Success - On Time, On Budget, On Demand
For us, the only way to measure success is through the results we deliver to each and every customer. Achieving effective IT security and regulatory compliance, in harmony with business objectives, is imperative for our customers' success - regardless of the uniqueness of their business, their culture and size. Here's how, in their words, we've helped thousands of companies get there.
Consulting / Services
- Agrokor Group
- Arval
- Arval Service Lease Italy
- Cartagena
- Crisp Thinking
- ELKART
- Ignite Media Solutions
- Joel Lanz
- Sodexo
Education
Financial Services
Government
- European Patent Office
- Florida Department of Health
- Ideal Innovations
- Marine Corps Community Services
Healthcare
Insurance
Manufacturing
Managed Service Providers / Consultants
Not-for-Profit
Publishing / Media
Retail
Technology
Telecom
Transportation
Industry:
Education
Headquarters:
New London, New Hampshire
Students:
985+ undergraduates
Employees:
380+
"I can tell you that all of the time and effort we've invested in security has paid off. Our workload has been cut dramatically. We're much more efficient now — and much more secure. Qualys provides us the easiest way to prioritize and fix our software vulnerability and configuration issues. You plug it in, and it works."
Information Security Analyst
Objectives
- Provide effective IT security throughout its network to ensure a secure and highly-available academic environment.
- Manual vulnerability scans lacked visibility into Colby-Sawyer infrastructure, and failed to easily identify servers and vulnerabilities that jeopardized security and compliance efforts.
Results
- QualysGuard quickly became a critical part of its risk management program, enabling the college to conduct daily scans of its critical servers and externally-facing network addresses.
- Automated on demand security and vulnerability audits, highly accurate vulnerability and configuration scans, and comprehensive reporting capability.
Industry:
Education
Headquarters:
Columbus, Ohio
Employees:
300+
Students:
3,115+
"QualysGuard not only helps us to secure our systems better, but it adds value because it makes us more efficient. It streamlines our vulnerability management efforts so that we can focus better on innovative IT initiatives that add value to the university."
CIO
Objectives
- Improve risk management and IT governance efforts.
- Automate vulnerability identification and remediation.
- Ready the university for eventual ISO 17799 certification.
Results
- The university was able to quickly move from manual vulnerability assessments to a fully automated vulnerability management and policy compliance program.
- Rapidly remediate vulnerabilities across the university's network, and better manage IT assets through network discovery, detailed mapping, asset prioritization, vulnerability assessment reporting and remediation tracking.
- Effectively put into place a mature security and risk management program, that is a core part of the university's IT governance program necessary for eventual ISO 17799 certification.
Industry:
Education
Headquarters:
Moscow, Idaho
Employees:
850+
Students:
12,000+
"QualysGuard is accurate and easy to use. We didn't trust the open source tool we were using, and we couldn't get consistent results. Each time someone ran a scan, the settings and the results were different. With QualysGuard, anyone on my team can use it, and its results are accurate and consistent."
Networks and Systems Manager
Objectives
- Improve the IT security of the university by distributing security responsibilities throughout its staff.
- Maintain PCI DSS compliance for those systems that support its credit card payments.
- Spot misconfigured PCs and servers, out of date operating systems and applications, and provide operations teams the crucial fixes they need for rapid remediation.
Results
- QualysGuard enables the university to distribute the ability to conduct vulnerability assessments across its staff.
- Streamlines University of Idaho's ability to maintain PCI DSS compliance.
- QualysGuard virtually eliminated false positives.
Industry:
Education
Headquarters:
Salt Lake City, Utah
Employees:
17,000+
Students:
28,000+
Business:
One of the top public research universities in the nation that provides more than 100 undergraduate and 90 graduate degree programs
"Our security program is getting to the point we wanted to reach all along: where the vulnerability scans are transparent. It's as if there was this angst when the security team showed up before, and, 'oh no, we are going to get scanned again.' That's all gone now."
Manager of Information Security Operations
Objectives
- Keep the University's IT infrastructure, which consists of thousands of servers and tens of thousands of endpoints totaling more than 30,000 individual IP addresses, secure and compliant to the Health Information Portability and Accountability Act, HIPAA.
Results
- QualysGuard continuously assesses the security of the University's internal, and externally-facing IT systems.
- QualysGuard provides the University the ability to better discover and manage all of its networked devices – desktops, servers, routers, and more to create detailed reports for regulatory compliance.
- The quality of the assessment reporting has helped to improve the relationship between the security group and operation teams.
Industry:
Financial Services
Headquarters:
Osceola, Iowa
Locations:
5 branches throughout Iowa
Total Assets:
$289.4 million
"When we receive notifications from our QualysGuard scans we instantly see a comparison to the previous scan and know if everything is okay, or if there is a new vulnerability we need to take care of right away."
Network Administrator
Objectives
- Secure American State Bank's new online banking services.
- Meet internal and FDIC security compliance demands.
Results
- QualysGuard Express enables the bank to quickly and cost-effectively reduce security risks throughout the organization and meet complex banking regulatory demands.
Industry:
Financial Services
Headquarters:
San Francisco, California
Locations:
680+ branches throughout US
Employees:
10,700+
Customers:
3+ million households throughout 19 states
Total Assets:
$54 billion
"The QualysGuard solution is easiest to deploy, requires the least maintenance in terms of day-to-day care and feeding, has the least potential for conflicts with our existing platforms and production environment, and is economical."
VP of Network Engineering and Operations
Objectives
- Efficiently identify and eliminate network vulnerabilities across multiple operating system platforms and applications.
- Regulatory reporting to prove security compliance.
- Rapid deployment and user training for a reliable vulnerability management solution.
- Ability to easily handle branch and company expansion.
Results
- With QualysGuard, Bank of the West was able to scan their entire network within hours and successfully identify and eliminate risks.
