||This article appears to be written like an advertisement. (November 2011)|
||This article includes a list of references, but its sources remain unclear because it has insufficient inline citations. (January 2012)|
|Traded as||NASDAQ: QLYS|
|Founder(s)||Philippe Langlois and Gilles Samoun|
|Headquarters||Redwood Shores, CA, United States|
|Key people||Philippe Courtot|
|Services||QualysGuard IT Security and Compliance Suite, QualysGuard Vulnerability Management, QualysGuard Policy Compliance, QualysGuard PCI Compliance, QualysGuard Web Application Scanning, QualysGuard Web Application Firewall, QualysGuard Malware Detection Service, Qualys BrowserCheck|
Qualys, Inc. is a provider of cloud security, legal compliance and related software based in Redwood Shores, California. Founded in 1999, Qualys was the first company to deliver vulnerability management solutions as applications through the web using a "software as a service" (SaaS) model, and as of 2012 the company is considered to have remained the market leader for such products. Qualys claims more than 5,800 customers in more than 100 countries, including 51 of the Forbes Global 100. The company has strategic partnerships with major managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
Qualys was founded in 1999 at the height of the dot com boom, when Internet security was beginning to appear on executive agendas. The company launched QualysGuard in December 2000, making Qualys one of the first entrants in the vulnerability management market.
In 2005, Qualys extended its QualysGuard product line. Qualys' move into IT compliance management has particularly benefited the company’s client base in such heavily regulated industries as financial services, retail, manufacturing, government and health care. In 2008, Qualys introduced QualysGuard Policy Compliance; which extended the platform’s global scanning capabilities to collect IT compliance data across the organization and map this information into policies to document compliance for auditing purposes.
Qualys also released a service for web application scanning named QualysGuard Web Application Scanning (WAS). In 2010 at RSA Conference USA, Qualys¬Guard announced a new service helping to scan and identify malware on web sites, called QualysGuard Malware Detection Service,. It also announced the Qualys SECURE Seal, to help web sites show its visitors that its site has passed security scans.
At RSA Conference 2011, Qualys launched a new open source web application firewall project, IronBee, led by Ivan Ristic, the creator of Mod Security. At the RSA Conference in 2012, Qualys introduced new services and major technological innovations to the QualysGuard Cloud Platform extending its capabilities to help customers improve the security of their IT systems and applications, further automate their compliance initiatives for IT-GRC, and provide online protection against cyber attacks while reducing operational costs and increasing the efficiency of their security programs. It also announced the beta of its new cloud web application firewall, the QualysGuard Web Application Firewall.
On June 8, 2012, Qualys announced that it filed a registration statement on Form S-1 with the Securities and Exchange Commission relating to a proposed initial public offering of shares of its common stock.
The company's flagship product line, the QualysGuard Security and Compliance Suite, uses the software-as-a-service (SaaS) model. It is available as an Enterprise Edition for large, distributed organizations, and as an Express Edition for small to mid-sized businesses. It is made up of these products:
- QualysGuard Vulnerability Management – globally deployable, scalable security risk and vulnerability management
- QualysGuard Policy Compliance – defines, audits and documents for full IT security compliance
- QualysGuard PCI Compliance – automated PCI compliance validation for merchants and acquiring institutions
- QualysGuard Web Application Security – scalable, automated web application security assessment and reporting
- Free QualysGuard Malware Detection – performs daily scans of web sites and alerts web site owners of any malware issues
- Qualys SECURE Seal – allows businesses to scan web sites for presence of malware, network and web application vulnerabilities, as well as SSL certificate validation, and place a "Qualys SECURE" seal on their sites when secure
- Free Qualys BrowserCheck – free service allowing anyone to scan their browser and ensure their browsers and plug-ins are secure and up-to-date.
In addition to the main suite, Qualys also offers:
- Qualys' Vulnerability R&D Lab conducts a monthly, second-Tuesday videocast to discuss the vulnerabilities and threats present in Microsoft Windows.
- SSL Labs - page with resources and free tools for assessing use of SSL
- IronBee - open source project to build a universal web application firewall sensor in the cloud through collective efforts of the community.
- Slow HTTP Test, a free, open-source and highly configurable application that mimics some Application Layer Denial of Service attacks, was released in August 2011 and the tool is available on Softpedia's database of software programs for Mac OS.
2011 revenue was $76 million; the number of employees: 310. Qualys states that over 5,800 corporations use its products, including prominent worldwide organizations as well as small and medium-sized businesses in various industries. In 2010, Inc. magazine ranked Qualys within 5000 fastest growing private companies in the USA based on 104% revenue growth from 2006 to 2009. In 2012 Silicon Valley/San Jose Business Journal has recognized Qualys as one of the largest private companies in Silicon Valley – ranking 26th in a list of 51.
HP, Lumension, McAfee, nCircle, N-Stalker, Rapid7,
- Enterprise Cloud Security Firm Qualys Files For $100 Million IPO | TechCrunch
- New Forrester Wave Evaluation: Vulnerability Management Products | Forrester Blogs
- MarketScope for Vulnerability Assessment
- Find a Partner | Qualys, Inc
- About : Cloud Security Alliance
- Cloud Security Vendor Qualys Ready for IPO | Sramana Mitra
- Qualys Introduces Policy Compliance to Widely Adopted On Demand Vulnerability Ma… | Qualys, Inc
- Qualys Delivers First Integrated SaaS Solution for Security and Compliance | Qualys, Inc
- Psst, Mister, Scan Your Site for Malware – For Free? | Maureen O'Gara
- Business Technology News, Analysis and Context | ITBusinessEdge.com
- Qualys to offer free domain scanning and security assurance seals
- Infosecurity - Free web browser and plug-in security service launched
- IronBee Open Source WAF Project Launches - eSecurity Planet
- RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall Service | Security Blog
- QualysGuard Web Application Firewall (WAF)
- Laws.Qualys.com, The Laws of Vulnerabilities
- , SSL Labs
- , IronBee
- Researcher To Release Free 'Slow HTTP Attack' Tool - Dark Reading
- Download SlowHTTPTest for Mac Free
- "Valley's fastest growing companies honored". 14 October 2010.
- Qualys.com, Customers
- The 2010 Inc. 5000 List - JurInnov through Busey Group | Inc.com
- Qualys Ranks 26th in Silicon Valley/San Jose Business Journal’s Largest Private … | Qualys, Inc
- Silicon Valley Business Journal - 2012-08-03 digital edition
- Qualys web site
- Hoge, Patrick (December 19, 2008). "Friday, December 19, 2008 Network security firm Qualys floats to top of cloud computing Redwood City company to do $50M". San Francisco Business Times. Retrieved 10 January 2010.
- Hines, Matt (October 16, 2007). "Core, Qualys to enter Web apps scanning market". InfoWorld. Retrieved 10 January 2010.
- Rash, Wayne (December 9, 2002). "Inside information - QualysGuard service strengthened with an intranet scanner appliance.(Qualisguard Intranet Scanner Applicance)(Hardware Review) (Product/Service Evaluation)". InfoWorld. Retrieved 10 January 2010.
- "Qualys Updates Network Security Auditing Security audits are automated and unalterable, describing when the audit was performed, what vulnerabilities were uncovered, how to fix them, when they were assigned and to whom, and when repairs were successfully implemented.". Internet Week. April 16, 2003. Retrieved 10 January 2010.