The Qualys® Newsletter

Qualys and GRCBizassurance Partner to Deliver Cloud-Based Vulnerability Management Services in South Africa

2012-02-07T18:20:41Z

Qualys, Inc http://www.qualys.com GRCBizassurance and Qualys, Inc. announced their strategic partnership plan to deliver vulnerability services to South African and Sub-Saharan customers.

As part of its trusted assurance service, GRCBizassurance will provide independent Managed Security Services using the QualysGuard IT Security and Compliance Suite. GRCBizassurance will use QualysGuard as a platform for assisting customers to reduce their overall security risk, prevent business exposure, keep their customers' threat profile up to date, and provide comprehensive SANS-based security dashboard reporting. GRCBizassurance's use of the QualysGuard suite will form part of GRCBizassurance's Security Assurance and Enterprise Security Intelligence Service.

Read the full news announcement.
]]>

Data Privacy Day 2012

2012-01-27T13:01:05Z

Qualys http://www.qualys.com

By Andrew Wild, CSO, Qualys

January 28th 2012 has been designated "Data Privacy Day." This is an internationally recognized day established to increase awareness of privacy and the challenges that our technologically advanced, "big data" analytical world pose to our notions about privacy.

It is entirely appropriate that everyone should take a few minutes to consider the issue of privacy on Data Privacy Day. Technology and the significant changes to how we communicate and share information in the Internet age have fundamentally altered our understanding of privacy. The two greatest threats to our privacy today are extensive online social networking, and significant improvements in data analytics.

Continue reading at news.qualys.com/data-privacy-day-2012.html

]]>

Leading Analyst Firm Ranks Qualys #1 for Third Consecutive Year in Device Vulnerability Assessment

2012-01-24T17:34:14Z

Qualys, Inc http://www.qualys.com Qualys today announced that IDC ranked the company number one for Worldwide Device Vulnerability Assessment Revenue Share for 2010 by Vendor for the third consecutive year with 14.9 percent growth. This growth, documented in the IDC Worldwide Security and Vulnerability Management 2011-2015 Forecast and 2010 Vendor Shares, is contributed to accelerated adoption of Qualys' cloud-based security and compliance solutions by global enterprises. To date Qualys has gained the following adoption to its cloud-based services within global indices including 50 percent of the Forbes Global 100, 48 percent of the Fortune 100, 60 percent of Dow Jones 30, 41 percent of NASDAQ 100, 43 percent of DAX 30, 58 percent of CAC 40, 41 percent of FTSE 100 and 17 percent of Nikkei 225.

"Qualys continues to grow its market share with comprehensive vulnerability management services that help organizations proactively scan critical assets and take the action needed to reduce risk," said Charles Kolodgy, research vice president for security products at IDC. "Qualys has also effectively used its cloud-based delivery model to offer low cost, comprehensive services that are easily integrated with partner solutions so organizations can quickly respond to rapidly evolving threats.

IDC predicts Worldwide Vulnerability Assessment Market revenues will grow by 9.7 percent from 2010 to 2015, with a projected value in 2015 of $1.2B. "Given the importance of risk management, government regulations, and exposure through vulnerabilities, the security and vulnerability management market is full of opportunity," said Kolodgy in the report.

View the full announcement. To read an excerpt from the report, visit www.qualys.com/docs/idc_VM_forecast2012.pdf.

]]>

Qualys Expands Popular FreeScan Service for SMBs

2012-01-18T17:06:40Z

Qualys, Inc http://www.qualys.com Qualys today announced the availability of its new and improved FreeScan service to help small and medium businesses (SMBs) audit and protect their web sites from security vulnerabilities and malware infections. The new FreeScan service allows SMBs to scan their web sites for of malware, network and web application vulnerabilities, as well as SSL certificate validation, helping web site owners identify risk before hackers do in order to prevent data beaches and protect online visitors from infections.

"Web sites are often vulnerable to attack, and oftentimes sites are compromised without the knowledge of the web site owners or its users," said Scott Crawford, research director for EMA. "While organizations want to ensure security, many lack the resources to identify possible security issues, or they do not know where to start. Using a free service like Qualys FreeScan can help organizations proactively gain visibility into possible issues so they can take the steps needed to protect their web sites and online visitors."

Powered by Qualys' cloud-based platform that hosts the QualysGuard® security and compliance suite of applications, FreeScan is a free service that scans for:

Network perimeter vulnerabilities
Web application vulnerabilities
Web site malware infections
SSL certificate validity

The scan results also provide guidance on remediation to fix identified vulnerabilities and remove malware infections. The new service is available at https://www.qualys.com/forms/freescan/.

