Qualys today announced QualysGuard PCI 5.0, giving customers a simplified way to meet the latest Payment Card Industry Data Security Standard (PCI DSS) compliance requirements. It includes updates following new Approved Scanning Vendor (ASV) requirements released in March 2010, and a simplified user interface (UI) with workflows - helping customers easily and accurately detect security vulnerabilities, and efficiently remediate issues for PCI compliance.

Click here to read the full news release. Visit the Qualys Community PCI page for more on this release, including a blog highlighting the new UI improvements, a video demo of PCI 5.0, and resources for more information.

Network Computing and Computing Security have launched the 2010 Computing Security Awards to honor products and services that have made a positive contribution to making organizations more secure. We are pleased to share the news that QualysGuard Express has been nominated in the category "SME Security Solution of the Year." Winners are determined by the democratic process of online nominating and voting. Click here to vote for your favorite security products.

Qualys has again been named to Inc. Magazine's prestigious Inc. 5000 list , recognizing the fastest-growing private companies in the US.  With this accomplishment, Qualys joins the rarified company of enterprises who have appeared on the list multiple consecutive times. The recognized leader in providing on demand IT security risk and compliance solutions for global companies, from SMBs to large enterprises, Qualys has achieved revenue growth of 104 percent over the last three years.

Today Intel announced its plans to acquire McAfee. We believe this underscores that security is integral to online computing. Tomorrow's computing promises vast computing resources, including hardware, critical data and applications, residing in the cloud, enabling people to access the data from web browsers using the devices of their choosing.

We see this acquisition as another example of the rapid consolidation taking place in the enterprise software industry as this new world emerges. This is a great exit for McAfee, as traditional high tech vendors are having an increasingly harder time competing against SaaS and cloud computing offerings. We saw McAfee using aggressive pricing against its competitors, such as Symantec, to steal market share and to be able to show double digit growth. Obviously, such a strategy was not sustainable. The traditional PC market is now also threatened by devices like iPad, mobile devices and new free OSes such as Android are gaining in functionality, while enterprise software and productivity suites are moving into the cloud.

 

Intel gains security expertise with this acquisition, and it will be interesting to see what they can do with the traditional McAfee enterprise software product lines.  Intel talks about "hardware-enhanced security to counter sophisticated threats of tomorrow." With the rise of exciting portable technologies and devices that improve productivity in the workplace and for consumers, built-in security makes sense. We look forward to working with Intel and other companies to work together to keep internet computing secure.

Yesterday Qualys BrowserCheck was featured in Craig Crossman's Computer America radio talk show. Qualys CTO Wolfgang Kandek discussed the new free service and how to keep browsers and plug-ins up-to-date. BrowserCheck is now featured on the show's Free Software and Services page together with a collection of useful, high-quality tools that make daily life with computers easier.

Click here to listen to the interview, or click here to view notes from the show. To learn more about BrowserCheck, see a demo of the free service, and interact with the Qualys Community, visit https://community.qualys.com/community/qbc.

Agiliance and Qualys today announced a technology partnership to integrate QualysGuard vulnerability and asset data with Agiliance's real-time risk and compliance solution, RiskVision, enabling customers to achieve real-time continuous compliance and IT security risk assessment on demand. The combination of QualysGuard's on demand vulnerability scan results and Agiliance's real-time business and security data provides customers with an always-on, always-current view of their security risk postures. The real-time risk data enables better prioritization of response and allocation of security resources. With the ability to measure security risks on demand, a security response team can receive instant feedback on remediation effectiveness to meet stringent security policies and regulatory compliance mandates.

Click here to read the full announcement.

Qualys today announced a free online SSL test for web sites at Qualys SSL Labs, a site dedicated to providing resources for successfully using SSL to secure web sites and online transactions. The free online SSL test examines a web site's SSL certificate chain to ensure it is trusted and serves as a good security foundation for communications over the Internet. Ivan Ristic, Qualys director of engineering and creator of SSL Labs, introduced the new online tool and discussed his research of SSL certificates across the globe in a session at Black Hat today.