- Able to now meet regulatory security requirements using QualysGuard reports.
- Bank of the West has been able to effortlessly increase their use of QualysGuard as the network demands of the bank grow without any additional overhead or staff.
Industry:
Financial Services
Headquarters:
United Arab Emirates
Locations:
20+ branches
Business:
Retail and commercial banking services
Annual Revenue:
AED 600+ million
Total Assets:
AED 18+ billion
"We no longer have to spend so much time checking the accuracy of scanner reports, or maintaining the software. We simply assess our network regularly and can trust Qualys' results."
Senior Manager and Head of IT Security
Objectives
- Needed an effective and efficient way to keep its network and IT infrastructure secure and updated with the latest security patches.
- Put into place an automated, repeatable, verifiable way to manage software vulnerabilities.
- Open source vulnerability scanners lacked accuracy, and IT security team-members had to spend inordinate amounts of time sorting the false positives from actual vulnerabilities.
Results
- CBD selected QualysGuard from Qualys Inc., thus enabling the bank to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, and track security fixes.
- The thorough QualysGuard scans not only provide the ability to identify and mitigate vulnerabilities and misconfigurations; its comprehensive reporting can be tailored for security teams, IT operations, and the bank's business executives.
- Perhaps the greatest saving comes from QualysGuard's accuracy and the fact that security team members no longer have to waste extraordinary amounts of time chasing false positives.
- Today, CBD conducts automated QualysGuard scans of its internal network every week, and of its external, Internet-facing networks every day.
Industry:
Financial Services
Headquarters:
Oswego, IL
Business:
Credit union serving the Chicago metropolitan area
Total Assets:
$200+ million
Employees:
84+
"Qualys went above and beyond the other vendors. It thoroughly demonstrated its service, and helped walk me through an actual scan. It spent time teaching me the product. None of the competitors came close. The quality of the product and the demonstration cinched Qualys for me."
Information Technology Manager
Objectives
- Provide an additional, yet crucial, layer of defense to its existing IT and physical security safeguards through automated vulnerability assessments.
- Improve its vulnerability risk management program, which includes the ability to discover network assets and applications, identify vulnerabilities, provide remediation information and workflow, and then validate that the vulnerabilities have been fixed.
Results
- QualysGuard provided automated, and highly-accurate vulnerability identification.
- QualysGuard provides the credit union the ability to better discover and manage all of its networked devices - desktops, servers, routers, and more to create detailed reports that are used throughout all levels of administrators and business leaders.
- QualysGuard has dramatically improved vulnerability reporting, especially helpful for internal auditing and compliance efforts.
Industry:
Finance Services
Headquarters:
Karlsruhe - Germany
Employees:
3,000
"QualysGuard enables us to collect security and compliance information from all of our global IT assets without having to deploy agents and to leverage this data across multiple compliance and regulatory initiatives. This enables us to drastically reduce the cost of compliance reporting while gaining an accurate view of our security and compliance posture."
Chief Security Officer
Objectives
- Replacement of the Nessus opensource solution with a commercial risk-management tool
Results
- Easy implementation of the solution & self-explanatory
- Various views and reports
- Little administration and support required
Industry:
Financial Services
Headquarters:
Cincinnati, Ohio
Business:
Diversified financial services company
Locations:
Operates 18 affiliates with 1,167 full-service banking centers throughout the US
Employees:
21,000+
Annual Revenue:
$8.5+ billion
Total Assets:
$220 billion in managed assets
"It's not about being secure the day the auditors show up. It's about being secure and compliant every month, week, day, and hour. And QualysGuard helps us to achieve and demonstrate that continuous level of security and compliance."
Manager of Information Security Vulnerability Management Team
Objectives
- Fifth Third's vulnerability management team, dedicated to keeping 5,000 servers and 30,000 desktops secure, needed to move away from manual-based scanners that only allowed the team to run ad-hoc scans, and lacked the ability to centrally manage vulnerability data or trend the bank's risk management progress over time.
- Attain more accurate scan results and organize data by business units, system platforms, and any other way needed.
Results
- Fifth Third has 20 QualysGuard appliances deployed that continuously audit more than 30,000 specific IP addresses automatically throughout the bank's infrastructure.
- Via QualysGuard's ability to assign highly-specific asset tags, the bank can now parse its vulnerability information in any way it needs. The bank can break down its reporting by machine types, business units, and many other ways.
- Fifth Third has improved efficiency via the use of QualysGuard's API to automate report distribution to all IT managers, systems administrators and others.
Industry:
Financial Services
Headquarters:
New Orleans, Louisiana
Locations:
9 branches throughout New Orleans
Employees:
200+
"Not only do we use QualysGuard to perform all of our vulnerability assessments, it also helps us demonstrate compliance with financial regulations and manage overall business risk. We now have direct control over assessment and remediation — and a truer picture of security for the Bank's management."
Data Security Officer
Objectives
- Improve vulnerability assessment management and remediation processes.
- Cost-efficiently strengthen the security of bank networks, computers and applications.
Results
- QualysGuard Express provides cost-efficient, on demand vulnerability management - reducing risks and improving network security for the bank.
Industry:
Financial Services
Headquarters:
Los Angeles, CA
Locations:
39 branch locations throughout the greater Los Angeles metropolitan area
Business:
This full service bank offering an entire spectrum of financial products and services.
Total Assets:
$6 billion
"The way QualysGuard is designed, everything — all the reports, all the scanning, all the results — is very easy to access from anywhere. All of this together: the automation, the detailed reports, and centralized management, translates into improved security. And that's exactly what we wanted to achieve."
