April 2009 Archives

Just on the heels of being named Best Vulnerability Management Solution by SC Magazine US readers, EU readers also voted QualysGuard for this distinct honor.

Qualys also won the highly commended award for the category "Security Vendor of the Year" in the European awards.

"We are incredibly honoured to be recognized by SC Magazine both in the Europe and the US" said Philippe Courtot, CEO and chairman of Qualys. "We attribute this recognition to our customers around the world who helped us make our QualysGuard SaaS offering address their security and compliance requirements."

Read More

Missed Thursday's RSA keynote? Check out Philippe Courtot's keynote in it's entirety as he talks about Security's "Inconvenient Truth" and the Impact of Cloud Computing on the Security Industry. 
View Keynote Webcast in a Sized Pop-Up

QualysGuard was voted Best Vulnerability Management Solution for a third consecutive year by SC Magazine readers. The SC Magazine Reader's Trust Awards recognize the best products, services and security teams in the industry over the past year as decided by a panel of judges and readers of SC Magazine.

Qualys has also won the Excellence Award for Best Enterprise Security Solution. Winners are decided by an expert panel of judges. These judges are hand-picked by SC Magazine's editorial team for their breadth of knowledge and experience in the information security industry.

Read More

SC Magazine sits down with Philippe Courtot at the 2009 RSA Conference to discuss security. Questions asked:

• What are the best ways organizations can address compliance and data security issues this year, given the challenging economic climate in which we all find ourselves?
• What problems or challenges is your company facing in the face of a declining economy and how are you and your executives going to overcome these?
• According to SC Magazine's research and many experts in the industry, the information security market may not see as difficult a time in this degraded economy as others since protection of data has become so critical to bottom lines. What are your thoughts on this?
• Speaking of data protection, we're still seeing a great many exposures of personal and critical information, the most recent and largest being the Heartland incident. Where do companies keep making the biggest mistakes in protecting their customers' data?
• As we move through 2009, what will be the biggest threats IT security practitioners will need to be mindful of and what are the ways to best address these?
• More...
  

Read Interview

Qualys today announced QualysGuard® PCI Connect which is the industry's first Software-as-as-Service (SaaS) ecosystem for PCI compliance connecting merchants to multiple partners and security solutions in order to document and meet all 12 requirements for PCI DSS.

As a new addition to the widely adopted QualysGuard PCI service, PCI Connect streamlines business operations related to PCI compliance and validation for merchants and acquirers all from a combined collaborative application with automated report sharing and distribution. PCI compliance status and tracking is performed on an ongoing basis. Merchants who use QualysGuard PCI Connect can easily identify areas where they may not be meeting compliance requirements. Acquirers who use QualysGuard PCI Connect can easily evaluate whether merchants have met PCI requirements and whether sufficient evidence has been submitted for validation.

QualysGuard PCI Connect offers merchants and acquires the following benefits:

• Automates the collection of data for validations PCI DSS compliance
• Merchants see detailed results including related evidence for all requirements of PCI throughout the entire organization when answering SAQ
• Provides workflow for merchants to track comprehensive compliance status on an ongoing basis 
• Open API to work with any security solution or vendor
• Acquiring bank has additional security controls of merchants when validating merchants for compliance

QualysGuard PCI Connect will be available in July 2009.

Read More

New Release Delivers Open APIs, Comprehensive Technology Coverage, Customized Controls with New Advanced Reporting and Search Capabilities.



