Skip navigation
1 2 3 4 Previous Next

Qualys News

60 Posts tagged with the product-news tag
Qualys today announced that it has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements. The solution, used by thousands of businesses, online merchants and Member Service Providers, now includes workflows for risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements, pass quarterly scans and maintain continuous PCI compliance.

Merchants dealing with credit card transactions must comply with PCI DSS to ensure that customers' sensitive payment card information is protected. For smaller organizations, PCI DSS compliance can be overwhelming, especially with the latest PCI DSS 6.2 changes that became effective June 30, 2012 that require robust internal scanning and reporting. The new requirements for risk ranking vulnerabilities and passing quarterly internal scans add new process requirements, taking significant effort. QualysGuard PCI, which automates the quarterly scanning requirements for PCI DSS 11.2 for external systems, now includes new workflows for scanning internal systems with customized risk ranking and reporting on internal vulnerabilities, enabling customers to meet the new requirements.

"The QualysGuard PCI Cloud Platform is now used by more than 69 percent of ASVs, 50 percent of QSAs and 2,000 organizations worldwide, and with this new release provides a unified solution to address both internal and external PCI DSS scanning requirements," said Philippe Courtot, chairman and CEO for Qualys. "Because it is cloud-based, it offers an easy-to use, cost-effective solution helping companies of all sizes continuously meet PCI DSS standards to secure their data and IT assets from cyber attacks."

QualysGuard PCI provides a broad solution that helps customers meet the latest PCI DSS internal requirements, enabling them to:

  • Utilize Approved Scanning Vendor (ASV) solution to meet both external and internal scanning to satisfy the requirements for PCI DSS.
  • Perform unlimited PCI scanning on both external and internal systems and Web applications.
  • Rank vulnerabilities according to the criticality of the assets to manage the overall risk and customize it for each organization.
  • Generate PCI specific reports to document both internal quarterly scan compliance and external ASV scan requirements with executive, technical, and risk-rank reporting.
Read the full announcement.
Thumbnail image for RCA Gold.jpgQualys today announced that its QualysGuard Vulnerability Management (VM) solution won the 2012 ISM Reader's Choice Awards in the best of vulnerability management category. In its seventh consecutive year of Reader's Choice Awards, TechTarget ISM subscribers were surveyed to determine the best information technology (IT) security products. More than 2,000 subscribers participated this year, rating hundreds of security products in 14 different categories.

"Our readers are the most knowledgeable and active technology professionals working in IT today. Their ratings reflect extensive technical experience and practical application of the products," said TechTarget Vice President and publisher of security media, Doug Olender. "These awards are designed to help serious technology buyers understand the products available to solve their IT security challenges."

Information Security Magazine subscribers were asked, in an online survey, to select the products currently used in their organization, rate those products based on criteria specific to each category, and indicate the importance of each criterion. Winners were determined by the cumulative weighted responses for each product category criteria.

The full set of winners can be found online with accompanying editorial at: Read the full news release.

Qualys today announced the general availability of Dynamic Asset Tagging and Management technology for its QualysGuard Cloud Platform and integrated suite of solutions for security and compliance, the QualysGuard Cloud Suite. The patent-pending technology enables customers to identify, categorize and manage large numbers of assets in highly dynamic IT environments, and automates the process of inventory management and hierarchical organization of IT assets.Qualys will showcase these new capabilities this week at Black Hat USA 2012 Briefings - booth #401 on July 25-26.

"Keeping an accurate and up-to-date inventory of IT assets is a critical step in maintaining secure environments," said Anton Chuvakin, research director for Gartner. "Asset tagging that works for ever-changing lists of assets allows organizations to manage their IT assets on an on going basis, establish a trusted repository for IT system configurations, and maintain hierarchical relationships between them in order to more effectively secure their environments."