Network Security Officer
Objectives
- To ensure that its systems are both secure from breaches and always available to its customers
Results
- QualysGuard provides First Fed a powerful and reliable way to protect and secure its systems throughout the entire vulnerability management life cycle, including asset discovery, asset grouping, vulnerability assessment and analysis necessary for effective vulnerability management.
Industry:
Financial Services
Headquarters:
Singapore, a unit of ING Groep N.V
Business:
Banking, insurance, and asset-management services
Annual Revenue:
€15+ billion market value
Employees:
130,000+ employees
"QualysGuard helps us to complete the work we do every day more successfully. We can find security issues and close the gaps that need to be closed."
Chief Information Security Officer
Objectives
- Move away from manual vulnerability scans, to automated and highly accurate vulnerability assessments.
- Improve vulnerability assessment and mitigation reporting.
Results
- Ability to discover and prioritize all network assets.
- Accurately detect and eliminate the vulnerabilities that make network attacks possible.
- Software-as-a-Service delivery model streamlines management.
- Proactively identify and fix security vulnerabilities.
- Manage and reduce business risk.
- Enhanced the entire vulnerability management life cycle: asset discovery, vulnerability assessments, and tracking of security fixes.
Industry:
Financial Services
Headquarters:
New York, New York
Locations:
Global commodity futures and options trading exchange
"All it took was a phone call and less than an hour to get up and running. Implementation was amazingly easy. And the results were immediate. The return is instant; it was a no-brainer. I've got it to the point where, unless remediation is required, I spend 15 minutes a week to review reports from [our] security scans."
Chief Information Security Officer
Objectives
- Ability to constantly monitor security posture, and implement controls to minimize risk of trade interruptions.
- Consistently meet internal policy and regulatory requirements for NYBOT security and its backup trading sites.
- Attain these objectives without any increase in IT security personnel.
Results
- QualysGuard provided an immediate way for NYBOT to implement a comprehensive vulnerability management system.
- QualysGuard helped NYBOT to attain all key security and compliance objectives
Industry:
Financial Services
Headquarters:
London, UK
Locations:
1,400+ locations throughout more than 50 countries
Employees:
60,000+
"Being able to report on remediation and response plans has also helped us meet strict financial compliance requirements. QualysGuard reports give me and my security team an instant overview of the overall level of health of security in my organization."
Group Head of Information Security
Objectives
- An effective way to quickly and efficiently tackle critical security problems in the bank's high risk, high profile environment.
- Develop an effective, global, risk-driven approach to security in their highly distributed enterprise.
Results
- QualysGuard Enterprise provides the bank fast and efficient automated network discovery, patching, and fix verification.
- Effective patch prioritization and easy integration with the bank's existing proprietary security applications.
Industry:
Financial Services
Headquarters:
Overland Park, Kansas
Business:
Full-service independent securities broker/dealer
Size:
300+ registered representatives, 80,000+ client accounts
"We wanted to secure our systems more efficiently, as well as prepare for new regulations. Qualys has helped us with both objectives."
Network Engineer
Objectives
- Sought a more effective way to enhance their security and regulatory compliance efforts by putting in place an effective and sustainable vulnerability and risk management program.
- Needed to move away from ad hoc security efforts to a more automated, accurate, and demonstrable way to maintain the security of the systems that support its 300 registered agents.
- Obtain clear, actionable vulnerability and risk reports for administrative staff and management.
Results
- VSR Financial chose QualysGuard from Qualys Inc., making it possible for the firm to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, and track security fixes.
- The thorough QualysGuard scans not only provide the ability to identify and mitigate vulnerabilities and misconfigurations; its comprehensive and actionable reporting makes it possible to resolve issues as quickly as possible.
- Today, QualysGuard has helped VSR Financial to obtain its vulnerability management goals. And the firm is confident that QualysGuard will also keep it prepared for all possible future regulations that will affect the broker/dealer industry.
Industry:
Financial Services
Headquarters:
San Dimas, California
Locations:
1,000+ member/owner credit unions
Employees:
450+
Total Assets:
$24+ billion
"In vulnerability management, it's all about response time. Qualys' remediation agent directly assigns tickets to fix things to my network technicians. The system then tracks those fixes."
Director of Enterprise Security
Objectives
- Move away from time-consuming, manual scans to automated vulnerability assessments.
- Ability to correlate and prioritize vulnerabilities to mitigate risks as soon as possible.
Results
- QualysGuard made it possible for WesCorp to conduct automated, on demand vulnerability scans.
- By correlating QualysGuard's vulnerability information with WesCorp's IT asset values, the financial services cooperative is able to instantly identify and remedy the most critical threats to its infrastructure.
Industry:
Government
Headquarters:
Rijswijk Zh, Zuid-Holland Netherlands
Business:
Grants European patents for the contracting states to the European Patent Convention
Locations:
32 European nations, including every member state of the European Union
Employees:
6,500
"We tried a number of approaches to vulnerability scanning. But when we piloted QualysGuard, it just worked. And, because of Qualys' service model, it works with no overhead efforts from us. We don't have to manage a server, vulnerability updates, or any other hassles."
Director of Planning, Security and Inventory
Objectives
- As a result of the deployment of thousands of additional servers within its infrastructure, and the increased exposure of more of its internal IT systems to the Internet, the EPO needed', to find a way to streamline and automate vulnerability management.
- Secure its patent search portal, Esp@cenet, which offers more than 400 million pages of information and 100 different databases, freely available for search over the Internet.
Results
- Daily automated vulnerability assessments, QualysGuard's centralized management, and the correlation of real-time security events with EPO's other security tools provide the EPO with the ability to rapidly identify any risks posed against its systems — and quickly remedy any security concerns.
- QualysGuard's scalability met the demands of the EPO's rapid infrastructure growth.
- QualysGuard provides the low total cost of ownership the EPO sought. Qualys' on-demand architecture offers significant economic advantages with no capital expenditures, extra human resources, or infrastructure to deploy and manage.