To learn more about SSL and to use the new free SSL testing tool, visit: https://www.ssllabs.com/. To discuss or provide feedback on the SSL test with other users, visit the Qualys Community at: http://community.qualys.com/community/ssllabs.

Today at Black Hat, Qualys released BlindElephant, a fast, accurate open source web application fingerprinting engine that identifies application and plugin versions via static files. Patrick Thomas, a vulnerability researcher at Qualys and creator of BlindElephant, described the results of large-scale tests using the tool, and discussed how many well-known web applications are running dangerously out of date software.

BlindElephant is an open source tool available now for download from: http://blindelephant.sourceforge.net/.

To download the BlindElephant research paper or get more details, please visit the Qualys Community at: http://community.qualys.com/community/blindelephant.

Qualys today announced that QualysGuard Vulnerability Management (VM) now includes correlated exploitability information from real-time feeds to provide customers with up-to-date references to exploits and related security resources. With this new feature, customers running vulnerability scans can easily view the latest correlated exploits from third party vendors including Core Security, Immunity, and related exploit information from Metasploit and The Exploit-DataBase. This helps customers better prioritize and remediate critical security issues based on knowledge of active exploits.

Click here to read the full announcement, or visit the Qualys community to learn more about this feature and view a live demo.

Qualys today announced that three of its security researchers will unveil new research results in their sessions at Black Hat USA 2010, which takes place July 24- 29 at Caesars Palace in Las Vegas.

• Patrick Thomas, Information Security Researcher for Qualys, will present on WebApp fingerprinting and vulnerability interfacing on Wednesday July 28 at 3:15pm.
  

• Ivan Ristic, Director of Engineering for Qualys, will present on the state of SSL on the Internet on Thursday July 29 at 10am.
  

• Rami Kawach, Software Architect for Qualys, will discuss web-based malware via browser and OS instrumentation on Thursday July 29 at 3:15pm.
  

Click here to read the full release.

"The Forrester Wave™: Vulnerability Management, Q2 2010" names Qualys "the clear leader" in the report, which evaluated eight of the top vendors in vulnerability management, scoring them against 53 criteria.

"Qualys leads the pack...on its strategy as well as its execution. Not only did Qualys pioneer the SaaS hybrid model for vulnerability assessment, but today it is the largest vulnerability management vendor in terms of revenues."

The report continues: "Today, the QualysGuard cloud delivers vulnerability assessment, application-level scanning, and configuration compliance auditing, all from a centralized multitenant architecture.  This architecture helps to deliver scalability and consolidated reporting. Qualys is also one of the few vendors in this evaluation that has a full-featured configuration compliance module that provides concrete mappings from a wide list of regulations to actual IT controls."

Click here to read the news release, or here to view the full report.

Qualys today announced the availability of a free service, Qualys BrowserCheck, to help consumers and corporate users fix security issues in their browsers.When run interactively by users of major Windows web browsers, Qualys BrowserCheck scans the browser as well as its plug-ins to identify insecure and out-of-date versions that put its users at risk.

"The threat of browser-based attacks is growing and the number of security flaws in browser plug-ins is rising. Users must be aware of their browsers' security and protect themselves from malicious activity," said Avivah Litan, vice president and distinguished analyst at Gartner.

The free service is available at http://browsercheck.qualys.com. Visit http://www.qualys.com/bcdemo to watch a demo of BrowserCheck with Qualys CTO Wolfgang Kandek.

The Cloud Security Alliance today announced the agenda of its CSA Summit at Black Hat. Following the sold-out CSA Summit held at the 2010 RSA Conference, the CSA Summit at Black Hat will be presented as a half-day session concurrent with the popular Black Hat Briefings. The summit will take place July 28 at Caesar's Palace, Forum 25, in Las Vegas, from 10am-3pm. It features Qualys CTO Wolfgang Kandek speaking on CSA Application Security Findings at 11-11:30am. All registered Black Hat attendees are welcome to attend the CSA Summit.

Read about the summit and its agenda here.

Leading analyst firm EMA profiles how Cisco deployed QualysGuard Vulnerability Management to help secure its global infrastructure. With as many as 30 million IP addresses subnetted into more than 56,000 networks, Cisco needed a scalable, high performance solution. Qualys' software-as-a-service (SaaS) model provided the on-demand scanning and scale of automation required to meet Cisco's needs.

