Qualys Introduces Business Risk Management Capability

Slough, UK 16 June 2004 Qualys, Inc., the leader in on demand vulnerability management, today announced the release of QualysGuard? 3.3, introducing business risk management capabilities to network security and compliance. QualysGuard enables organizations to ensure the most business-critical network assets are protected from the latest security threats by incorporating asset criticality into the risk management process.

In spite of our globally deployed firewalls, intrusion detection, and anti-virus software, we were still impacted by the Blaster worm last year, said Robert S. Paszko, Director of Security for DuPont. Standard multi-layer security defences didn’t protect us completely from surprise exploitation of software defects. What we needed was a proactive, globally deployable solution to continually assess our security posture and actively reduce our exposure. Qualys on demand model was like turning on a light immediate visibility into ranked vulnerabilities and the fastest path to remediation, preventing attacks before they occur.

The window of time between the discovery of a security vulnerability and its exploitation has rapidly diminished. Automated network-aware worms are written within hours or days of the identification of software faults, leaving little time to plug security holes. Business units and entire companies are frequently taken offline as a result of these worms, often leading to significant financial losses. Keeping worms out of the network has proven ineffective — the new challenge for IT execs is how to identify the most critical network assets such as key databases, financial systems, Internet servers, and other critical infrastructure likely to be affected in advance of damaging attacks and quickly prioritize repairs according to business risk.

Security is no longer an IT issue. It’s a business function that needs to be understood at every level of the organization from the IT department to the boardroom, said Philippe Courtot, Chairman and CEO of Qualys. Reducing risk means making critical choices. The newest version of QualysGuard incorporates management capabilities to help organizations make those choices.

I need to see the big picture between our security situation and the potential impact to business operations, said Joe Ford, Chief Information Security Officer of Sodexho, the world’s largest food catering company. What network assets are most important to our business, which are most vulnerable at any given time, and what is the security team?s status of remediating our most critical vulnerabilities to keep our business systems up and functioning? QualysGuard?s business risk reporting provides me with a useful management tool, not just piles of security data.

What’s New in QualysGuard 3.3

The expanded version of QualysGuard gives CIOs, CSOs and IT Directors the much needed capability to manage the process of security from the perspective of business risk, ensuring that the most critical assets are being fixed first.

Asset Management and Reporting: QualysGuard automates the process of mapping and inventorying the network, giving executives a framework for applying categorization and priority of assets relative to the business criticality.

Business Risk Assessment and Management: Today, IT managers often receive detailed technical reports on potential threats, but they do not correlate to business impact or corporate priorities. The QualysGuard executive report illustrates the security and business risk status of the organization as a whole, as well as by business unit or asset group, and assigns remediation priority based on the value of the asset to the operation of the business. It also illustrates vulnerability and remediation trends over time, removing ‘faith’ from the IT management equation and providing proof of progress in compliance efforts.

Auto-Risk Measurement: As threats are announced, organizations must immediately assess the risk to their business. An automated Risk Matrix in QualysGuard enables organizations to measure the degree of exposure based on business impact and subsequently to focus IT staff on fixing the most critical exposed systems to avoid exploitation.

Global Remediation Workflow Capabilities: Global organizations face significant challenges in managing the security functions across a large, distributed network. QualysGuard offers new features to ease the burden of management, including hierarchical user groups to classify departments by global region and/or business function, delegate vulnerability assessment and track remediation tasks throughout the enterprise, and ensure centralized control.

QualysGuard 3.3 will be available in Q3, 2004. As an on demand solution, customers receive the enhanced version automatically and free of charge.

About Qualys

Qualys is the leader in on demand vulnerability management. The company allows organizations of all sizes to effectively secure their network, conduct automated security audits, and ensure compliance. Qualys automates the process of proactively identifying and remediating security vulnerabilities, and provides the quickest route to neutralize worms and other emerging threats according to their relative business impact. Qualys? on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented ability to scale make it ideal for large, distributed organizations. Thousands of customers rely on Qualys, including ABN AMRO, AXA, DuPont, Hershey Foods, Hewlett-Packard, ICI, Standard Chartered Bank, Thomson Corporation and many others. Qualys is headquartered in Redwood Shores, Calif., with European offices in France, Germany and the U.K. and Asian offices in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Don't miss