Cloud Platform
Cloud platform apps

Qualys scanning accuracy.

3 billion+ scans per year
99.99966%+ Six Sigma accuracy

Why accuracy is important

Vulnerability scanning helps you discover hidden systems and identify vulnerabilities before attackers do. The accuracy of these scans determines how well the results can be used your IT teams to find and fix your highest-priority security and compliance issues.

Accurate results

  • Enhance the productivity of IT teams.
  • Protect organizations by closing the window of opportunity for attackers.
  • Validate that IT teams have successfully found and eliminated the highest-risk vulnerabilities.

Inaccurate results

  • Waste resources chasing inaccurate reports.
  • Leave organizations exposed to missed vulnerabilities.
  • Misrepresent the true security of the organization.

The Qualys Cloud Platform has performed more than 3 billion scans in the past year. Its vulnerability scans, the most difficult type of scan, consistently exceed Six Sigma 99.99966% accuracy, the industry standard for high quality. This level of accuracy creates a foundation for strong security and reliable compliance that enables you to efficiently zero in on potential risks before you get attacked.

We identified false positives in every scanner but Qualys. Networkworld

The Six Sigma technique is well-suited to improving the quality of vulnerability scanning. This sophisticated, multi-step process requires commitment across the entire organization to achieve the desired results. Comparing quality levels over time against the volume of scans conducted shows whether a vulnerability management system can be relied upon even as its usage grows.

In the twelve months ending in December 2017, the Qualys Cloud Platform performed over 3 billion security and compliance scans, while keeping defect levels low:

Qualys Scanning Accuracy Chart

Qualys exceeds six-sigma accuracy by combining Cloud technology with finely-tuned business processes to anticipate and avoid problems at each stage in the vulnerability scanning process:

Potential problem

How Qualys
prevents the problem

Scanners improperly provisioned

Vulnerability scanners are complex combinations of software, databases, and networking technology that need to work seamlessly together.

Qualys is a pure Cloud-based platform that is heavily optimized for use with complex networks. It is professionally administered 24x7x365 in data centers around the world and requires no purchases, setup or maintenance of servers, databases or software by customers.

Devices not scanned realistically

Scanning Internet-facing systems from inside a corporate network can present an inaccurate view of what attackers will encounter.

Qualys combines Internet-based scans for external perimeter devices with internal scans from remotely-managed scanning appliances to provide a seamless view of your systems — on the Internet, in your corporate network, or in the Cloud.

Device crashes

Some devices have hardware or operating systems that are sensitive to scanning and can fail when pushed beyond their limits.

Qualys automatically adjusts its scans according to how devices react to avoid overloading them.

Device OSes misidentified

Devices with unusual configurations (esp. hardened appliances) can be tricky to identify correctly.

Qualys has spent more than 10 years tuning its recognition algorithms and is constantly updating them to handle new devices and OS versions.

Service crashes on devices

Sometimes a network service on a device may stop functioning after a scan even if the device itself keeps running.

Qualys tailors each scan to the OS that is detected and dynamically adjusts the intensity of scanning to avoid overloading services on the device.

False negatives

Scanners that aren’t kept up-to-date can miss potential risks.

Qualys continually updates its KnowledgeBase of vulnerability definitions to address new and evolving threats. All customers swiftly benefit from new vulnerabilities found anywhere in the world.

False positives

Scanners that aren’t tuned properly or that have inaccurate vulnerability definitions may flag issues that aren’t true risks.

Qualys automatically tests all vulnerability definitions before they’re deployed, as well as while they’re active, to verify that definitions are up-to-date. In addition, Qualys enables users to flag vulnerability definitions they think need adjusting. Such requests are immediately investigated by Qualys’ worldwide team of engineers and are typically resolved in less than 72 hours — often even within the same day.

The bottom line

Qualys goes beyond simply identifying vulnerabilities; it also helps you download the particular vendor fixes and updates needed to address each vulnerability. This patch-centric approach helps you prioritize which problems to address first and frees you from having to weed through long, repetitive lists of issues.

The impact of Qualys' Six Sigma accuracy is directly reflected in the low rate of issues that get submitted to Qualys Customer Support. The number of scans that are free of defects remain well above Six Sigma levels.

Six Sigma Chart

With Qualys' high accuracy, your IT, security and compliance teams can efficiently focus their efforts on reducing risk, not just finding it. That’s what true Vulnerability Management is all about.

See for yourself. Try Qualys for free.

Start your free trial today. No software to download or install. Contact us or call us at +1 800 745 4355.