Quotes

The world of security is becoming more complex and threatening every day. Today, firewalls and intrusion detection solutions simply aren't enough. We need a solution that will not only help us identify potential vulnerabilities, but will also prioritize which vulnerabilities are the most important and what steps are needed to correct them. Qualys has helped companies like ours anchor their security policies with an automated, scalable and proactive solution that will result in a bottom-line ROI.
Deefay Young, Senior Network Security Analyst
Adobe Systems
We need a solution that will not only help us identify potential vulnerabilities, but will also prioritize which vulnerabilities are the most important and what steps are needed to correct them.
Deefay Young, Senior Network Security Analyst
Adobe Systems
QualysGuard will allow AXA to prove to regulators, who are increasingly conscious of the risks to IT systems, that we are actively managing potential risk.
Monty Couch
AXA
QualysGuard will allow AXA to prove to regulators, who are increasingly conscious of the risks to IT systems, that we are actively managing potential risk.
Monty Couch
AXA Group
The world of network threats is very clearly becoming larger, more complex and far more severe, and it has become a nearly impossible task for us to keep up with the changing security landscape. Qualys relieves the time- and resource-intensive burden of vulnerability management. With QualysGuard's automated vulnerability assessment service in place, we can be sure that our servers are highly secure, patches are up-to-date, security policy standards are enforced, and equipment configurations are current. Technically the best vulnerability management solution. QualysGuard epitomizes my vision of the ideal vulnerability management platform.
Raphael Marchand, Security Architect
AXA Investment Managers
With QualysGuard's automated vulnerability assessment service in place, we can be sure that our servers are highly secure, patches are up—to—date, security policy standards are enforced, and equipment configurations are current.
Raphael Marchand, Security Architect
AXA Investment Managers
With its huge KnowledgeBase of known vulnerabilities and fixes, QualysGuard eliminates the need to hire experts on each of our operating systems and applications.
Lenard East, Network Engineering and Operations Manager
Bank of the West
By showing the FDIC our QualysGuard reports, we prove that we regularly identify risks, rank them by priority, adjust our actions to eliminate those risks, and then verify that we're no longer vulnerable.
Leonard East
Bank of the West
Qualys provides a very cost-effective and efficient way to stay on top of emerging security exposures.
Stephan Shin, Group Manager
Bank of the West
The Bank of the West continually assesses new information protection technology, and the innovative online scanning technologies presented by QualysGuard help us to be proactive in preventing unauthorized access. By looking at our networks from the outside-in, Qualys provides a very cost-effective and efficient way to stay on top of emerging security exposures.
Stephan Shin, Group Manager
Bank of the West
Online vulnerability scanning lets us assess network security exposures on an on-demand basis over the Internet while leveraging constantly up-to-date vulnerability detection signatures. In effect, online scanning services such as QualysGuard turn the Internet itself into a tool against would-be network intruders.
Craig R. Torgerson, Vice President and Technology Manager
Bremer Financial
We've been using Qualys's service for almost three years already. We regularly scan the Internet appearances of BSH Bosch and Siemens Hausgeraete GmbH, as well as their hosted brand appearances worldwide. We also use QualysGuard to scan individual networks within the BSH corporate network on a case-by-case basis. The favorable cost-benefit ratio, the simplicity of using the product, and the differentiated reporting functions were decisive criteria which impelled specialists and management alike to opt for the implementation of this particular scanner. The excellent technical support and the speedy way that newly detected security gaps are integrated round out the usefulness of this product. Transparency creates awareness and is simultaneously also a fundamental building-block that helps to guarantee network security and system security in our concern.
Thomas Barth, Head of Information Security
BSH Bosch and Siemens
The favorable cost-benefit ratio, the simplicity of using the product, and the differentiated reporting functions were decisive criteria which impelled specialists and management alike to opt for the implementation of this particular scanner.
Thomas Barth, Head of Information Security
BSH Bosh and Siemens
We like the vulnerability reports, which include detailed information on how to patch security holes in our network of 1,500 workstations and 500 laptops at 18 locations.