Industry:
Government
Headquarters:
Tallahassee, Florida
Locations:
Throughout Florida
Employees:
17,000+
Customers:
17+ million
"With QualysGuard, we gained the ability to automatically scan everything we own for vulnerabilities. And it provides us with a documentation path for all servers including best security practices, vulnerability ranking and patches."
Bureau Chief, Strategic IT
Objectives
- Revamp security policies and procedures to match legal requirements.
- Cost-efficiently improve network security of public health services and personal health data.
- Overcome lack of IT security staffing and distributed operations.
Results
- After a three month analysis of market alternatives, the Florida Department of Health (DOH) selected QualysGuard as its primary way to find vulnerabilities, manage the remediation process, and verify the execution of other automated security processes such as patching.
- The Florida DOH now scans its entire network once a month, and critical systems are scanned daily to ensure they meet all internal security and regulatory mandates.
- QualysGuard's service-based model allows the department to save up to 90 percent of the cost associated with manual, software-based vulnerability management processes.
Industry:
Government
Headquarters:
Arlington, VA
Employees:
315+
Business:
Consulting firm that specializes in scientific, engineering, and security technologies.
"While we were testing QualysGuard, a serious client-side vulnerability had just come out. The day after the vulnerability was announced, Qualys was able to detect it."
Senior Network Security Engineer
Objectives
- Move away from manual vulnerability scans, to automated and highly accurate vulnerability assessments.
- Improve vulnerability assessment and mitigation reporting.
Results
- Ability to discover and prioritize all network assets.
- Qualys helps us meet our mission to ensure the efficiency of business operations by maintaining a resilient, flexible and secure network.
- Accurately detect and eliminate the vulnerabilities that make network attacks successful.
- Software-as-a-Service delivery model streamlines management.
- Proactively identify and fix security vulnerabilities.
- Manage and reduce business risk.
- Ensure compliance with laws, regulations and corporate security policies.
Industry:
Government
Headquarters:
Quantico, Virginia
Scope:
MCCS provides members of the U.S. Marine Corps the services they need during their time in uniform — from helping them run their finances, further their education, or relocate to their next station. MCCS also provides a growing number of restaurants, clubs, and stores, including 17 main exchanges, 96 branch and convenience stores, service stations, and more than a dozen clothing stores.
"QualysGuard has increased our efficiency and accuracy, and saves us a whole lot of time. We don't have to do much of anything except act on its reports. We don't have to chase down remediation information. And we know that our patches have been pushed out successfully. We always know that we're patched across the board."
Network Services Manager
Objectives
- Secure its IT infrastructure, which includes more than 900 routers, 300 Windows servers, approximately 160 UNIX servers, and about 160 IBM systems that handle retail point-of-sale and inventory.
- More accurately discover, manage and remedy the vulnerabilities across its network.
Results
- QualysGuard provided an automated, and highly-accurate way to help manage the MCCS' continuous vulnerability management program.
- QualysGuard security assessment results are fed to the MCCS' Windows Server Update Services (WSUS), a Microsoft tool that helps to facilitate the deployment of software updates. Now, the vulnerability mitigation and patching processes associated with 160 different Windows applications is managed by a five person administrative staff.
Industry:
Healthcare
Headquarters:
San Diego, California
Business:
ASH provides complementary health benefits, fitness, and health improvement programs
Size:
National, 13+ million members, Privately held
Employees:
380+
"I've never found any other vulnerability management tool that is as comprehensive as QualysGuard. We never have encountered a situation in which a third-party audit found something QualysGuard didn't."
Senior Director of IT Operations and Information Security Officer
Objectives
- Cost-effectively achieve ongoing IT security and regulatory compliance risk mitigation for its own network.
- Simplify PCI compliance.
- ASH doesn't have a staff dedicated to IT security; as a result, its IT director and system administration team need the most automated way to keep its systems secure and compliant.
Results
- QualysGuard provides the company the ability to centrally manage the risks associated with all of its networked assets, and quickly identify and remedy those that are out of policy, misconfigured, or otherwise vulnerable.
- As a PCI DSS-approved scanning vendor, Qualys makes it straightforward for ASH to conduct its annual self-assessments and quarterly network scans.
- QualysGuard provides ASH's system administrators with a proactive way to protect the company's network throughout the entire vulnerability management life cycle, including asset discovery, asset prioritization, vulnerability assessment and analysis, remediation planning, and fix verification.
Industry:
Healthcare
Headquarters:
Danville, Pennsylvania
Locations:
38 throughout Pennsylvania
Employees:
9,900+
Customers:
2.5+ million
Total Assets:
$1.5+ billion
"QualysGuard reports are an excellent solution for documenting IT security controls and compliance with regulatory requirements. QualysGuard helps us protect the security and integrity of our systems supporting our electronic medical record systems."
Chief Information Security
Objectives
- Protect the security and integrity of EMR accessed online by clinical providers and patients, and comply with HIPAA security regulations.
- Provide and verify security for a complex system of several patient and clinical provider Web portals with more than 435 network applications, 70 of which feed data to the EMR system.
Results
- QualysGuard automatically finds vulnerabilities and documents remediation for its network that supports Geisinger's EMR system.
- QualysGuard proved to save time by automating the processes associated with vulnerability management: from host discovery and vulnerability assessment to fix verification.
Industry:
Insurance
Headquarters:
Paris, France (Parent)
Locations:
Worldwide
Employees:
17,000+
Annual Revenue:
$104+ billion
Customers:
17+ million
Stock Symbol:
AXA (NYSE)
"QualysGuard is technically the best vulnerability management solution... and epitomizes my vision of the ideal vulnerability management platform."
Global Security Architect
Objectives
- Ability to ensure that public servers are highly secure, patches are up-to-date, and security policy standards are met without exception.