Read the full announcement.
Qualys today announced that its new release of QualysGuard® Policy Compliance (PC) and Federal Desktop Core Configuration (FDCC) solution simplifies the process of meeting compliance regulation requirements for businesses and governmental agencies. This new release offers new CyberScope reporting capabilities for governmental agencies that have to comply with the Federal Information Security Management Act of 2002 (FISMA). It also provides new certified policies that meet international industry standards defined by the Center for Internet Security (CIS) and workflows to automatically create "Golden Images" by extracting the required information from systems that have already been configured with compliant configurations.Qualys will showcase these new capabilities this week at Black Hat USA 2012 Briefings - booth #401 on July 25-26.

"A solution automating key processes such as CyberScope reporting can help organizations streamline compliance workflows and meet FISMA requirements," said Lawrence Pingree, research director for Gartner. "With these types of tools, it is easier for organizations to more quickly adopt best practices, shortening the audit cycle and reducing overall costs."

Read the full announcement.


Qualys today announced that its QualysGuard Web Application Scanning (WAS) service helps organizations comply with the European Union (EU) Cookie Directive.

On May 26, 2011, the UK adopted regulations to implement the 2009 EU E-Privacy Directive, which requires web sites to gain consent from visitors before they can store cookies or other information used to track a user's actions. The UK Cookie Directive is privacy legislation that requires web sites to gain consent from visitors before they can store cookies or other information used to track a user's actions - fundamentally changing how web application owners interact with users.

With QualysGuard WAS, organizations can identify the cookies that their web applications are using, including those issued by third parties. With this information, organizations can evaluate whether the cookies are subject to the law and then update the web application to ensure it meets the EU legislation.

"As this new law impacts any web sites with European visitors, we are pleased to provide our customers with an easy-to-use solution to quickly assess their web sites and provide an accurate list of the ones that store cookies so they can review and update to meet this new law," said Philippe Courtot, chairman and CEO of Qualys.

Read the full news release, or read about using QualysGuard WAS to identify cookies.

Qualys today announced the introduction of a private cloud version of its QualysGuard® Cloud Platform that allows customers and partners to host and operate the security and compliance platform within their data centers to meet the varying needs of Private, Community, Public, and Hybrid Cloud services. Packaged as a virtual application to allow for rapid deployment into existing virtual infrastructures, the QualysGuard Private Cloud Platform is a standalone version of the full multi-layer, multi-tenant services architecture of the QualysGuard Cloud Platform, deployed for the private use of a specific customer or partner.

"We use the QualysGuard Private Cloud Platform as part of our Cloud Services to help secure our cloud offerings and allow customers to perform security and compliance audits on their applications and virtual infrastructure hosted in the Fujitsu Cloud, " said Tetsuo Shiozaki, chief architect, cloud business support unit for Fujitsu Limited.

Read the full announcement.

Qualys---F&S-Award-Logo.2012.gif Qualys today announced that Frost & Sullivan--for the second year in a row--awarded Qualys with its 2012 Global Market Share Leadership Award in Vulnerability Management. The award, based on independent analysis of the Global Vulnerability Management market, which included in-depth interviews with customers, partners and vendors, recognizes the excellence of Qualys' solutions and describes Qualys' innovation.

"Qualys is the undisputed market leader in vulnerability management, and it has been for multiple years. Intelligently staying ahead of the curve, the company continues to develop new products and features to address the ever-evolving security and compliance needs of enterprise organizations, government agencies and smaller businesses," stated Chris Rodriguez, industry analyst for Frost & Sullivan, in the report. He continued, "An aggressive product road map and quality initiatives have strengthened Qualys' current leadership position in the market, and it is expected to continue to do so in the future."

Read the full news release or read the report.

LockPathLogo*280.jpgLockPath, a provider of innovative governance, risk and compliance (GRC) applications today announced an integration partnership with Qualys to offer businesses unique visibility into their security and risk postures. With the partnership, users can benefit from QualysGuard's highly accurate vulnerability data from scans of enterprise assets automatically imported into LockPath's GRC solution, Keylight, augmenting its risk reporting capabilities with security intelligence to produce a holistic view of business risk.

