First Integrated Software-as-a-service Suite for Security and Compliance from Qualys reduces complexity and slashes cost
 
New SaaS Suite simplifies compliance for Auditors, Security Professionals and Executive Management at same time as delivering independent verification of security posture right across the enterprise

Qualys Stand G150, Infosecurity Europe tradeshow, Olympia, London

Infosecurity Europe Tradeshow, London, UK - 21 April, 2008— Qualys. today introduced the world’s first service to satisfy the demands of security and compliance with one single solution delivered via the browser.   QualysGuard® Security and Compliance Suite is a family of SaaS products geared to helping global organisations manage the challenges and costs associated with securing their IT infrastructure more effectively.  The new suite allows auditors, security professionals and senior management alike to meet the ever-increasing demands from regulatory controls without having to install any additional software.   

Leveraging its well-established Software-as-a-service delivery model, the new suite delivers unprecedented ease of deployment at a fraction of the cost.  The Policy Compliance suite enables organisations not only to scan their network for vulnerabilities but also automatically identifies any system which is out of compliance, whether it is vulnerable to an attack, improperly configured or violating an internal policy or external regulation. 

Traditional solutions are painful, costly and cumbersome to deploy, costing hundreds of pounds per device and bringing heavy deployment and maintenance charges.  Organisations have therefore commonly limited their use to a few critical servers, scrimping on their compliance efforts.  Because of the Qualys on-demand business model, users can now have at their fingertips the entire IT security and compliance posture of their organisation by business unit or asset group at a cost they can afford.

Qualys is showing this major breakthrough in compliance and security for the first time in Europe on stand G150 at the Infosecurity Europe tradeshow in Olympia (22-24 April)

Commenting on this latest development, John Meakin, Group Head of Information Security for Standard Chartered Bank said:

“Our aim has always been to achieve the right level of security, balancing precious IT budget against risk.  Now that the complexity and frequency of regulatory demands has increased our task has become more challenging.  Not only do we need to control and manage internal and external threats to our IT infrastructure on an on-going basis we also need to demonstrate to auditors that we are compliant with a wide range of regulations.  The introduction of this new converged product suite greatly eases these two major requirements.   We can collect security and compliance information simultaneously from across our distributed network and leverage it appropriately across our organisation.  This not only enables us to greatly reduce the cost of compliance but at the same time helps us to take effective steps to reduce risk which is an overarching goal”

“A basic responsibility of the IT security organisation is to protect the business from internal and external threats.  Moreover, the IT security organisation is also under pressure to help the business satisfy the business requirements and complying with the demands of internal and external auditors for multiple regulations. Auditors want to see: policies that describe how an organisation will provide security and integrity; proof that the policies have been operationalized; and evidence that the organisation can discover and fix policy compliance lapses,” said Mark Nicolett, vice president, distinguished analyst, Gartner “An effective vulnerability management and compliance programme can make an organisation more efficient in reducing the risk of internal and external threats, while, at the same time, provide proof of compliance demanded by auditors.”

The QualysGuard Security and Compliance Suite consists of the following products, all of which are delivered as a service with no new costly software to deploy or manage:

•   QualysGuard Policy Compliance 1.0—Qualys’ new SaaS compliance solution helps organisations pass audits and document compliance tied to corporate security policies, laws and regulations, enabling them to satisfy the requirements of internal and external auditors.

Additional Policy Compliance features and customer benefits include:

•   Simplified Compliance Management—allowing users to set automated compliance scans and map against major industry regulations such as Sarbanes-Oxley, Basel 11 and others.

•   Automated Compliance Reporting—allowing customers to meet the reporting requirements of individual internal policy or regulation by mapping compliance to policy by asset group or host. 

•   Seamless Integration—Policy Compliance 1.0 integrates seamlessly with QualysGuard Vulnerability Management, leveraging the same safe, reliable and secure SaaS infrastructure.

•   QualysGuard Vulnerability Management—Qualys’ full lifecycle solution for discovering all devices and applications across the network, while identifying and mitigating vulnerabilities that make network attacks possible.

•   QualysGuard PCI Compliance— Qualys’ PCI compliance application dramatically streamlines the PCI compliance process. QualysGuard PCI provides small and medium-sized businesses with enterprise-level scanning and reporting, while enabling large corporations to facilitate PCI compliance on a global scale.

CISO for Sodexo Service and Cards division, Abdellah Cherkaoui (who is presenting in the panel session on compliance taking place within the keynote conference at Infosecurity Europne on Thursday 24 April 10:30-11:45) said:

“As one of the first European organisations to achieve SOX compliance, we have benefited from Qualysguard’s ability to deliver clear and accurate reports, demonstrating independently to auditors the state of compliance across our global organisation.  Qualys’ service helped us reduce tremendously the cost and the time consumed searching for vulnerabilities and how to correct them.  On-demand vulnerability management with Qualysguard was not only easy to deploy – it also massively increased our overall efficiency in combating systems and infrastructure vulnerabilities while allowing each of our many local subsidiaries worldwide to prioritize their security activities more effectively, reduce overall risk and improve performance.  This new converged product suite is further evidence of Qualys ability to evolve their service offering to meet our developing business needs with ease and transparency for us – a key strength of the Software-as-a-Service model”

“Addressing the security and compliance posture of a global IT infrastructure is harder than ever due to emerging threats, new and ever-changing regulations and the expanding geographic distribution of offices, partners, people and IT assets,” said Philippe Courtot, CEO and chairman, of Qualys. “IT security and policy compliance management delivered together as a service answers all of these challenges by providing accurate, actionable and on demand information to the right audience, at the right time, anywhere in the world. Thousands of end-user organisations around the globe made an early commitment to the SaaS model because they were visionaries in recognizing how their businesses and the regulatory environments in which they operate were changing.”
 
Pricing & Availability

The QualysGuard Security and Compliance Suite comes in two editions:

1.   Enterprise Edition ideal for large, distributed organisations. Annual subscriptions start at £20,000 (25,000 Euros) which includes unlimited vulnerability and compliance scans in multiple locations, unlimited number of users, enterprise and scorecard reports and 24x7 customer support.
2.   Express Edition ideal for small to medium-sized organisations. Annual subscriptions start at £1,995 (2,500 Euros) which includes unlimited vulnerability and compliance scans and 24x7 customer support.

QualysGuard Policy Compliance is available to  EMEA customer on May 22nd, 2008. QualysGuard Vulnerability Management and QualysGuard PCI are currently available and already in use by 3,500 active subscribers around the world. QualysGuard is deployed at 35 of the Fortune 100, and more than 240 of the Forbes Global 2000.