Qualys, Inc: Delivering Critical Security Intelligence On Demand
Businesses and government agencies are more distributed today than ever before. IT assets are dispersed, perimeters must be more open to the outside world and identifying vulnerabilities and malware to effectively protect those assets has become a problem of scale and this at a time when networks themselves are evolving with the emergence of the cloud. Headquartered in California, Qualys was the first to adopt cloud-oriented architecture to help address these points. Philippe Courtot is the Chairman and CEO of the company.
Unlike traditional enterprise software solutions, which are difficult and costly to deploy and maintain, Qualys delivers critical security intelligence on demand and automate the full spectrum ofauditing, compliance and protection of IT systems and Web applications.
Qualys virtualized their entire stack so they could deliver their solutions as a Private Cloud for those companies who wanted to have their vulnerability data and credentials residing within the walls of their companies. They have now two fully redundant Shared Platforms in Santa Clara hosted at Savvis and in Zurich hosted at Swisscom. In addition, Qualys has 14 private clouds established at large global corporations, telcos and managed security service providers (MSSP).
While the disruptive shift from client server computing to cloud computing is accelerating, security has become front and center and the challenge they are now faced with is to build security into the fabric of cloud computing. Qualys is well positioned to become a major participant in this endeavor due to its cloud oriented architecture and multiple delivery models. Qualys is now working to deliver a fully disconnected version of their cloud platform to address the needs of the Department of Defense (DOD) market and enable foreign entities to expand their sovereign cyber defense offerings. They are also expanding the virtualization of their stack and building a cloud-based malware protection service, as well as a cloud security agent.
Qualys has more than 6,700 customers, including a majority of the Forbes Global 100 and the Fortune 100.Existing relationships with MSSPs like Verizon and Dell SecureWorks, which already cover enterprises, are increasingly being leveraged to reach midsized businesses. The list of customers includes Alcatel-Lucent, British Broadcasting Corporation, Fujitsu America, Infosys and NASDAQ.
Elaborating on a case study that brought benefits to one of its clients Philippe says, “Oracle turned to Qualys for a solution and was our design partner. In addition to be capable of keeping their vulnerability data and credential in their Austin data center, Oracle required that Qualys not only develop vulnerability signatures every day but also that the number of false positive and negative be under six sigma accuracy.”
In effect as soon as these signatures pass the rigorous testing in the Qualys Quality Assurance Lab, they are automatically updated in their vulnerability database and scanner appliances are automatically updated with multiple vulnerability checks each day with no user action required. Oracle also uses Qualys to conduct compliance scans for its internal hosting operations. The program was easy to deploy and continues to be easy to manage and operate.
The road map ahead
Qualys is expanding their partnerships around the world. After nearly two years as a public company, they are now looking at selective acquisitions to allow the company to continue acquiring security talent and accelerate efforts to bring innovative security solutions delivered as a service.