"Through our partnership with Qualys, users gain an almost immediate understanding of how discovered vulnerabilities fit into the context of their organizations' overall security and risk posture," said Chris Caldwell, CEO, LockPath. "The effortless and streamlined integration of the Keylight platform with QualysGuard VM further validates what we believe is our obligation to ensure our Connector Library enables our customers to avoid fragile and time-consuming custom integrations."

For more information on the Keylight platform, download the datasheet. Read the full news announcement.

thycotic_logo.pngQualys today announced QualysGuard® integration with Thycotic's Enterprise Password Management software, Secret Server, allowing customers to extend the scope and reach of authenticated scans to their most critical IT systems while protecting passwords.

With Thycotic's Secret Server, authenticated scans using privileged IDs can be stored in the Secret Server Password repository and never leave the user's perimeter. Users can also leverage Secret Server's ability to log credential usage, restrict access, and periodically rotate credentials to ensure compliance with corporate policies and regulatory requirements.

"Thycotic's Secret Server enables customers to easily and securely manage access to services delivered through the cloud," said Jonathan Cogley, CEO for Thycotic. "This new integration will help customers effectively protect their passwords as they use QualysGuard to scan for vulnerabilities and ensure compliance with policies and regulations to keep their IT systems and data safe."

Read more on how to use Thycotic's Secret Server with QualysGuard or read the full news release.

RSA_BlogpostArt_D2.pngQualys today announced at RSA Conference USA 2012 major enhancements to its QualysGuard Cloud Platform and suite of integrated applications for security and compliance. These new innovations will extend the cloud platform capabilities to help customers improve the security of their IT systems and applications, further automate their compliance initiatives for IT-GRC and provide online protection against cyber attacks, while reducing operational costs and increasing the efficiency of their security programs.

Qualys will unveil these latest major technological innovations tonight at booth #1431 at 7:00 p.m. PT at the RSA Conference USA:

  • Web Application Firewall (WAF). A brand new cloud service from Qualys, QualysGuard WAF protects web sites from unwanted requests and a range of online threats from spammers to SQL injection to DDoS, and provides increased web site performance through caching, compression and content optimization.
  • Zero-Day Risk Analyzer Module. Built on VeriSign's iDefense zero-day security intelligence services, this new QualysGuard service allows customers to analyze zero-day threats and estimate their impact on their IT infrastructures and critical systems based on information collected from previous scan results.
  • Patent-Pending Technology for Enterprise Asset Management. Allows customers to tag assets dynamically based on scan results and to categorize assets in a hierarchical manner to keep pace with changing environments. Tags can then be used in all workflows including scanning, reporting or assigning security and access to assets.
  • Customizable Questionnaires Service for IT- GRC. Extends the QualysGuard Cloud Platform's policy compliance capabilities to automate manual control assessments with a customizable questionnaire based on a repository of nearly 1,000 pre-mapped policy documents via the Unified Compliance Framework. Workflows are also provided out-of-the-box that can be tailored to fit business processes.
  • Malware Detection Service, Enterprise Edition. Built on the popular free Malware Detection service, the enterprise version will allow customers to track malware on multiple web sites with advanced reporting and notification options.

Read the full announcement.

scan-results.pngQualys today announced the availability of its new and improved FreeScan service to help small and medium businesses (SMBs) audit and protect their web sites from security vulnerabilities and malware infections. The new FreeScan service allows SMBs to scan their web sites for of malware, network and web application vulnerabilities, as well as SSL certificate validation, helping web site owners identify risk before hackers do in order to prevent data beaches and protect online visitors from infections.

"Web sites are often vulnerable to attack, and oftentimes sites are compromised without the knowledge of the web site owners or its users," said Scott Crawford, research director for EMA. "While organizations want to ensure security, many lack the resources to identify possible security issues, or they do not know where to start. Using a free service like Qualys FreeScan can help organizations proactively gain visibility into possible issues so they can take the steps needed to protect their web sites and online visitors."

