|Traded as||NASDAQ: QLYS|
|Founder||Philippe Langlois and Gilles Samoun|
|Headquarters||Redwood Shores, California, United States|
|Philippe Courtot, CEO and Chairman|
Number of employees
Qualys, Inc. is a provider of cloud security, compliance and related services for small and medium-sized businesses and large corporations based in Redwood Shores, California. Founded in 1999, Qualys was the first company to deliver vulnerability management solutions as applications through the web using a "software as a service" (SaaS) model, and as of 2013 Gartner Group for the fifth time gave Qualys a "Strong Positive" rating for these services. It has added cloud-based compliance and web application security offerings.
Qualys has over 7,700 customers in more than 100 countries, including a majority of the Forbes Global 100. The company has strategic partnerships with major managed services providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
Qualys was founded in 1999. The company launched QualysGuard in December 2000, making Qualys one of the first entrants in the vulnerability management market. The QualysGuard Intranet Scanner was released in 2002 to automatically scan corporate LANs for vulnerabilities and search for an available patch. The following year, Qualys released FreeMap, a web-based tool for scanning, mapping and identifying possible security holes within networks connected to the Internet.
In 2005, Qualys extended its QualysGuard product line. In 2008, Qualys introduced QualysGuard Policy Compliance, which extended the platform’s global scanning capabilities to collect IT compliance data across the organization and map this information into policies to document compliance for auditing purposes. Qualys also released a service for web application scanning named QualysGuard Web Application Scanning (WAS). In 2010, at the RSA Conference USA, Qualys announced QualysGuard Malware Detection Service, a new service designed to scan and identify malware on web sites. It also announced the Qualys SECURE Seal, which allows websites to show visitors that it has passed security scans.
In July 2010, Qualys announced Qualys BrowserCheck, a service for checking web browsers and plug-ins for security vulnerabilities. At RSA Conference 2011, Qualys launched a new open source web application firewall project, IronBee, led by Ivan Ristic, the creator of ModSecurity and a director of engineering at Qualys. At the RSA Conference in 2012, Qualys introduced updates to the QualysGuard Cloud Platform, which extended its capabilities to help customers improve the security of their IT systems and applications, further automate their compliance initiatives for IT-GRC, and provide online protection against cyber-attacks while reducing operational costs and increasing the efficiency of their security programs.
Qualys went public on NASDAQ with the symbol QLYS on September 28, 2012, raising net proceeds of $87.5 million. At the 2014 RSA Conference, Qualys announced general availability of its QualyGuard Web Application Firewall (WAF), which provides protection for websites running on Amazon EC2 and on-premise, as well as a new Continuous Monitoring solution and free Top 4 Security Controls service.
On April 7, 2014, the OpenSSL security bug, Heartbleed, was publicly disclosed. The following day, Qualys released a detection for Heartbleed through its Qualys SSL Labs and QualysGuard Vulnerability Management (VM). In September 2014, Qualys released a detection for Bash Shellshock through Qualys Vulnerability Management (VM).
In January 2015, Qualys announced a vulnerability in the Linux GNU C Library, known as GHOST, and released a patch through Qualys Vulnerability Management (VM).
SC Magazine has awarded Qualys for its security software solutions every year from 2004-2014. SC Magazine also awarded Qualys "Best Security Company" in 2014. Maurice Hampton, director, field operations at Qualys, sits on SC Magazine's editorial advisory board.
In 2010, Inc. magazine ranked Qualys within 5000 fastest growing private companies in the USA based on 104% revenue growth from 2006 to 2009. In 2012 Silicon Valley/San Jose Business Journal has recognized Qualys as one of the largest private companies in Silicon Valley – ranking 26th in a list of 51.
In November 2014, Qualys received the 2014 Security Reader's Choice Awards for Best Risk and Policy Compliance Solution, Best Application Security Product, and Best Vulnerability.
- "Qualys Announces Record Fourth Quarter and Full Year 2014 Financial Results". Qualys. Retrieved 29 March 2015.
