Qualys Debuts Its Next Generation Security-as-a-Service Platform

New Java Backend, with Open Source Components, Use of Virtualization and Web 2.0 Technologies, Brings Unprecedented Scalability, Interoperability, Dynamic Reporting and Hierarchical Asset Management

San Francisco, Calif. - February 14, 2011 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today at RSA Conference USA 2011, introduced its next generation Security-as-as-Service platform to host the QualysGuard IT security and compliance Software-as-a-Service (SaaS) suite of applications in the cloud.

Qualys will describe the new platform tonight at booth #1432 at 7 p.m. PT at the RSA Conference.

The new Qualys security-as-a-service platform provides an integrated framework with new state-of-the-art functionality in all Qualys security and compliance applications. Standards-based integration and middleware ties together the browser, all Qualys applications, six platform services and engines, the user’s security and compliance data, scanners, and the QualysGuard KnowledgeBase.

With the new platform, users will get prioritized job management, modular services to ensure highest uptime and performance, dynamic analysis and reporting capability, and support for physical and virtual appliances – from Qualys or deployment by other cloud solution providers.

“This new backend and injection of open source technologies combined with the Web 2.0 front end has been in the making for over two years,” said Philippe Courtot, chairman and CEO for Qualys. “Unlike with enterprise software, our SaaS implementation allows us to bring these new performance capabilities and major enhancements transparently to our existing users.”

The new Qualys platform is operational today for Malware Detection 1.0 and SECURE Seal 1.0, and it will be in the Web Application Scanning (WAS) 2.0 Beta (see related release). Migration of QualysGuard Vulnerability Management (VM), Policy Compliance (PC) and PCI Compliance solutions will occur in phases throughout 2011 in a transparent manner to all subscribers.

About the New Platform and Technology

Click to enlarge

The new platform uses cutting-edge open source and commercial technologies, including a Web 2.0 user interface (UI) and a Java-based backend infrastructure. The browser integrates with the platform’s backend via a standard JSON API and Web Services API. These provide the interface to all Qualys IT security and compliance applications. Platform services and engines include Reporting & Dashboard, Questionnaire & Collaboration, Remediation & Workflow, Correlation & Risk Calculation, and Alerts & Notification. The platform’s data layer includes modules for Scan Management & Scheduling, Indexing & Tagging, and Data Management & Security. In turn, these integrate with internal and external scanners, virtual or hardware scanners, and the QualysGuard KnowledgeBase hosted in Oracle RAC DB.

New technologies implemented in the new platform include:

  • Multi-dimensional, extremely fast, clustered data indexing and tagging using Apache Solr.
  • Powerful and customizable reporting engine using BIRT for multi-format output.
  • Web-scale application clustering using Terracotta and Ehcache technologies.
  • Direct Web Remoting (DWR) services-based dynamic UI using powerful JavaScript Sencha EXT components.
  • SOAP and REST based XML web services for high volume API interaction.

About the New Platform: Benefits for Users

The integration benefits of the new platform will touch all security and compliance applications hosted by the platform, including:

  • New UI with dynamic and interactive interfaces, wizards and new report templates to present scan data with wide range of presentation options to match users’ needs
  • New customizable template-driven reporting engine outputs reports in a variety of formats (csv, doc, xls, pdf, xml, ppt) based on users’ criteria.
  • Fast searching of several extensive Qualys data sets, including scan results, asset data, scan profiles, users, vulnerabilities and more.
  • Patent-pending technology for hierarchical dynamic asset tagging and role-based user access.
  • Dynamic distribution of scans on multiple scanners based on availability and load to optimize scanning of large networks, drastically reducing the overall scan time required to complete large scan jobs.
  • Virtualized scanning platform for enterprises, consultants and cloud-based environments (see related release).

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 47 of the Fortune Global 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company, and has been recognized by leading industry analysts for its market leadership.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters
Contact: pr@qualys.com

Media Contact:
Tami Casey
Qualys
media@qualys.com