- Maintain operating efficiencies and optimize profitability by deploying cost-saving technologies.
- Accurate vulnerability data with comprehensive reporting.
Results
- QualysGuard Enterprise provides a comprehensive, 360-degree view of AXA's network security.
- A fully automated vulnerability management and workflow system for fast detection and remediation of security risks.
- Dynamic reporting presents immediate visibility of network security posture across the entire organization.
Industry:
Healthcare
Headquarters:
Philadelphia, Pennsylvania
Locations:
Worldwide
Employees:
32,700+
Total Assets:
$44+ billion
Stock Symbol:
CI (NYSE)
"Before QualysGuard we had an ad hoc process; Qualys brought much stronger control and visibility into our processes. QualysGuard gives us the ability to detect our vulnerabilities across our network and really ensure that we have the level of security and compliance we need."
Chief Information Protection Officer
Objectives
- Meet diverse regulatory compliance mandates, including: Sarbanes-Oxley, Gramm-Leach-Bliley, the Health Insurance Portability and Accountability Act (HIPAA), and others.
- Ensure all systems are adequately secured, and that compliance controls remain in place.
- Quickly and accurately detect systems not in compliance as well as the ability to take quick corrective actions.
- Eliminate complex, ad-hoc processes for end-to-end vulnerability management.
Results
- QualysGuard enabled CIGNA to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, track security fixes, and meet federal, state, and internal policy regulations.
- Ability to quickly assess its complex infrastructure to make certain that proper security and mitigating controls are always in place.
Industry:
Healthcare
Headquarters:
Netherlands
Employees:
2,300+
Customers:
106+ million
Annual Revenue:
$7+ billion
"We have a responsibility to protect the health care information of our customers. With QualysGuard, we know we're doing just that."
ICT System Security Consultant at VGZ-IZA-Trias
Objectives
- VGZ-IZA-Trias sought an easy-to-deploy, highly accurate and automated way to manage and mitigate the vulnerabilities that threaten the security and regulatory compliance of its infrastructure.
- VGZ also needed a vulnerability management solution that would enable the company to scan its infrastructure whenever needed, be up-to-date with the latest security checks, and not prone to time-consuming false positives.
- Make certain VGZ's infrastructure remains compliant with Dutch government health care privacy regulations.
Results
- VGZ-IZA-Trias selected QualysGuard Enterprise to automatically identify and mitigate system vulnerabilities.
- QualysGuard eliminates the need for VGZ to deploy, maintain, and update any vulnerability management software.
- The in-depth remediation information provided from QualysGuard helps VGZ to quickly remedy any uncovered vulnerabilities.
- QualysGuard's 99.997% accuracy rate virtually eliminates all false positives.
Industry:
Manufacturing
Headquarters:
London, UK
Locations:
Worldwide
Employees:
32,000+
Annual Revenue:
$11.9+ billion
Stock Symbol:
ICI (NYSE)
"If you can't measure security, you can't manage it. Qualys lets me measure and manage my network security. Their reports demonstrate ongoing security improvement in working with IT suppliers."
Director of Global Information Security
Objectives
- Attain a clear and accurate picture of at risk ICI devices.
- Worldwide deployment of network security auditing solution.
- Validate the network security of suppliers and ICI partners. And on demand ability to scan and see results from anywhere.
Results
- QualysGuard worldwide deployment completed within hours.
- ICI can now scan its entire global infrastructure for vulnerabilities at least once a week.
- Automated security audits and remediation workflow across the enterprise.
- Comprehensive documentation of ongoing security audits for management, auditors and government regulators.
Industry:
Manufacturing
Where:
International
Headquarters:
Manitowoc, WI
Annual Revenue:
$4.5+ billion (2008)
Employees:
12,000+
Business:
Manufacturer of equipment to the foodservice and construction industries
"QualysGuard gives us a comprehensive view of all of our endpoints around the world. Now we're always aware of the security posture of our systems, and QualysGuard provides a way to consistently audit to make sure administrators are getting the patching done."
IS Security Analyst
Objectives
- Manitowoc wanted to make certain it was approaching its vulnerability management program as effectively as possible. And with more than 100 manufacturing and services facilities in 27 countries, that meant centralized management of its vulnerability management program.
Results
- QualysGuard's deep vulnerability KnowledgeBase and automated ticketing system saves Manitowoc an enormous amount time.
- QualysGuard enables Manitowoc to maintain a secure and sustainable IT infrastructure.
- Manitowoc can manage IT vulnerabilities and risks, centrally, from around the world.
- QualysGuard's powerful API enables the company to customize reports and effectively enforce security policy.
Industry:
IT Security Services
Headquarters:
Columbus, Ohio
Business:
Security assessments and consulting for small to medium-sized businesses and state agencies
Size:
Statewide. Five consultants.
"The reporting is so clean with Qualys that I don't need a high-dollar consultant explaining data to the customer. This boosts our margins and makes everyone happy."
CEO and Principal Consultant
Objectives
- Required a more reliable up-to-date vulnerability management tool that would free consultants.
- Prior software-based solutions were time-consuming and created enormous financial burdens to maintain and use.
- Sought an affordable vulnerability management solution.
Results
- QualysGuard proved to be the effective, cost-efficient solution.
- Jacadis can deliver security to small organizations without on-staff technical expertise.
- Jacadis has improved the security services it delivers to its clients and improved the efficiency of its consulting operations.
Industry:
Arts / Not-for-Profit
Headquarters:
London, United Kingdom
Business:
Produces plays in its three theatres -- the Olivier, Lyttelton, and the Cottesloe - and a programme of platform performances, outdoor events, exhibitions, backstage tours throughout the year.
Employees:
900
"The reporting functionality provides all of the detail that the technical staff needs, as well as comprehensive summaries that we need to send to our bank."
