Qualys

Qualys, Inc.

Industry	Security
Founded	1999
Founder(s)	Philippe Langlois and Gilles Samoun
Headquarters	Redwood Shores, California, U.S.A.
Area served	Worldwide
Key people	Philippe Courtot
Services	QualysGuard, Qualys BrowserCheck, QualysGuard Malware Detection
Revenue	$76 million[5]
Employees	310[1]
Website	qualys.com

Qualys, Inc. is a major provider of software-as-a-service (SaaS) IT security risk and compliance management solutions. Qualys' on demand security risk and compliance management solutions make it possible for organizations to strengthen the security of their networks and conduct automated security audits that ensure regulatory compliance and adherence to internal security policies. Qualys is the only security company that delivers these solutions through a single SaaS platform: QualysGuard. All of Qualys' on demand services can be deployed within hours anywhere around the globe, providing customers with an immediate view of their security and compliance postures.

The service is used by more than 5,000 organizations in 85 countries, including 45 in the Fortune 100 and performs over 500 million IP audits per year. It is headquartered in Redwood Shores, California, with international offices.^[2] Qualys was one of the first companies to act as SaaS provider (formerly known as ASP - Application Service Provider) as early a 1999 and to release REST-like (not REST-ful) HTTP API (2000).

Pioneer of On Demand Security: Security as a Service

Qualys was founded in 1999 at the height of the technology bubble, when network security was just beginning to appear on the agendas of executive management meetings around the globe. The company launched QualysGuard in December 2000, making Qualys among the first entrants in the vulnerability management market. QualysGuard moved to market with a powerful combination of highly accurate and easy-to-use scanning technology and pioneered a revolutionary new approach to delivering security applications through the Web, which would later be called "Software-as-a-Service."^{[citation needed]}

Qualys witnessed its customers experiencing the on demand power and flexibility with the SaaS model compared to traditional enterprise software: lower total cost of ownership, the ability to access and manage the application from any Web browser, and never-before-seen access to new and upgraded applications - thanks to shorter SaaS development cycles that help address new and emerging security threats.

In 2005, Qualys extended its QualysGuard product line to help customers better manage IT compliance issues—which are inextricably intertwined with vulnerability management—including what has now become the Payment Card Industry Data Security Standard. Qualys’ move into IT compliance leverages and significantly aids its existing client base in such heavily regulated industries as financial services, retail, manufacturing, government, and health care. In 2008 Qualys introduced QualysGuard Policy Compliance which extends QualysGuard’s global scanning capabilities to collect IT compliance data from hosts and other assets within the organization, and maps this information into policies to document compliance with regulations and mandates. Qualys has continued to add new services to its platform for comprehensive security as a service. In 2008, Qualys launched QualysGuard Web Application Scanning (WAS). In 2010, Qualys launched QualysGuard Malware Detection, a free service helping organizations protect their web sites from malware and vulnerabilities, and Qualys BrowserCheck, providing a free tool for people to make sure their web browsers and plug-ins are up-to-date and secure.^{[citation needed]}

Products

The company’s flagship product line, the QualysGuard Security & Compliance Suite, uses the software-as-a-service (SaaS) model. It is available as an Enterprise Edition for large, distributed organizations, and as an Express Edition for small to mid-sized businesses. It is made up of these products:

• QualysGuard Vulnerability Management - globally deployable, scalable security risk and vulnerability management
• QualysGuard Policy Compliance - defines, audits and documents for full IT security compliance
• QualysGuard PCI Compliance - automated PCI compliance validation for merchants and acquiring institutions
• QualysGuard Web Application Security - scalable, automated web application security assessment and reporting
• Free QualysGuard Malware Detection - performs daily scans of web sites and alerts web site owners of any malware issues
• Qualys SECURE Seal - allows businesses to scan web sites for presence of malware, network and web application vulnerabilities, as well as SSL certificate validation, and place a "Qualys SECURE" seal on their sites when secure
• Free Qualys BrowserCheck - free service allowing anyone to scan their browser and ensure their browsers and plug-ins are secure and up-to-date.

Other services

Qualys’ Vulnerability R&D Lab conducts a monthly, second-Tuesday videocast to discuss the vulnerabilities and threats present in Microsoft Windows.^[3] SSL Labs - page with resources and free tools for assessing use of SSL ^[4] IronBee - open source project to build a universal web application firewall sensor in the cloud through collective efforts of the community ^[5]

Company profile

2009 revenue was $57.4 million; the number of employees: 205.^[6] Qualys states that over five thousand corporations use their products, including prominent worldwide organizations as well as small and medium-sized businesses in various industries.^[7] In 2010, Inc. magazine ranked Qualys within 5000 fastest growing private companies in the USA based on 104% revenue growth from 2006 to 2009.^[8]

Venture capital firms and companies that have invested in Qualys include ABS Ventures, GRP Partners, HP, Trident Capital and VeriSign.[6]

Potential IPO

Qualys has long been seen by industry analysts as a candidate for IPO. Early 2012, Qualys' CEO Philippe Courtot stated "We are ready", referring to IPO. It has been reported that Qualys "is poised for an initial public offering (IPO) later this year."[7]

References

1. [1]
2. Qualys.com, Company Overview
3. Laws.Qualys.com, The Laws of Vulnerabilities
4. [2], SSL Labs
5. [3], IronBee
6. "Valley's fastest growing companies honored". 14 October 2010. http://www.bizjournals.com/sanjose/stories/2010/10/11/daily82.html. 
7. Qualys.com, Customers
8. [4]

External links

• Qualys web site
• Hoge, Patrick (December 19, 2008). "Friday, December 19, 2008 Network security firm Qualys floats to top of cloud computing Redwood City company to do $50M". San Francisco Business Times. http://www.bizjournals.com/sanfrancisco/stories/2008/12/22/story11.html. Retrieved 10 January 2010. 
• Hines, Matt (October 16, 2007). "Core, Qualys to enter Web apps scanning market". InfoWorld. http://www.infoworld.com/d/security-central/core-qualys-enter-web-apps-scanning-market-250. Retrieved 10 January 2010. 
• Rash, Wayne (December 9, 2002). "Inside information - QualysGuard service strengthened with an intranet scanner appliance.(Qualisguard Intranet Scanner Applicance)(Hardware Review) (Product/Service Evaluation)". InfoWorld. http://www.accessmylibrary.com/article-1G1-95177044/inside-information-qualysguard-service.html. Retrieved 10 January 2010. 
• "Qualys Updates Network Security Auditing Security audits are automated and unalterable, describing when the audit was performed, what vulnerabilities were uncovered, how to fix them, when they were assigned and to whom, and when repairs were successfully implemented.". Internet Week. April 16, 2003. http://www.informationweek.com/news/showArticle.jhtml?articleID=8800226. Retrieved 10 January 2010.