Archie Alimagno
California Department of Insurance
The privacy and security of our patients' information is a fundamental requirement at Cedars-Sinai. Qualys provides us with a third-party capability to audit our networks for vulnerabilities and provide verified fixes immediately. With an automated process, we have significantly reduced our costs for network security audits.
Ray Duncan, Director, Technology & Architecture
Cedars-Sinai Medical Center
With an automated process, we have significantly reduced our costs for network security audits.
Ray Duncan, Director, Technology & Architecture
Cedars-Sinai Medical Center
QualysGuard Vulnerability Management is an essential part of our strategy for protecting confidential patient information in accordance with HIPAA regulations.
Matthew Economou, Security Systems Analyst
Cincinnati Children's Hospital Medical Center
PCI compliance is extremely intimidating for organizations relying on the payment card industry for the majority of their transactions. The QualysGuard PCI On Demand platform reduces the cost and complexity of security and compliance for organizations through the software-as-a-service model.
Dr. Michael G. Mathews
CynergisTek
I appreciate QualysGuard's ability to speedily provide understandable and consistently computed information about vulnerability trends. Unlike the previous manual reporting method, reliable and professionally reported trends based on sound and consistent data now enable me to quickly assess the status of our vulnerability-remediation processes.
Tomas Fencl, Security and Technical Architect
Czech Airlines
Due to recent cyber attacks, enterprise customers increasingly wish to strengthen their network security and ensure compliance with various federal regulations. Our comprehensive security audits address these needs for our clients. With Qualys' automated platform we can immediately deliver cost-effective and frequent audits to our customers with the highest quality of detection.
Victor Keong, Partner, Network Attack and Penetration
Deloitte & Touche
QualysGuard is an essential piece of our robust offering that provides customers with a diverse range of products, services, and custom packages that meet their individual requirements.
Jim Cowing
DRG
When compared to other public domain security audit tools, QualysGuard is much easier to implement, understand and use, which translates to greater efficiency for our clients.
Jim Cowing
DRG
The amount of data we grapple with is huge. With Nessus and other open source tools, it was very difficult to roll up security data across the whole organization — it would require a team of full-time people.
Chris Lalonde
eBay
The favorable cost—benefit ratio, the simplicity of using the product, and the differentiated reporting functions were decisive criteria which impelled specialists and management alike to opt for the implementation of this particular scanner.
Chris Lalonde
eBay
The Qualys report interface is way out in front of other products, QualysGuard was much easier to use, even without security experience.
Chris Lalonde
eBay
Using QualysGuard to audit security of partner networks is much simpler, faster and cheaper than hiring contractors. Audit reports also help provide a paper trail for compliance with regulations, such as the Sarbanes—Oxley Act.
Chris Lalonde
eBay
We use QualysGuard as a way to paint a picture of security and feed it to our executives — right up to the CEO. The reports give senior executives a concise, real-time view into eBay's security risks and measure change in those risks as we implement security measures. The reports also provide us with the data we need for budgeting security resources.
Chris Lalonde
eBay
For us, the major advantage of an online service like QualysGuard PCI is that it's accessible from everywhere in the world. That lets us perform the external network scan as part of our onsite work with a customer. Another advantage is the fact that it is tailored specifically for PCI compliance evaluation, including the reports. That saves us time and saves the customer money.
Stephan Engelke
Excelsis
We selected Qualys because it would enable us to have individual customers up, running and connected with the centrally managed Qualys @Customer Data Center within a day – the Software as a Service (SaaS) model eliminated the requirement for additional spending on human re-sourcing, hardware infrastructure, and most certainly would result in a saving on operational maintenance. For our customers who are securing very sensitive information, this model provides the control and power of a security operations center, without sacrificing the advantages of a service model. Qualys was the only provider who gave us this level of security, flexibility, scale and ease of deployment.
Logan Hill
Faritec
Installing QualysGuard was about as easy as popping the five-pound appliance into a rack and turning it on. The average systems administrator should be able to get it up and running within 15 minutes. Compare that with two hours or more for a competent Linux user to properly configure and install Nessus.
... If your agency needs fast setup, low maintenance and scalable performance and has the budget to buy the best, QualysGuard is for you.