Read the full announcement.

]]>

MetricStream Partnership Brings Actionable Security and Risk Intelligence to IT-GRC

2012-01-04T19:37:32Z

Qualys, Inc http://www.qualys.com MetricStream today announced the integration of MetricStream IT-GRC Solution with QualysGuard® Vulnerability Management (VM). The joint solution provides a single robust framework to automatically monitor and capture all asset and network vulnerabilities, and route them through a systematic process of investigation and remediation. This integration enables customers to quickly identify and report on the vulnerabilities affecting business critical assets, map security issues to business applications, and aggregate and rollup risk information across their enterprise for proactive mitigation.

"IT security managers are under enormous pressure to protect IT assets - a task that becomes more challenging as networks grow more complex, and security threats become more sophisticated," says Vidya Phalke, CTO at MetricStream. "The use of virtualized infrastructure is rising, smart phones and tablets are proliferating, reliance on managed IT services is increasing, and business managers are independently driving the adoption of cloud applications. These trends are introducing a whole new class of risks and threats that enterprises need to deal with. Our partnership with Qualys will strengthen organizations' ability to tackle these security risks and compliance challenges."

Read the full announcement.
]]>

Zion Security's "Security for Life" Benefits Belgian Red Cross

2011-12-22T19:49:16Z

Qualys, Inc http://www.qualys.com Zion Security has launched "Security for Life," offering companies continuous security monitoring of their web sites with Qualys Secure Seal, and donating all proceeds to the Belgian Red Cross as part of the charity effort "Music for Life."

Last year, Zion Security donated €3,000 to the charity by selling its quick scan service, a manual penetration test. This year, Zion hopes to raise €10,000, with Qualys providing free licenses of Qualys Secure Seal to Zion Security. For €500, companies receive Qualys Secure Seal, enabling them to scan their web sites for the presence of malware, network and web application vulnerabilities, as well as SSL certificate validation, and the €500 is transferred to Music for Life.

"Not only is Music for Life the most important charity campaign in Belgium, with Qualys Secure Seal companies can protect their web site and detect critical vulnerabilities before hackers exploit the holes," said Erwin Geirnaert, CEO of Zion Security.

For more information, visit www.securityforlife.be. ]]>

Qualys Brings Web Application Scanning to Next Level of Automation

2011-12-06T17:13:00Z

Qualys, Inc http://www.qualys.com announced a new release of QualysGuard Web Application Scanning (WAS) 2.1 that integrates with Selenium to help companies further automate scanning of web applications with complex authentication.

One of the challenges of dynamic application security testing (DAST) is the ability to successfully authenticate the application during a scan. QualysGuard WAS 2.1 uniquely addresses this challenge with support for Selenium scripts, which expands the ability of WAS 2.1 to perform authenticated web application scans and identify vulnerabilities. The Selenium plug-in (http://seleniumhq.org/projects/ide/) enables users to record their browser actions and save them as scripts that can then be replayed at a later time. Through its use of Selenium, WAS 2.1 can effectively scan web applications that require complex authentication with multi-step login processes.

In addition to Selenium support, QualysGuard WAS 2.1 provides key features including:

Client Certificate Support: WAS 2.1 expands its reach with support for client SSL certificates that are required by many high-risk web applications. This update will provide users with the ability to upload client SSL certificate files which will then be used by WAS to perform authenticated scanning, expanding the scanning coverage and increasing the number of web application vulnerabilities identified.
Post Data Black List: With Post Data Black Lists, users can identify pages for which forms should not be submitted. This prevents the potential impact of posting the forms but allows the page view to be evaluated for security vulnerabilities, increasing the coverage while lowering the risk of scanning impact on the application.
Additional URL Support: WAS 2.1 expands coverage by enabling users to enter a list of links to be scanned that may not be linked to the initial URL.

Read the full announcement.

]]>

MS-ISAC Selects Qualys to Bring Cloud-Based Security and Compliance Solutions to State and Local Governments

2011-12-05T17:19:31Z

Qualys, Inc http://www.qualys.com Qualys today announced a new partnership with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to provide local and state government agencies with IT security and compliance management solutions in the cloud to help them with vulnerability identification, mitigation, and managing regulatory compliance, while reducing costs and streamlining operations.

