutions.
Discovers all devices and applications across the network, at the same time identifying and mitigating the vulnerabilities that make network attacks possible.
Delivers immediate alerts whenever threats or unexpected changes are found in an organization’s Internet perimeter – before they turn into breaches. Catches unexpected hosts, expiring SSL certificates, open ports, severe vulnerabilities, and undesired applications. Helps IT identify the highest-priority issues to enable fast and efficient mitigation and remediation.
Helps organizations pass security audits and document compliance tied to corporate security policies, laws, and industry regulations, supporting the requirements of both internal and external auditors.
Centralizes and automates the gathering of risk data and compliance evidence from employees, partners, vendors and other subject matter experts. It frees organizations from manual, labor-intensive approaches (such as email and spreadsheets) so that all phases of their assessment programs can be managed efficiently and reliably online.
Provides small and medium-sized businesses with enterprise-level scanning and reporting that’s easy to implement and maintain, and enabling large corporations to meet PCI compliance requirements for data protection on a global scale.
Provides automated crawling and testing for custom web applications to identify vulnerabilities including for cross-site scripting and SQL injection. The automated service enables regular testing that produces consistent results, reduces false positives, and easily scales to secure large numbers of Web sites.
Protects web sites against attacks on server vulnerabilities and web app defects. Brings Cloud scalability and simplicity that make it possible to strongly secure web apps against Cross-Site Scripting (XSS), SQL injection, corrupted requests and other attacks in less than 30 minutes. Complements QualysGuard WAS to make identifying and mitigating attacks seamless.
Is a free service that proactively scans web sites of any size, anywhere in the world, for malware infections and other threats, sending alerts to web site owners. The enterprise edition with advanced reporting and notification options enables businesses to scan and manage a large number of sites, preventing web site black listing and brand reputation damage.
Enables online businesses of all sizes to scan their web sites for the presence of malware, network and application vulnerabilities, as well as SSL certificate validation. Once a web site passes all four security scans, the service generates a Qualys SECURE seal for the merchant to display on their web site, demonstrating to visitors that the company is committed to security.