Vincil Bishop and Earl Greer
Federal Computer Week
The process of measuring risk and reducing security vulnerability is unique to every organization; however, standards within the industry can give security administrators a way to compare their network environment to agreed-upon benchmarks. With support for key industry standards including CVSS, Qualys is helping drive the standardization and simplification of security processes for organizations.
Gavin Reid
FIRST
As the clear market leader in providing PCI specific vulnerability scanning services, Qualys presents extremely accurate vulnerability scanning results, interactive vulnerability data, PCI specific configuration settings, PCI (per IP) reporting, and valuable trending capabilities.
Mark Carney
FishNet Security
We use QualysGuard to audit merchants for MasterCard SDP and VISA CISP compliance as it provides the most accurate and appropriate vulnerability data and mitigation recommendations.
Paul Klahn
FishNet Security
MSPs are slated to become a $2.6 billion market by 2006, according to figures from analyst firm IDC.
Qualys has provided Fujitsu with a distributed, scalable global platform on which to base our new remote auditing service. This is an unprecedented weapon in the battle against network intruders and emerging network vulnerabilities, enabling customers to take a truly proactive stance against attack.
Hiroaki Kurokawa, Group President
Fujitsu
Qualys has provided Fujitsu with a distributed, scalable global platform on which to base our new remote auditing service. This is an unprecedented weapon in the battle against network intruders and emerging network vulnerabilities, enabling customers to take a truly proactive stance against attack.
Hiroaki Kurokawa, Group President
Fujitsu
The security situation is growing more complex every day. We're working with QualysGuard now because we had been looking for a proactive solution that would not only help us to identify potential weak points in our network, but would also provide detailed reporting which would give us information about patches, thereby showing us possible steps that we could take to further improve the security of our network. The simplicity operating it, its automated scans, and the transparency of its costs combine to make QualysGuard an interesting and important tool for us in the field of network security and thus also in the field of data security.
Stephan Mueller, Sr. Mgr. Security & Business Continuity
Fujitsu Siemens Computers
QualysGuard is like having our own full-time research staff in house. It's a very inexpensive way to get a third party to check out my network and tell me what exposures exist.
Gary Praegitzer
QualysGuard reports are an excellent solution for documenting IT security controls and compliance with regulatory requirements.
Jaime Chanaga, former CISO
Geisinger Health System
We have been using QualysGuard Express for the last three years in order to audit our external network. We first fixed the vulnerabilities we had discovered. But then, we also modified the configuration of some servers and QualysGuard identified that they were actually expolitable from outside the network and needed repair. Today, QualysGuard allows us to maintain our security and to proactively and continuously secure our network with a limited and controlled budget.
Laurent Muller, CSO
Groupe Alban Muller
QualysGuard offers us a cost-effective way to deliver vulnerability management capabilities and ensure our customers have the tools they need to remain in compliance with security best practices.
Ketan Dholakia
GTS
With QualysGuard we can show our customers where their open doors are and fix the vulnerabilities for them with no additional investment in network infrastructure or personnel.
Ketan Dholakia
GTS
Hershey Foods depends on automated transactions with suppliers, distributors and consumers. Proactive vulnerability assessment is a necessity to protect our business from zero-day exploits, worms and hackers.
Dan Klinger
Hershey Foods
Proactive vulnerability assessment is a necessity to protect our business from zero-day exploits, worms, and hackers. We use QualysGuard to audit business-critical assets in order to protect our brand and our shareholders against potential financial loss.
Dan Klinger
Hershey Foods
We use QualysGuard to audit business—critical assets in order to protect our brand and our shareholders against potential financial loss. As an on demand service, QualysGuard Enterprise allows us to align our information security with our core business strategies.
Dan Klinger
Hershey Foods
The window between vulnerability discovery and time to exploitation is narrowing rapidly. Today's networking environment requires continuous auditing with real-time vulnerability and patch updates. The key way to provide adequate security is through a Web service that is updated daily.
Howard A. Schmidt
As an on demand solution, QualysGuard enables us to perform security audits as often as necessary, spot vulnerabilities immediately as they are added to the QualysGuard database, and work proactively to remediate them.
