Qualys Showcases Significant Expansions to Its QualysGuard Security-as-a-Service Platform at Ninth Annual Security Conference in San Francisco

SAN FRANCISCO, CA--(Marketwire - Sep 29, 2011) - Qualys®, Inc., the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions, today announced at its ninth annual Qualys Security Conference (QSC) 2011 (#qsc2011), that it will showcase new capabilities and significant expansions to its QualysGuard security-as-a-service platform that hosts Qualys' IT security and compliance SaaS suite of applications in the cloud.

The QualysGuard IT Security and Compliance Suite leverages a powerful security-as-a-service platform and a context- and role-based user interface (UI) to deliver powerful services, including vulnerability management (VM), policy compliance (PC), PCI compliance, web application scanning (WAS) and malware detection -- through a single unified web portal. At the conference, Qualys will unveil new powerful features for the QualysGuard suite featuring new interactive dashboards and new capabilities, making it easier than ever for companies to protect IT assets and data from possible security threats.

"We have been a QualysGuard subscriber since 2004 and watched the solution evolve from a VM solution to an integrated suite of security and compliance offerings -- delivered via the cloud," said Dan Klinger, Sr. Manager, Global Information Security, The Hershey Company. "Now we are using the full capabilities of the QualysGuard suite to detect vulnerabilities in our environment and effectively collect compliance data for our GRC initiatives. This solution is a game changer as it gives us comprehensive visibility from a central point."

New features available now in QualysGuard include:

• New Dashboard Views and Reports. New VM and PC dashboard views provide interactive at-a-glance views of customer's security and compliance postures. PC also now features a Policy Summary report, providing a one-page summary of compliance status for a specific policy.
  
  
• Policy Import/Export. PC now provides the ability to share and create policies using simple XML files. This makes it easy for customers and auditors to collaborate on GRC efforts.
  
  
• Patch Report Enhancements. Patch report provides actionable information for administrators to remediate vulnerabilities. QualysGuard now provides the ability to both selective filter and adjust the severity of patches displayed in the report, allowing users to align patch reporting with their remediation processes and SLAs.
  
  
• Oracle Patch (OPatch) Detections. OPatch is an Oracle-supplied utility that helps Oracle users apply and rollback patches for Oracle software. QualysGuard now provides the option to use the OPatch utility to obtain Oracle patch information during Oracle authenticated scans on Unix hosts, allowing users to follow Oracle's recommended best practices for system administration and maintenance.
  
  

At the QSC 2011, Qualys engineers will also showcase significant expansions for the QualysGuard security-as-a-service platform as part of the 2012 roadmap. Scheduled to be available in beta by Q4 2011, these include:

• Amazon EC2 Virtual Scanner. Amazon EC2 Virtual Scanners are transparent to customers and are fully integrated with QualysGuard via the Amazon APIs for asset validation, discovery and scanning, allowing customers to seamlessly assess risk in their emerging Amazon EC2 instances.
  
  
• New Asset Module with Tagging. Asset tagging allows both static and dynamic tags to be applied to enterprise assets within QualysGuard for reporting and scanning. These tags leverage scan results and custom attributes, providing powerful grouping of assets quickly and easily. In addition to tagging, this new module provides a hierarchical grouping of tags, allowing assets to be grouped in various business views for reporting and more granular access control capabilities.
  
  
• New Questionnaire and Workflow Module. Self-assessment questionnaires have been the main source for GRC solutions to collect control data. The new QualysGuard self-assessment questionnaire module provides centralized and customized compliance reporting and workflows for collecting technical and non-technical controls.
  
  
• Enterprise Malware Detection Capabilities. New user interface for Malware Detection Service (MDS) allows enterprises to manage and scan multiple web sites with enhanced management and reporting capabilities as well as more sophisticated scheduling and scanning options. The new MDS dashboard provides a global overview of malware scans within the enterprise, allowing users to easily pinpoint web sites that are serving drive-by malware, and to monitor scan activity across multiple web sites. New reports also include trending over time and improved remediation instructions.
  
  

"In today's rapidly changing threat landscape, the most effective way for companies to protect themselves is to accurately identify assets, identify vulnerabilities, and ensure that systems are properly configured," said Philippe Courtot, chairman and CEO for Qualys. "Our goal is to continuously expand and improve our QualysGuard SaaS platform so customers can raise the bar when securing their assets without the cost and complexity associated with deploying enterprise software."

Availability

QualysGuard is sold as annual subscriptions based on the number of systems and applications, and it includes training, all updates and 24x7 support. For detailed information on this latest release, visit https://community.qualys.com.

About Qualys
Qualys, Inc. is the leading provider of Software-as-a-Service (SaaS) IT security risk and compliance management solutions. Qualys solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 45 of the Fortune 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a leading global company, and has been recognized by leading industry analysts for its market leadership. Qualys was recently named Best Security Company in the Excellence Awards category of the 2011 SC Awards U.S.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, Dell SecureWorks, Symantec, Tata Communications and TELUS. Qualys is a founding member of the Cloud Security Alliance (CSA).

For more information, please visit www.qualys.com.