Make your assessments fast, accurate, and hassle-free through the power of the Cloud.Free Trial >
Nothing to install or download!
Perform scans accurately, with a low, predictable TCO. Free yourself from installing software, syncing databases,
or wading through lists of issues
you’ve already dealt with.
Remotely monitor clients’ networks, web apps and system configurations for vulnerabilities and compliance with required policies. Collaborate with colleagues without juggling databases.Free Trial
Discover forgotten or rogue apps and test apps anywhere – in development, QA or production.Free Trial
Use the industry's leading cloud-based security and compliance solutions. Add your own branding and analysis to reports that you can customize to your clients' specific needs.Free Trial
“It's great to be able to go to one place and manage all of our network vulnerability scans and web application assessments. [Qualys] improves our ability to manage customer assessments.”-Fortrex Technologies, Inc.
Qualys Consultant gives you the industry’s leading cloud-based security and compliance solutions to use in your own vulnerability, configuration and compliance assessments. With Qualys Consultant, you can scan, analyze, track, and report on issues throughout your clients’ networks, devices and web apps – all from a single web console.
Used by consultancies and auditing firms around the world, Qualys Consultant frees you from having to set up servers, install software, manage storage or even be physically on-site. With "Six-Sigma" accuracy in vulnerability detection, integrated trend analysis, and customizable co-branded reporting, Qualys Consultant delivers the information you need to efficiently provide outstanding service to your clients.
The Qualys Cloud Platform delivers comprehensive IT security and compliance solutions for thousands of companies – of all sizes – around the world.
Immediate deployment – no servers to set up, no software to install, no databases to maintain for low, predictable TCO.
Multiple solutions, one console – zero maintenance.
Automated, remote monitoring – of devices & web apps in Internet perimeters, corporate networks & Amazon EC2.
Use anywhere – simply login from your browser on any device; no need to be on-site.
See your clients’ perimeters the same way hackers do: from the Internet. Qualys’ cloud-based scanning gives you the most accurate picture of your clients’ Internet-facing servers, websites and web apps. Qualys is pre-authorized for scanning within Amazon EC2, so you can easily track all of your clients’ systems in one place. Know quickly whether any of their assets are out-of-date, misconfigured or vulnerable to emerging threats – before they get attacked.
Qualys frees you from having to set up and maintain software on your clients’ networks. Simply open a browser on any device, log into Qualys and you’re immediately ready to start scanning, review results, and generate reports – from anywhere, at any time.
With Qualys, you can accurately and efficiently scan your clients’ corporate servers, computers and web apps – even inside complex, distributed networks. Automated authentication lets Qualys securely log into each system to collect critical security and compliance information. Internal scanning is seamlessly performed by virtual scanner appliances (available in a variety of virtual machine formats) that are remotely managed by Qualys.
You can use a virtual scanner from your laptop when you’re on-site or deploy it on a client’s computer to scan without you having to be present. It securely monitors assets within clients’ networks without requiring inbound firewall ports to be opened or special VPN connections to be set up. Furthermore, with Qualys, internal and external systems are all managed from the same console, eliminating the need for multiple tools.
The cornerstone of reliable security starts with knowing what your clients really have in their networks. Qualys Vulnerability Management helps you find unauthorized or undocumented devices lurking in your clients’ perimeter or corporate networks.
Qualys goes beyond just listing which devices are at risk of being attacked – it also tells you which specific patches are needed to fix each problem and gives you a link for downloading them.
The Qualys Cloud Platform performs more than a billion scans per year. It consistently exceeds Six Sigma accuracy for vulnerability scans, the most difficult type of scan. This high level of quality gives you the information you need, without wasting your time on extraneous false positives or false negatives.
Qualys helps you understand which vulnerabilities deserve immediate attention. Vulnerabilities can be organized by severity, presence of active exploits, patch, age, and other attributes so that you can give clients valuable insights into how to best increase their security.
Understand the overall security of your clients’ networks as well as specific details of any particular device or web application. Qualys lets you analyze results from multiple assets and how they trend over time to give you a complete view of your clients’ security postures.
Qualys Web Application Scanning helps you find web applications that have been published in your clients’ networks without authorization or have simply been forgotten. With this information, you can assist clients in preventing orphaned apps from becoming potentially-severe security risks.
Accurately and efficiently test web apps anywhere – in development, QA or production with Qualys Web Application Scanning. Eliminate attackers’ favorite vulnerabilities (such as XSS and CSRF) to keep your clients’ systems and data safe. Qualys is a Premier Corporate Member of OWASP.
With Qualys, you can store web app testing data in one place, whether it’s from manual penetration testing tools such as Burp Suite or Qualys automated scans. Avoid reinventing your manual tests and get a complete view of vulnerabilities across your clients’ applications.
Protect visitors to your clients’ websites against online attacks. Qualys can automatically scan their websites to make sure nobody has uploaded malware into blogs, feedback pages, advertisements or third-party content that appears on their sites.
With Qualys Policy Compliance, you can go beyond network testing to deeply inspect a wide range of settings and security controls required for mandates such as FISMA, HIPAA, SOX, GLBA, Basel II and others. You can use industry benchmarks such as the USGCB required by many US federal agencies or define your own controls to test for. Qualys is a CIS Security Benchmarks Consulting/Auditing Member.
Track whether computers throughout your clients’ networks are properly implementing password controls required for complying with internal security rules as well as industry or regulatory mandates.
With Qualys PCI Compliance, you can check whether your clients’ systems are PCI compliant at any time, enabling them to address issues early and submit quarterly PCI audit results once you know they’ve passed. Qualys is a PCI Approved Scanning Vendor (ASV).
With Qualys Consultant, you can add your brand to reusable report templates and automate the creation of engagement reports. Customized layouts, free-form content and complete control over included results let you tailor reports to each client’s needs.
Qualys goes beyond simply itemizing the vulnerabilities it finds. It gathers data from each device and web app, then lets you organize that information in the most appropriate way. You can quickly show how groups of assets fare against security goals in executive scorecards and generate detailed reports identifying how vulnerabilities change over time.
Qualys lets you enter your own executive summary and recommendations into reports you generate for clients. Your insights become part of the report rather than a separate document that could get separated or misplaced.
starting at $1,995
Qualys offers you a choice of packages to fit a variety of business models. Firms with multiple users can set up accounts that enable consultants to collaborate on particular clients. Pay-per-scan plans enable you to drive new services and add new clients without the hassles or costs of installing software or setting up new databases.
Sign up for a free trial and be scanning perimeter devices and web apps in minutes. Buy the Qualys Consultant Starter Kit (starting at USD $1995 in North America) and get 250 device scans for Vulnerability Management and Policy Compliance plus a one-year subscription for a Virtual Scanner Appliance for scanning inside clients’ networks. Additional scans for devices as well as web applications can be purchased as needed.
for Individual Practitioners
Individual practitioners who have recurring engagements that require high volumes of scanning can perform an unlimited number of scans with our annual, per-consultant (nontransferable) subscription plans. You can also buy Virtual Scanner Appliance subscriptions to scan clients’ internal networks – without you having to be on-site. Contact us for pricing for your specific needs.
“I couldn't compete with the larger IT consulting firms without Qualys.”