Paul Simmonds, Director of Global Information Security
ICI
As a Web-based solution, QualysGuard enables us to perform security audits as often as necessary, spot vulnerabilities immediately as they are added to the QualysGuard database, and work proactively to remediate them. This helps us secure all of our network entry points, enforce ICI security policies and assists us in meeting federal requirements.
Paul Simmonds, Director of Global Information Security
ICI
One of the thirteen critical sectors highlighted by the U.S. Department of Homeland Security for heightened security measures is the chemicals sector; and we have an obligation under the Department's requirements to assess and improve the security of network infrastructure. Products made by ICI are the vital ingredients that add value to its customers' products and processes. With 36,000 employees worldwide ICI had sales in 2002 of more than $6 billion.
Paul Simmonds, Director of Global Information Security
ICI
QualysGuard provides us an easy way to find all the vulnerabilities on ICI's and its partner's networks and ensure the vulnerabilities are corrected.
Paul Simmonds, Director of Global Information Security
ICI
Qualys is taking vulnerability management to the next level by providing 'out-of-the-box' integration with Remedy
Charles Kolodgy, Research Director
IDC
We selected Qualys because of all the solutions we reviewed, QualysGuard performs the most comprehensive scans with the fewest errors. When we considered the performance, accuracy, ease of use, and deployability of the QualysGuard web service, it yielded a very cost-effective solution for our network.
Peter Albert, Director of Operations
iPass Inc.
When we considered the performance, accuracy, ease of use, and deployability of QualysGuard, it yielded a very cost-effective solution for our network.
Peter Albert, Director of Operations
iPass Inc.
Qualys gives us a leg up because it automates what used to be manual processes. We spend more time now helping our clients to devise protection strategies and better manage the vulnerabilities instead of doing routine bits and bytes.
Doug Davidson
Jacadis
The reporting is so clean with Qualys that I don't need a high-dollar consultant explaining data to the customer. This boosts our margins and makes everyone happy.
Doug Davidson
Jacadis
[QualysGuard Consultant] takes care of updates automatically and we don't have to invest in any additional infrastructure, which is an enormous load off our backs.
Doug Davidson
Jacadis
Deployment of QualysGuard was incredibly easy — just a matter of giving our IPs and proof of ownership to Qualys, entering the numbers and clicking the start button.
Gary Praegitzer
Jelly Belly Candy Company
QualysGuard is like having our own full-time research staff in house. It's a very inexpensive way to get a third party to check out my network and tell me what exposures exist.
Gary Praegitzer
Jelly Belly Candy Company
The value of Qualys' vulnerability management solution is not just accurately identifying vulnerabilities; it's prioritizing those threats, mapping them to the critical assets in our business, and managing the remediation and compliance lifecycle.
Gary Praegitzer
Jelly Belly Candy Company
We have not had any successful attacks since we installed QualysGuard.
Gary Praegitzer
Jelly Belly Candy Company
With the new Qualys dashboard, all of this information is available on demand at our fingertips.
Gary Praegitzer
Jelly Belly Candy Company
Since our business is PCI compliant, I was familiar with, and had used other PCI compliance services. I was very surprised at the thoroughness of the scan from Qualys. It discovered issues that had not been brought to my attention from other compliance scans.
Sam Lehrfeld
KneeDraggers.com Inc.
The new credit card compliance functionality in QualysGuard makes PCI compliance as easy as pushing a button. This level of accuracy and automation helps us save significant time and costs in demonstrating compliance with PCI. It also helps us ensure the integrity of our credit card processing infrastructure that is used by more than 150,000 merchants.
Jim Aviles
Merchant E-Solutions
QualysGuard has improved the value of our Snort IDS by reducing the amount of time wasted catering to false positives. We can now reduce the costs of handling alerts by increasing their relevance and prioritizing them to make our company more secure. As threats continue to increase, it becomes paramount that security products work together for a smarter defense.
Donald Wilkins, Director of Network Services
Navicure
All it took was a phone call and less than an hour to get up and running with QualysGuard. Implementation was simple and the results were immediate.