IT security manager at the UK-based National Theatre
Objectives
- Streamline the way to secures its infrastructure, and maintain compliance to the rigorous PCI DSS.
- Find a vulnerability assessment solution that was more accurate, easier to use, and provide better support for PCI DSS compliance, while also reducing its dependence on outside consultancies.
Results
- For the National Theatre, QualysGuard automates the process of vulnerability management and policy compliance across its network, including network discovery, detailed mapping, asset prioritization, vulnerability assessment reporting, and remediation tracking
- National Theatre relies on QualysGuard to maintain continuous PCI DSS compliance and uses QualysGuard to complete all of its validation requirements.
- Using QualysGuard PCI, National Theatre easily can complete and submit the PCI self-assessment questionnaire online, and perform predefined PCI scans on all relevant systems to identify and resolve network and system vulnerabilities.
Industry:
Not-For-Profit
Headquarters:
Washington, DC
Business:
Leading animal protection non-profit that fights for the protection of animal rights through advocacy, education, legislative, and hands-on programs.
Size
The nation's largest animal protection organization with 10+ million members and constituents.
"By turning to QualysGuard PCI, we significantly save on the time and resources we need to dedicate to maintaining PCI Compliance."
Chief Information Officer
Objectives
- While the Humane Society had maintained a secure network, it was a costly and time-consuming process to continuously maintain PCI compliance.
- Needed a streamlined way to complete the required PCI DSS questionnaires and network vulnerability audits, and validate compliance to its acquiring banks.
Results
- QualysGuard PCI helps the Humane Society to automatically validate its PCI DSS compliance.
- QualysGuard helps the Humane Society protect its member and contributor information.
- The Humane Society is now able to quickly complete PCI DSS 'Self-Assessment Questionnaires' via QualysGuard.
- QualysGuard allows the Humane Society to document and submit proof of compliance to acquiring banks.
Industry:
Media
Headquarters:
Milwaukee, Wisconsin
Business:
Diversified media company that operates 49 community newspapers and shoppers, 35 radio stations, and 12 TV stations in twelve states, plus 96 individual web sites
Employees:
3,500+
"It used to take us a month, or more, from the time a vulnerability was announced to when we knew it was resolved on our systems. Now, thanks to QualysGuard, it's down to hours."
VP of Information Technologies & CIO
Objectives
- Move away from slow, manual vulnerability scans, to automated and highly accurate vulnerability assessments.
- Automate many IT related compliance efforts through verifiable processes.
Results
- Through QualysGuard, Journal Communications is now able to conduct automated vulnerability assessments on internal systems every week, and Internet-facing systems are evaluated daily.
- QualysGuard makes it possible for Journal Communications to cost-effectively generate SOX-specific reports that measure, help to align, and document ongoing efforts to safeguard financial systems and data.
Industry:
Gaming and Entertainment
Headquarters:
Ledyard, Connecticut
Employees:
12,000+ employees
Business:
Operates six casinos that offer more than 7,000 slot machines and 400 gaming tables, 340,000 square feet of gaming space, 1,416 guest rooms and suites; and for conventions and group events, Foxwoods features more than 55,000 square feet of meeting space and 25 conference rooms.
"QualysGuard is our main tool for PCI compliance. It helps to automate many of our tasks associated with PCI, from assessing relevant systems to providing our reports to the banks."
Network Engineer
Objectives
- Effectively maintain PCI DSS compliance.
- Become less reliant on external consultants.
- Move toward more automated vulnerability management processes.
Results
- QualysGuard, being an approved PCI scanning vendor, helped to streamline Foxwoods' compliance efforts.
- SaaS model increases efficiencies by decreasing management burden.
- QualysGuard enables Foxwoods' to conduct vulnerability assessments as needed.
- QualysGuard is now an integral part of Foxwoods' change control program:
every time a system is updated or new system added, it's vetted through QualysGuard. - Foxwoods' has integrated QualysGuard's highly-accurate assessment data into its Security Event and Information Management System.
Industry:
Manufacturing
Headquarters:
Fairfield, California
Locations:
Worldwide
Employees:
670+
"We don't want the hassles of maintaining this type of software. It's pretty much hands-off to get the benefits with QualysGuard. We have not had any successful attacks since we installed QualysGuard."
Network Administrator and Security Specialist
Objectives
- As Jelly Belly brought many of its Web operations in-house, the company sought a way to enhance its network security capabilities to protect its e-commerce operations. This required its small IT staff to be able to conduct timely and comprehensive security analysis, scanning and remediation.
Results
- QualysGuard provides vulnerability and risk management monitoring for all of its external-facing servers and IT devices including routers, firewall, Web site, and e-mail.
- No need to dedicate staff to keep up with new vulnerabilities or update the on demand QualysGuard solution.
Industry:
Manufacturing
Headquarters:
Paris, France
Locations:
1,084+ restaurants (France)
Employees:
45,000+ (France)
Annual Revenue:
$3.5+ billion (France)
Stock Symbol:
MCD (NYSE)
"QualysGuard enables us to automate our internal and external vulnerability audits. We get a concise report of how both insiders and outsiders can view our systems, so we always can know how our systems are in compliance with our internal policies as well as regulations."
Manager of IT Infrastructure
Objectives
- McDonald's France, a subsidiary of McDonald's Corp., needed a way to automate its vulnerability assessments to make certain they're in continuous compliance with internal security policies, as well as such regulations as Sarbanes-Oxley and the Payment Card Industry Data Security Standard.
- Needed to automate many of the processes associated with vulnerability risk management: system discovery, vulnerability identification, and remediation.
Results
- McDonald's France turned to QualysGuard's on demand Web service and appliance to automatically identify and more effectively mitigate system vulnerabilities and misconfigurations.