Powered by Qualys' cloud-based platform that hosts the QualysGuard® security and compliance suite of applications, FreeScan is a free service that scans for:

  • Network perimeter vulnerabilities
  • Web application vulnerabilities
  • Web site malware infections
  • SSL certificate validity

The scan results also provide guidance on remediation to fix identified vulnerabilities and remove malware infections. The new service is available at

Read the full announcement.

MetricStream today announced the integration of MetricStream IT-GRC Solution with QualysGuard® Vulnerability Management (VM). The joint solution provides a single robust framework to automatically monitor and capture all asset and network vulnerabilities, and route them through a systematic process of investigation and remediation. This integration enables customers to quickly identify and report on the vulnerabilities affecting business critical assets, map security issues to business applications, and aggregate and rollup risk information across their enterprise for proactive mitigation.

"IT security managers are under enormous pressure to protect IT assets - a task that becomes more challenging as networks grow more complex, and security threats become more sophisticated," says Vidya Phalke, CTO at MetricStream. "The use of virtualized infrastructure is rising, smart phones and tablets are proliferating, reliance on managed IT services is increasing, and business managers are independently driving the adoption of cloud applications. These trends are introducing a whole new class of risks and threats that enterprises need to deal with. Our partnership with Qualys will strengthen organizations' ability to tackle these security risks and compliance challenges."

Read the full announcement.
Qualys today announced a new release of QualysGuard Web Application Scanning (WAS) 2.1 that integrates with Selenium to help companies further automate scanning of web applications with complex authentication.

One of the challenges of dynamic application security testing (DAST) is the ability to successfully authenticate the application during a scan. QualysGuard WAS 2.1 uniquely addresses this challenge with support for Selenium scripts, which expands the ability of WAS 2.1 to perform authenticated web application scans and identify vulnerabilities. The Selenium plug-in ( enables users to record their browser actions and save them as scripts that can then be replayed at a later time. Through its use of Selenium, WAS 2.1 can effectively scan web applications that require complex authentication with multi-step login processes.

In addition to Selenium support, QualysGuard WAS 2.1 provides key features including:

  • Client Certificate Support: WAS 2.1 expands its reach with support for client SSL certificates that are required by many high-risk web applications. This update will provide users with the ability to upload client SSL certificate files which will then be used by WAS to perform authenticated scanning, expanding the scanning coverage and increasing the number of web application vulnerabilities identified.
  • Post Data Black List: With Post Data Black Lists, users can identify pages for which forms should not be submitted. This prevents the potential impact of posting the forms but allows the page view to be evaluated for security vulnerabilities, increasing the coverage while lowering the risk of scanning impact on the application.
  • Additional URL Support: WAS 2.1 expands coverage by enabling users to enter a list of links to be scanned that may not be linked to the initial URL.

Read the full announcement.

Qualys today introduced a new free audit service to help companies detect and eliminate malware and vulnerabilities from public or Internet-facing web sites. Available at, the free service is called FreeScan and Qualys will showcase it at the RSA Conference Europe 2011 in booth P1 on October 11-13.

"In a few minutes, Qualys FreeScan can help organizations get visibility of their web site security postures so they can be proactive and take the next steps needed to protect their web sites and online visitors from malware and loss of customer data," said Philippe Courtot, chairman and CEO for Qualys. "Thanks to the power of our security as a service platform, we are able to deliver such a valuable service to the community as a free service."

Read the full announcement.
Qualys® announced today the availability of QualysGuard VM integration with Modulo Risk Manager, providing customers a completely integrated, holistic view of IT risks correlated to vulnerabilities of their IT environments.

"Our customers are looking for a single point of reference to understand the risk landscape as it impacts their business environments. This can only be achieved through correlation and continuous monitoring of security and compliance data in the context of policies and controls. We are pleased to deepen our partnership with Modulo and deliver this comprehensive solution to our joint customers," says Philippe Courtot, Chairman and CEO of Qualys.

Read the full news release.
1 2 3 4 Previous Next