Jim DiDominicus, CISO
New York Board of Trade
I've used software-based vulnerability assessment solutions, but they require a lot of care and feeding. I needed basic, centralized security functions running quickly. All it took was a phone call and less than an hour to get up and running with QualysGuard. Implementation was simple and the results were immediate. I've got it to the point where, unless remediation is required, I spend 15 minutes a week to review reports from security scans. The return on investment was instant with QualysGuard.
Jim DiDominicus, CISO
New York Board of Trade
Protecting our trading data is the highest priority for the New York Board of Trade, and QualysGuard is an integral part of our layered network defense.
Jim DiDominicus, CISO
New York Board of Trade
The level of scanning accuracy and elimination of false positives provides us with the confidence that we are constantly guarded against new threats that are arising.
Jim DiDominicus, CISO
New York Board of Trade
Regulations such as the Sarbanes-Oxley Act and Basel II have pushed compliance to the forefront of the executive's agenda. In this environment, security managers must tie their vulnerability management and security auditing practices to broader corporate risk and compliance initiatives.
Andreas Wuchner-Bruehl
Novartis AG
With QualysGuard, I control the entire security audit. Results are totally independent, which helps me certify compliance.
R. Kinney Williams & Associates
I use Qualys as the foundation of my Internet security testing service.
R. Kinney Williams
[Sub—contractors] had to spend many hours on each customer — way too much time. That cost went down dramatically when I switched to Qualys.
R. Kinney Williams
Ensuring maximum protection against the latest security threats of the day is a growing concern within our organization. The Qualys On-Demand platform allows us to audit our security status at any moment and manage network vulnerabilities on a centralized enterprise-wide level with a fraction of the resources and cost.
Mark Iovinelli, Enterprise Design and Implementation Team Manager
RR Donnelley
The Qualys on demand technology allows us to audit our security status at any moment and manage network vulnerabilities on a centralized enterprise-wide level with a fraction of the resources and cost.
Mark Iovinelli, Enterprise Design and Implementation Team Manager
RR Donnelley
With QualysGuard Consultant I reduced my average vulnerability assessment and penetration testing bench time by 50%, from 6 days to just 3.
Security Assessments.com
Indeed, when Monterey County used Redwood City's Qualys to scan its network for vulnerabilities, it found that many employees and even vendors dialing in from off-site were the weak link.
SF Chronicle
Our staff is simply too busy to spend hours each day trying to monitor every security vulnerability that arises on the Internet. We want a service that automatically and proactively identifies potential vulnerabilities and gives us a quick way to prioritize what we need to work on first.
David Mortman, Director of Information Technology
Siebel Systems
QualysGuard is an integral part of our security policies and practices. It streamlines a variety of complex auditing and testing procedures such as identifying devices, finding vulnerabilities and assisting in the repair process. Without having to add more technical staffers, the automation of security audits helps us quickly meet most of the key administrative procedures as outlined by HIPAA.
George Zimmerman, Internet Administrator
St. Peter's Health Care Services
Without having to add more technical staffers, the automation of security audits helps us quickly meet most of the key administrative procedures as outlined by HIPAA.
George Zimmerman, Internet Administrator
St. Peter's Health Care Services
As one of the first vulnerability management providers to ship support for the OVAL standard, Qualys continues to show its commitment to helping organizations better understand the vulnerabilities they face.
Robert A. Martin
The MITRE Corporation
With Tribune's distributed organizational structure and heterogeneous environment, we needed a rapid and economical way to scan for and eliminate server vulnerabilities. The QualysGuard PCI On Demand platform and the services of CynergisTek are helping us to verify the PCI compliance of our IT infrastructure.
Dr. Joshua Seeger
Tribune Broadcasting
Initially we used the Qualys service to satisfy the PCI external scanning requirement. And within about six months we were impressed enough with the solution that we began to evaluate it as an enterprise-level solution.
Randy L. Harris
U.S. Marine Corps' Marine Corps Community Services
QualysGuard 5.0 includes important enhancements that enable seamless and straightforward integration with our Managed Security Offerings including single-sign-on capabilities with our portal and the ability to easily bring Qualys data into our applications so that it can be leveraged to enhance our industry-leading managed services.
Scott Magrath
VeriSign