- QualysGuard enables the company to streamline control of its entire vulnerability management life cycle — asset discovery, vulnerability assessment, security fix tracking — and meet federal, state and internal policy regulations.
- QualysGuard now plays a vital role in McDonald's France regulatory compliance efforts, helping the company to not only achieve security, but also to demonstrate to auditors how its system patches are always well maintained.
Industry:
Retail
Headquarters:
Naperville, Illinois
Employees:
33,000+
Revenue:
$8+ billion
"QualysGuard not only helps us to secure our systems better, but it adds value because it makes us more efficient. It streamlines our vulnerability management efforts so that we can focus better on innovative IT initiatives that add value to the company."
Information Security Manager, OfficeMax Mexico
Objectives
- Improve risk management and IT governance efforts.
- Automate vulnerability identification and remediation.
- Conduct automated security audits and ensure compliance with internal policies and external regulations, such as PCI DSS.
Results
- QualysGuard provides OfficeMax Mexico a proactive way to protect the company's network throughout the entire vulnerability management lifecycle, including asset discovery, asset prioritization, vulnerability assessment, and analysis, remediation, and fix verification.
- The improved accuracy of OfficeMax's assessment scans has proven extremely beneficial for the security team.
- OfficeMax can generate remediation tickets based on its specific policy rules and track each ticket until successful patch deployment has been verified.
- OfficeMax Mexico uses QualysGuard PCI to conduct its PCI DSS assessments to both make sure its systems remain within compliance and to ready its systems for the mandated quarterly PCI DSS assessment and report filing.
Industry:
Agriculture
Headquarters:
Zagreb, Croatia
Business:
Retail, food production and beverages, agriculture
"We now have a centralized vulnerability platform that is used by different members of the Agrokor Group so they can manage the infrastructure for which they are responsible. This allows us to bring consistency to our vulnerability management program."
Chief Information Security Officer at Agrokor Group
Objectives
- Because of Agrokor's growth and rapid expansion through acquisition, sound IT governance and vulnerability management was crucial for continued success and to maintain an adequate level of security.
Results
- QualysGuard provides Agrokor a powerful way to protect networks and applications throughout the entire vulnerability management life cycle, including asset discovery, asset prioritization, vulnerability assessment and analysis, remediation, and fix verification.
Industry:
Financial Services
Headquarters:
Swindon, United Kingdom
Business:
Arval, a subsidiary of BNP Paribas, provides vehicle fleet financing and long-term contract hire
Size
5,500 employees
Locations:
30 countries, primarily throughout Europe
"While Qualys allows us to define our problems more clearly, the solution also enables us to focus our forces on resolving them (via incident and problem management) and anticipate conformity by providing the permanent audit unit with the indicators required in line with new legislation."
Corporate Information Security Officer
Objectives
- Streamline manual vulnerability analysis into an automated, seamless process that supports Arval's ITIL best practices and ISO 27001 framework.
- Enable Arval's security managers, working with limited resources and tight budgets, and rising regulatory constraints, to more effectively manage IT security and regulatory compliance risks.
Results
- QualysGuard provides automated and highly accurate vulnerability identification, while also integrating tightly within Arval's ITIL and ISO 27001 management practices.
- QualysGuard continuously assesses the security of Arval's internal, and externally-facing IT systems and has proven to scale along with Arval's rapid business expansion.
- QualysGuard provides Arval the ability to better discover and manage all of its networked devices - desktops, servers, routers, and more - to create detailed reports that are used by all levels of administrators and business leaders.
- QualysGuard has helped Arval to more proactively monitor and manage its internal auditing and compliance efforts.
Industry:
Services
Business:
Arval, a BNP Paribas subsidiary, provides vehicle fleet financing and long-term contract hire
Locations:
Multiple in Italy
Employees:
750 employees; 110,000 vehicles managed
"QualysGuard is a completely independent, automated platform. I can schedule regular scans on our internal and external networks. Not only is it very accurate, but it doesn't disrupt our network operations. We've never had any performance issues from running QualysGuard."
Information System Security Officer
Objectives
- Migrate vulnerability analysis from manual processes to automated and seamless processes, and maintain regulatory compliance.
- With limited resources and tight budgets, Arval's security managers needed to accomplish more by putting an automated, effective vulnerability management program in place.
Results
- High-performance, automated vulnerability analyses.
- Comprehensive reports that intelligently inform management, operations, and internal auditors.
- Qualys' international reach, and the availability and competence of technical support teams.
- Discovery and management of all networked assets.
- Ease of deployment, implementation, and automated management capabilities.
Industry:
IT Services Provider
Headquarters:
Oslo, Norway
Business:
Provides a full range of IT and security services to small and mid-sized businesses.
"QualysGuard provides us a way to help prioritize the remediation efforts of our clients, and to make sure they can attain a level of acceptable security quickly."
Security Architect, Cartagena
Objectives
- Provide its clients with professional, highly accurate, on-demand vulnerability assessments from a trusted third party so they can keep their systems secure and within regulatory compliance.
Results
- Currently, a number of Cartagena's clients subscribe to its QualysGuard security assessment service. Cartagena analyzes the assessments and helps its clients to better manage and reduce their IT risks.
Industry:
Online Services
Headquarters:
Leeds, United Kingdom
Business:
Online child protection specialist
Locations:
UK and USA
"QualysGuard achieved exactly what Qualys said it would. It's helped us to cost effectively and quickly manage our IT vulnerabilities and risks."
General Manager
Objectives
- Establish and maintain an effective vulnerability management program to ensure continuous security.
- Small IT team needed highly-automated way to find and fix IT related vulnerabilities.
Results
- Automated on-demand security and vulnerability audits.
- Highly accurate vulnerability and configuration scans.
- Easy to deploy, manage, and operate.
