RSA 2008: First integrated SaaS solution for security and compliance

Qualys today introduced the QualysGuard Security and Compliance Suite, a suite of SaaS products aimed at helping global organizations to better manage the operational challenges and costs associated with securing their IT infrastructure, and complying with the ever increasing set of regulations.

The QualysGuard Enterprise Security and Compliance Suite is comprised of the following products, all of which are delivered as a service with no new software to deploy or infrastructure to maintain:

• QualysGuard Policy Compliance 1.0—Qualys’ new SaaS compliance solution helps organizations pass audits and document compliance tied to corporate security policies, laws and regulations, enabling them to satisfy the requirements of internal and external auditors. Additional Policy Compliance features and customer benefits include:
• Simplified Compliance Management—Customers can set automated compliance scans with controls based on CIS and NIST standards, while mapping to major industry regulations, including COBIT, ISO, NIST, Sarbanes-Oxley, HIPAA, GLBA, Basel II and others.
• Automated Compliance Reporting—Security and business managers can map compliance to policy by asset group or by host, allowing them to meet the reporting requirements of individual internal policy or regulation. They also can create and manage exceptions based on a new workflow and enterprise role—Auditor.
• Seamless Integration—Policy Compliance 1.0 integrates seamlessly with QualysGuard Vulnerability Management, leveraging the same safe, reliable and secure SaaS infrastructure relied upon by more than 3,400 organizations worldwide.
• QualysGuard Vulnerability Management—Qualys’ full lifecycle solution for discovering all devices and applications across the network, while identifying and mitigating vulnerabilities that make network attacks possible.
• QualysGuard PCI Compliance—Qualys’ PCI compliance application dramatically streamlines the PCI compliance process. QualysGuard PCI provides small and medium-sized businesses with enterprise-level scanning and reporting, while enabling large corporations to facilitate PCI compliance on a global scale.

The QualysGuard Security and Compliance Suite comes in two editions:

1. Enterprise Edition — ideal for large, distributed organizations. Annual subscriptions start at $25,000, which includes unlimited vulnerability and compliance scans in multiple locations, unlimited number of users, enterprise and scorecard reports and 24×7 customer support.

2. Express Edition — ideal for small to medium-sized organizations. Annual subscriptions start at $2,500, which includes unlimited vulnerability and compliance scans and 24×7 customer support.

QualysGuard Policy Compliance is available to all US customers on April 22, 2008 and EMEA customer on May 22, 2008. QualysGuard Vulnerability Management and QualysGuard PCI are currently available and already in use by 3,400 active subscribers around the world. QualysGuard is deployed at 35 of the Fortune 100, and more than 240 of the Forbes Global 2000.