"The MS-ISAC is pleased to bring the QualysGuard offerings to SLTT governments, adding another component to our multi-layered strategy to support their security objectives," said William Pelgrin, MS-ISAC Chair. "This partnership enables us to provide powerful, flexible and customized solutions that complement and integrate well with our other security services, for the benefit of raising our SLTT governments' cyber security posture."

Read the full news announcement.

]]>

Free Security Services From Qualys This Holiday Season

2011-11-28T17:42:04Z

Qualys, Inc http://www.qualys.com announced today that it is offering businesses a free license to use Qualys SECURE Seal protection from now until January 30th, 2012, along with Qualys BrowserCheck and SSL Server Audit. These free services combined enable businesses to protect their customers, employees and web presence against accidental and deliberate attacks during the busiest shopping period of the year - Cyber Monday through New Year's. The protection is provided as a service, so there is no software to install or manage. This free offer is available at http://www.qualys.com/holiday

"Browsers and web sites are the primary targets for cyber attackers, so online shoppers and businesses need to take the proactive measures to protect themselves this holiday season," said Philippe Courtot, chairman and CEO for Qualys. "Ensuring your browser and all its plug-ins are at the latest security level is a must - and it takes only four seconds for Qualys to help you find out. Making sure your business web site is not compromised or vulnerable to attacks is equally as important, and the Qualys SECURE Seal provides an effective solution for maintaining a rigorous and proactive security program to help you safeguard your customers' data."

Organizations interested in taking up this offer are invited to sign up on the Qualys web site at http://www.qualys.com/holiday. Read the full announcement.

]]>

Qualys Named a Finalist in Four SC Awards for 2012 Including Best Security Company

2011-11-10T16:47:04Z

Qualys, Inc http://www.qualys.com Qualys announced today that SC Magazine has named it a finalist in four categories of the 2012 SC Awards U.S. QualysGuard Vulnerability Management (VM) was named a finalist in the Reader's Choice award for Best Vulnerability Management Tool, and Qualys was recognized in three excellence categories, including Best Security Company, Best Regulatory Compliance Solution for QualysGuard Policy Compliance and Best SME Security Solution for QualysGuard Express.

"We are delighted to be a finalist in four SC Awards categories including Best Security Company for 2012," said Philippe Courtot, chairman and CEO of Qualys. "This underscores the continued and accelerated adoption of our QualysGuard cloud security and compliance platform and applications that allow both large and small companies to effectively protect themselves against cyber attacks and insider threats without the costs and complexities associated with maintaining and deploying traditional enterprise software."

Winners of this year's SC Magazine Awards US will be announced at a gala dinner and award ceremony to be held in San Francisco on Tuesday, February 28, 2012.

Read the full announcement.
]]>

Qualys Makes the San Francisco Business Times Fast 100 List

2011-10-31T17:40:40Z

Qualys, Inc http://www.qualys.com announced it has been named for the second year in a row on the San Francisco Business Times "Fast 100 List," which recognizes independent and private companies with the most revenue growth over the past three years, based on research done with PricewaterhouseCoopers. The rankings appeared in the October 28, 2011 edition of the San Francisco Business Times and were announced at an awards reception on October 27 at the Hilton San Francisco.

"The San Francisco Bay Area is an area known for innovation and growth, so it is an honor to be recognized for a second year on this prestigious list," said Philippe Courtot, chairman and CEO for Qualys. "We attribute our growth to the power of our SaaS model, which enables us to continuously innovate to deliver additional capabilities and new security services for our customers at a fraction of the cost of other solutions.

Read the full announcement.
]]>

Dept. of Homeland Security Unites Groups to Combat Cyber-Crime

2011-10-19T19:40:55Z

Qualys, Inc http://www.qualys.com Yesterday morning as part of National Cyber Security Awareness Month, I had the privilege to attend a breakfast and NASDAQ bell ringing ceremony with Secretary of Homeland Security Janet Napolitano at the NASDAQ Market Site in Times Square, New York City.

The morning included a roundtable with participants from law enforcement, the government and the private sector discussing ways to fight cyber crime, and emphasized the Department of Homeland Security's (DHS) commitment to forge partnerships in order to create a safe, secure, and resilient cyber environment.

I very much enjoyed the opportunity to discuss the current state of cyber security with so many leaders from both the private and public sectors.

