Qualys Drives Vulnerability Management Standards with Latest Release of QualysGuard

InfoSecurity Conference, New York – December 7, 2005 – Qualys Inc., the leading provider of on demand vulnerability management and policy compliance solutions, today announced QualysGuard® 4.5 to help organizations better identify vulnerabilities, prioritize remediation and benchmark efforts against industry standards. The new version of QualysGuard supports the CVSS and OVAL industry standard initiatives. Additional features include dynamic host management, advanced asset classification features, trusted scanning enhancements, and advanced remediation workflow capabilities, making it easier for organizations to customize vulnerability management to their network environment.

“The process of measuring risk and reducing security vulnerability is unique to every organization; however, standards within the industry can give security administrators a way to compare their network environment to agreed-upon benchmarks, “said Gavin Reid, FIRST’s CVSS project manager and a member of Cisco’s Computer Security Incident Response Team. “With support for key industry standards including the Common Vulnerability Scoring System (CVSS), Qualys is helping drive the standardization and simplification of security processes for organizations.”

“As one of the first vulnerability management providers to ship support for the OVAL standard, Qualys continues to show its commitment to helping organizations better understand the vulnerabilities they face,” said Robert A. Martin, lead for The MITRE Corporation’s OVAL Compatibility effort. “The Open Vulnerability and Assessment Language (OVAL) is designed to provide a standard language and baseline for describing the checks used to determine the presence of vulnerabilities and configuration issues on computer systems. This vision continues to expand as more companies incorporate OVAL support in their products and services.”

Support for Key Security Industry Standards

QualysGuard 4.5 is the first vulnerability management solution to provide support for the CVSS and OVAL industry standards, two critical benchmarks in measuring the severity of vulnerabilities and outlining the process for finding vulnerabilities. The Common Vulnerability Scoring System (CVSS) provides universal severity ratings for security vulnerabilities. It gives security professionals, business executives and end users across industries a standard language for measuring vulnerability severity and prioritizing responses. CVSS was designed by a team of industry-leading companies, including Qualys, in support of the U.S. National Infrastructure Advisory Council (NIAC). With QualysGuard 4.5, organizations can easily view the CVSS severity rating of vulnerabilities that affect asset groups or hosts within their network environment.

The Open Vulnerability and Assessment Language (OVAL) offers an industry standard for identifying vulnerabilities and configuration issues on computer systems. Until OVAL there was no common or structured means for system administrators and other end users to determine the existence of vulnerabilities, configuration issues, and/or patches in local systems. OVAL standardizes the three main steps of the process: collecting system characteristics and configuration information from systems for testing; testing the systems for the presence of specific vulnerabilities, configuration issues, and/or patches; and presenting the results of the tests. With OVAL support in QualysGuard 4.5, organizations can create customized vulnerability scans to meet their security needs.

“The ability to quickly identify, prioritize and remediate vulnerabilities is essential to ensuring systems are protected against attacks. By standardizing these processes, organizations can better ensure network security and policy compliance,” said Philippe Courtot, chairman and CEO of Qualys, Inc. “With its on demand platform, Qualys can quickly and easily integrate support for initiatives like CVSS and OVAL on a global level without requiring users to deploy software or resources.”

Additional Features

QualysGuard 4.5 also includes new features to help organizations better customize their vulnerability management processes for their unique environment. New features include:

– Dynamic host management (DHCP) capabilities enable organizations to track and audit hosts that receive IPs dynamically, so that remediation trends can be accurately measured over time.

– Asset search portal query enhancements provide subscribers with a centralized location for asset management so customers can identify hosts that are out of policy, vulnerable, or misconfigured based on various criteria.

– Enhanced API features help organizations customize remediation ticketing efforts. Users can download selective data for custom reports and integration with third party ticketing systems.

– Expanded trusted scanning capabilities beyond Windows and SSH for Oracle and SNMP-enabled devices. This level of scanning permits a deeper, more in-depth audit to measure asset compliance against internal security policies.

– New remediation workflow features that include manually ticket creation from scan reports and launching verification scans directly from tickets to verify that patches were applied correctly.

– Integration of QualysGuard Map into Microsoft Visio for enhanced printing and network visibility. This feature gives customers the flexibility to better visualize their network and document its various segments for regulatory purposes.

Pricing and Availability

QualysGuard 4.5 is generally available now. The QualysGuard platform is automatically updated with all new product additions for current customers.


About QualysGuard

Qualys brings the speed, accuracy and cost-effectiveness of the software-as-a-service model to enterprise security. It’s QualysGuard on demand vulnerability management and policy compliance service enables organizations to assess and manage business risk. QualysGuard gives users an automated way to map global assets, identify vulnerabilities on their networks, prioritize remediation according to business risk, and ensure regulatory compliance—with no infrastructure to deploy or manage.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organizations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood Shores, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Don't miss