Case study excerpt: "Cisco has now been a Qualys customer for over five years, in a phased deployment that has continued to expand over that time, even though the initial phase of adoption was virtually instantaneous. 'Because of the SaaS model, we were able to begin using QualysGuard immediately, from day one,' says the vulnerability assessment team lead. The external scanning capability of the QualysGuard service kept this customer from having to purchase and deploy external scanning systems. No infrastructure setup was required, nor was there any need to provision connectivity between internal and external networks just to enable external vulnerability scanning."

Click here to read the full case study.

Qualys today announced the new Patch Report feature in QualysGuard Vulnerability Management. The new reporting feature provides users with actionable patching information for non-security staff such as system administrators and patch management system operators. It includes prioritized lists of patches that need to be applied to a selected set of assets in order to reduce risk, without applying unneeded redundant patches.

"We are excited about using the new QualysGuard Patch report because it will provide a useful tool that improves efficiency in vulnerability remediation and helps ensure that we are patching properly," said Joe Bennett, director of information security for CredAbility, a nonprofit organization offering credit counseling and education. "We do monthly reporting that tracks the remediation of detected vulnerabilities, and now with Patch Report, we can see exactly how many patches we pushed and how many vulnerabilities it remediated."

Patch Report now supports Microsoft and Adobe patches.

Click here to view the related news release.

Qualys with our integration partners invite you to join us for the "ULTIMATE PARTY" at the JET Mirage Nightclub.

Featuring the following Integration Partners: AirTight, RSA | Archer, Core Security, Immunity, Imperva, RedSeal, SecureWorks, Sourcefire, TrendMicro, VeriSign.

Enjoy an open bar and dance the night away to Tainted Love and DJ DIRTYHERTZ at one of the hottest nightclubs in Las Vegas.

For more information on this event and to RSVP, please visit: http://www.qualys.com/blackhat.

Listen to Qualys Director of Engineering Ivan Ristic featured in this month's Black Hat 2010 preview webcast. The webcast is scheduled for Thursday, June 24th at 1pm PST/ 4pm EST and will provide a sneak peek at presentations for this year's conference. Tune in to hear Ivan discuss his work and preview his talk "State of SSL on the Internet: 2010 Survey, Results and Conclusions."

Computer Business Review's Steve Evans talks to the CEO and founder of on-demand security firm Qualys about what his rivals are doing wrong when it comes to cloud security. Qualys services have been cloud based from day one, so Evans asks Courtot, "What do you make of the attempts by your competitors to join you there?"

Read the full story here.

Qualys and RSA today expanded their technology collaboration to make QualysGuard® vulnerability management and IT policy compliance data available to RSA's client base. The integration of QualysGuard Policy Compliance with RSA's Archer GRC Framework allows organizations to automatically import comprehensive policy compliance scan information and report on misconfigurations identified on their global assets in a single view. They can then assign ownership to individual issues, track remediation efforts or accept the associated business risk.

"Through the integration of Qualys with the RSA's Archer GRC Framework, our customers will be able to expand their view of vulnerability and compliance issues, making it possible to proactively address potential and existing organizational compromises and expedite compliance reporting," said Jon Darbyshire, Archer General Manager for RSA, The Security Division of EMC.

Click here to read the full news release or visit https://exchange.archer-tech.com/offering/5451.aspx for more information on the QualysGuard integration package on RSA's Archer Exchange.

QualysGuard Express has been awarded the SC Magazine Europe Award 2010 for Best Small and Medium Enterprise (SME) Security Solution. The award was announced at the SC Magazine gala dinner held at the Wyndham Grand London in Chelsea Harbour on April 27, 2010.

"QualysGuard Express brings us the simplicity of deployment and use while providing a continuous, very comprehensive and accurate assessment of our security and compliance posture," said Barrie Ainsworth, head of IT for Kiddicare. "Furthermore as Qualys continues to deliver additional services to its platform, we are seeing that QualysGuard is a very good longterm investment."

Click here to read the full news release.