Secretary Napolitano explained that the private and public sector must work together to ensure greater awareness of the issue of cyber security, improved sharing of information, and a more coordinated response to cyber security incidents. Malicious actors are working to steal money, intellectual property, personal identity information, as well as disrupt our economy. She explained how DHS is working to improve the state of cyber security. The take-home message is clear: Security awareness is the key to preventing cyber attacks, and private industry and government must work closely together to improve our ability to safeguard intellectual property and ensure our continued economic prosperity.

The theme of National Cyber Security Awareness month is STOP. THINK. CONNECT.

From http://stopthinkconnect.org/:

When you cross the street, you look both ways so make sure it's safe. Staying safe on the Internet is similar. It takes some common sense steps -- Stop. Think. Connect.

Stop: Before you use the Internet, take time to understand the risks and learn how to spot potential problems. 

Think: Take a moment to be certain the path ahead is clear. Watch for warning signs and consider how your actions online could impact your safety, or your family's.  

Connect: Enjoy the Internet with greater confidence, knowing you've taken the right steps to safeguard yourself and your computer.

STOP. THINK. CONNECT. Protect yourself and help keep the web a safer place for everyone.

Qualys has been working for the last 10 years to help customers identify and remediate potential vulnerabilities to secure and protect information and IT assets. We feel strongly that industry and government collaboration is needed to effectively fight cyber-crime; after all, attackers share information, so we need to share information to best protect ourselves. This event along with this month's activities for National Cyber Security Awareness Month, are steps in the right direction, and we look forward to increased collaboration and sharing of information to fight cyber crime.

-Andrew Wild, CSO for Qualys

]]>

Qualys Named in Fastest-Growing Silicon Valley Private Companies List for Fourth Consecutive Year

2011-10-17T18:04:42Z

Qualys, Inc http://www.qualys.com Qualys today announced it has been recognized in the Silicon Valley/San Jose Business Journal's "Fast Private" list, a ranking of the top private companies in the Silicon Valley based on percentage of revenue growth from 2008 to 2010.

"We are honored to appear on this list for the fourth year in a row. Even with challenging economic times, we have seen continued growth as companies large and small have seen the value of our security services that provide them with a comprehensive and global view of their security and compliance postures," said Philippe Courtot, chairman and CEO for Qualys.

The Silicon Valley/San Jose Business Journal's "Fast Private" list, published as a special supplement in the publication's October 14, 2011 issue, highlights Qualys' ranking which was announced at a private awards dinner held on October 13, 2011 in Mountain View, California at the Computer History Museum.

Read the full announcement.
]]>

Risk I/O Partners with Qualys to Automate Vulnerability Detection, Management and Remediation

2011-10-12T17:06:17Z

Qualys, Inc http://www.qualys.com announced its partnership with Qualys, the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions. The companies will integrate Risk I/O with QualysGuard, creating a simple out-of-the-box connector that pulls vulnerability scan data directly from QualysGuard, and uses Risk I/O to aggregate, correlate and prioritize vulnerabilities for the most effective remediation of possible security threats.

"We welcome Risk I/O to use the power of SaaS to leverage our platform to further model, to simplify and to automate key security and compliance processes for customers," said Philippe Courtot, chairman and CEO for Qualys. "This integration is another step forward for better vulnerability context and prioritization, enhancing vulnerability remediation performance, helping customers efficiently eliminate any possible security threats to minimize security risk across the enterprise."

"We are very excited to be a part of the Qualys partner program and to leverage the power of the QualysGuard platform," said Ed Bellis, CEO of HoneyApps. "Our Risk I/O integration with the Qualys suite of solutions will dramatically improve our mutual customers ability to fix security issues in a timely manner."

Read more about the partnership, the full announcement, or visit the Risk I/O blog or the Qualys Technology Blog.
]]>

New Free Audit Service to Secure Web Sites from Malware and Vulnerabilities

2011-10-11T16:57:06Z

Qualys, Inc http://www.qualys.com today introduced a new free audit service to help companies detect and eliminate malware and vulnerabilities from public or Internet-facing web sites. Available at http://www.qualys.com/audit, the free service is called FreeScan and Qualys will showcase it at the RSA Conference Europe 2011 in booth P1 on October 11-13.

"In a few minutes, Qualys FreeScan can help organizations get visibility of their web site security postures so they can be proactive and take the next steps needed to protect their web sites and online visitors from malware and loss of customer data," said Philippe Courtot, chairman and CEO for Qualys. "Thanks to the power of our security as a service platform, we are able to deliver such a valuable service to the community as a free service."

Read the full announcement.
]]>