New and upgraded Policy Compliance 2.0 features and customer benefits include:

• Open APIs--XML extensible interface allows customers and GRC vendors to programmatically query security and compliance data of systems in scope for compliance initiatives.
• Comprehensive Control Coverage--Due to overwhelming demand, Qualys has been actively involved in receiving and responding to new control requests for current and new technologies. Policy Compliance 2.0 spans multiple operating systems and applications used within the enterprise with mappings to popular compliance frameworks and regulations.
• Trending and Compliance Charts--Many security and compliance tools only show snapshots of compliance at a single point in time, whereas Policy Compliance 2.0 enables compliance and security managers to monitor the ongoing effectiveness of their programs with detailed trend reports.
• Control Cross Reference--IT auditors need to know which compliance configuration and security policies are in effect and what mitigating procedures are initiated when violations occur. Policy Compliance 2.0 includes the ability to 'link' to external content via hyperlink or textual reference, compliance and security personnel can navigate to the appropriate corporate approved mitigating procedure right from the Qualys interface.
• User Defined Controls for Registry Values and ACL's--Qualys is developing a series of User Defined Controls or UDC's that enable users to create their own controls dynamically, as needed, without having to submit control requests to Qualys development. Starting with the registry, users can create controls for expected registry values and ACL's. 
• Search and Performance Improvements--By providing a modular approach to security policy creation, Qualys enables customers to build security policies in QualysGuard that are mapped to existing hardened documents already being used in the customer's IT infrastructure.  To ease identification of matching controls, Qualys has built-in additional search functionality to better enable customers to locate the controls they need.
  

QualysGuard Policy Compliance 2.0 is available as part of the QualysGuard Security and Compliance Suite on May 26, 2009. QualysGuard annual subscriptions are based on the number of systems scanned and include unlimited number of scans and 24x7 support and updates.

Read More

Qualys today announced Web Application Scanning now part of the QualysGuard Security and Compliance Suite. QualysGuard WAS delivers automated crawling and testing for custom Web applications to identify most common vulnerabilities such as those in the OWASP Top 10 and WASC Threat Classification, including SQL injection and cross-site scripting. QualysGuard WAS scales to scan any number of Web applications, internal or external in production or development environments.



QualysGuard WAS features and customer benefits include:

• Crawling & Link Discovery -- An embedded Web crawler parses HTML and some JavaScript to extract links. QualysGuard WAS automatically balances breadth and depth of discovered links to crawl up to 5,000 links per Web application.
• Authentication--QualysGuard WAS incorporates HTTP Basic, Digest and NTLM server-based authentications, as well as Simple form authentication.
• Black List and White List Enforcement--The application prevents the crawler from visiting black-listed links in a Web application and can instruct the crawler to only visit links explicitly defined in a white list.
• Performance Tuning--QualysGuard WAS provides granular, user-determined bandwidth level control for parallel scanning to limit impact on application performance.
• Sensitive Content--The application enables automated expression search for content in HTML, such as a Social Security Number.
• Workflows for Defining Scans and Reviewing Reports--QualysGuard WAS provides logical scan and reporting workflows for each Web application.
  

CEO Philippe Courtot stated: "Web application security is the new frontier in security and a big challenge for most organizations. The automated nature of our new Web application scanning solution will allow our customers and partners to get a clear picture of their Web application security with the ability to scan their entire environment at the push of a button."

QualysGuard WAS is available as part of the QualysGuard Security and Compliance Suite on May 26, 2009. QualysGuard WAS annual subscriptions are based on the number of Web application(s) scanned and include unlimited number of scans and 24x7 support and updates.

Read More
QualyGuard WAS Overview

In the Qualys Booth #1717 at RSA 2009, Qualys customers including General Electric, Cisco, First Advantage, Kaiser Permanente, Fifth Third Bank and Administaff are scheduled to share their IT Security and Compliance Best Practices. For a full daily schedule and speaker bios, visit: http://www.qualys.com/rsa.

Qualys Speaks @ RSA

• On Wednesday, April 22, 9:10-10:20 a.m.  Qualys CMO, Amer Deeba will join the panel to discuss "Using SaaS to Solve Network Management and Security Challenges".
• On Thursday, April 23, 2:10-3:00 p.m. Qualys CTO, Wolfgang Kandek will present an RSA Featured Session on "The Laws of Vulnerabilities Research 2.0".
• Philippe Courtot, Qualys CEO will be Keynoting on April 23 at 3:40-4:15 p.m. with "Changing Security As We Know It - Software as a Service (SaaS) Has Arrived Giving Rise to Plethora of Security Applications".