- "QLYS-2013 10-K". United Securities and Exchange Commission. Retrieved 1 May 2014.
- Meghan Kelly (28 September 2012). "Cloud security company Qualys up 18 percent on IPO after the markets close". VentureBeat. Retrieved 1 May 2014.
- "Vendor Product/Service Analysis". Gartner. Retrieved 18 May 2014.
- Enterprise Cloud Security Firm Qualys Files For $100 Million IPO | TechCrunch
- New Forrester Wave Evaluation: Vulnerability Management Products | Forrester Blogs
- Find a Partner | Qualys, Inc
- About : Cloud Security Alliance
- "Qualys Introduces Cloud Continuous Monitoring". Diversity. Retrieved 18 May 2014.
- Cloud Security Vendor Qualys Ready for IPO | Sramana Mitra
- Marin Courtney (30 September 2002). "Tool scours networks for threats". Network Week.
- David M. Ewalt (26 May 2003). "Free Network Check". Information Week.
- "Qualys Adds Security and Regulatory Policy Compliance to SaaS Offering". The Windows Observer. Retrieved 18 May 2014.
- Psst, Mister, Scan Your Site for Malware – For Free? | Maureen O'Gara
- Qualys to offer free domain scanning and security assurance seals
- Infosecurity - Free web browser and plug-in security service launched
- IronBee Open Source WAF Project Launches - eSecurity Planet
- RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall Service | Security Blog
- Ingrid Lunden (28 September 2012). "Cloud Security Firm Qualys’ IPO Opens At $12/Share, Raising $71.8M". TechCrunch. Retrieved 1 May 2014.
- "RSA news round-up". IT Security Guru. Retrieved 18 May 2014.
- "Qualys Releases Detection for HeartBleed OpenSSL Vulnerability". Marketwired. Retrieved 18 May 2014.
- "How to check if your favorite websites are vulnerable to the Heartbleed bug". Digital Trends. Retrieved 18 May 2014.
- "Qualys Releases Detection for Bash Shellshock Vulnerability". MarketWatch. 29 September 2014. Retrieved 29 March 2015.
- "Qualys Releases Security Advisory for "GHOST" Vulnerability on Linux Systems". Yahoo! Finance. 27 January 2015. Retrieved 29 March 2015.
- "Awards". Retrieved 18 May 2014.
- "The Sponsors". SC Magazine. Retrieved 18 May 2014.
- "Results 2014". SC Magazine Awards 2014 Europe. Retrieved 18 May 2014.
- "Editorial Advisory Board - SC Magazine". Retrieved 27 March 2015.
- The 2010 Inc. 5000 List - JurInnov through Busey Group | Inc.com
- Qualys Ranks 26th in Silicon Valley/San Jose Business Journal’s Largest Private … | Qualys, Inc
- Silicon Valley Business Journal - 2012-08-03 digital edition
- "Qualys Earns Highest Rating Possible of "Strong Positive" for Fifth Time in Gartner's MarketScope for Vulnerability Assessment". Marketwired. Retrieved 18 May 2014.
- "2014 Information Security Readers' Choice Winners". TechTarget. Retrieved 29 March 2015.
- Qualys web site
- Hoge, Patrick (December 19, 2008). "Friday, December 19, 2008 Network security firm Qualys floats to top of cloud computing Redwood City company to do $50M". San Francisco Business Times. Retrieved 10 January 2010.
- Hines, Matt (October 16, 2007). "Core, Qualys to enter Web apps scanning market". InfoWorld. Retrieved 10 January 2010.
- Rash, Wayne (December 9, 2002). "Inside information - QualysGuard service strengthened with an intranet scanner appliance.(Qualisguard Intranet Scanner Applicance)(Hardware Review) (Product/Service Evaluation)". InfoWorld. Retrieved 10 January 2010.
- "Qualys Updates Network Security Auditing Security audits are automated and unalterable, describing when the audit was performed, what vulnerabilities were uncovered, how to fix them, when they were assigned and to whom, and when repairs were successfully implemented.". Internet Week. April 16, 2003. Retrieved 10 January 2010.