- Scalable enough to secure global network.
- Comprehensive reporting capabilities.
Industry:
Services
Headquarters:
Warsaw, Poland
Employees:
35
Business:
The most experienced independent payment cards personalization service provider in Poland. Delivering personalized magnetic stripe, smart, contact, and contactless identity and payment cards.
"In the first year that we used it, QualysGuard proved to be very effective in helping us communicate to our auditors that we are PCI DSS compliant."
Security Manager, Elkart
Objectives
- Since ELKART provides payment cards personalization services, it must remain compliant with the Payment Card Industry Data Security Standard (PCI DSS). The certified Integrated Management System ELKART implemented requires and mature, systematic approach to the risk and vulnerability management of its IT infrastructure.
Results
- QualysGuard, which helps to create the technical and business reports ELKART needs to reduce risk and to prove its compliance with ISO27001 and PCI DSS.
Industry:
Marketing Services
Headquarters:
Oldsmar, FL
Employees:
70+
Business:
A marketing services firm that provides sophisticated, integrated marketing solutions across multiple channels.
"Qualys just pulls it all together, making it so easy that one doesn't have to be an information security expert to attain PCI compliance. It's easy to use, does network discovery and mapping, and its dashboard provides the information we need."
PCI Compliance Administrator
Objectives
- Build and maintain a secure and sustainable IT infrastructure and validate PCI DSS compliance.
Results
- QualysGuard, being an approved PCI scanning vendor, helped to streamline Ignite Media's compliance efforts.
- SaaS model increases efficiencies but decreasing management burden.
- QualysGuard enables Ignite Media the flexibility to conduct vulnerability assessments as needed.
Industry:
IT Security Services
Headquarters:
Jericho, New York
Business:
Risk management assurance and advisory services
Locations:
Throughout US
"I couldn't compete with the larger IT consulting firms without QualysGuard."
Founder and Principal
Objectives
- Find an easy-to-use and accurate way to manage vulnerabilities for the firm's financial services customers.
- Prior software-based solutions were-time consuming and created enormous financial burdens to maintain and use.
- Sought an affordable vulnerability management solution.
Results
- QualysGuard enables Joel Lanz to provide clients highly accurate and thorough security assessments.
- Ease of identifying client network assets and vulnerabilities through Qualys' on demand architecture.
- Cost-effective.
- Comprehensive and customizable reporting features.
Industry:
Food and Management Services
Headquarters:
France
Business:
A world leader in Food and Facilities Management services
Locations:
Worldwide
Employees:
342,000+ employees in 80+ countries
Annual Revenue:
€ 13.4 billon (2007)
"Five years on, we are still using the same solution but on a much broader geographic and functional scope. Herein lies the strength of the Software as a Service model : continuous and transparent integration of the evolution of our specific needs and those of the market in general."
Chief Information Security Officer
Objectives
- Gain greater insight into network topology, system configurations, and level of overall security.
- Attain a centralized vulnerability management program, with proactive autonomy throughout various subsidiaries.
Results
- QualysGuard made it possible for Sodexo to attain consistent levels of security throughout the enterprise, while also preserving its decentralized management hierarchy.
- Effective, accurate, on-demand vulnerability management that's easy to use and requires no infrastructure to deploy.
- Independent audits with reliable, comprehensive, and easy to use interface.
- Reporting provides both security and business managers with security information tailored to their specific needs and job functions.
Industry:
Technology
Headquarters:
Waltham, MA
Business:
Blueport Commerce provides trusted, managed e-commerce technology and services to retail chains around the nation representing 2,000+ stores that represent $8+ billion in sales.
"At Blueport Commerce, we always seek the highest quality technology partners, selecting only the best companies in their respective areas of expertise. For vulnerability management, the search was not long: it always came down to Qualys."
Chief Operating Officer
Objectives
- Blueport Commerce must remain compliant with PCI DSS, and its customers need assurance that its systems operate to the highest security and compliance standards.
Results
- QualysGuard's on-demand delivery means Blueport Commerce IT teams can focus on PCI DSS compliance and the vulnerability management life cycle, including asset discovery, asset prioritization, vulnerability assessment and analysis, remediation and fix verification.
Industry:
Technology
Headquarters:
San Francisco, CA
Employees:
60+
Business:
On-demand web content management
"Qualys is the most accurate [vulnerability assessment solution] we've used, and the SaaS solution makes it easy and transparent because we don't have to maintain the server or the software, or manage the updates."
VP of Technical Operations
Objectives
- Streamline vulnerability and IT risk management.
- Substantiate the company's security posture to clients and prospective clients.
Results
- QualysGuard provided Clickability with an automated, on-demand way to conduct its security and vulnerability audits.
- SaaS model increases efficiencies but decreasing management burden.
- Clients, already aware of Qualys' excellent reputation, are reassured to learn that Clickability relies on QualysGuard to audit the security posture of its IT and WCM systems.
Industry:
Technology
Headquarters:
San Jose, California
Locations:
Worldwide
Major Brands
eBay, Skype, PayPal, Shopping.com, Rent.com
Employees:
13,000+
Annual Revenue:
$5.9+ billion
Stock Symbol:
EBAY (NASD)
"QualysGuard has made the job of auditing our network much easier. We used to have to dig through results and do a lot of manual analysis to get meaningful reports, and those were inconsistent. Qualys takes care of that nightmare."
Senior Manager, Information Security
Objectives
- Reliable identification of network vulnerabilities across global network.
- A practical way to audit the network security of business partners and to help those partners quickly remediate vulnerabilities and eliminate risks.
- Rollout an automated solution that would find the most recent vulnerabilities without requiring constant and time-consuming staff research.
- Provide senior management the ability to audit and review security posture at any time.
Results
- After a careful market evaluation, eBay selected QualysGuard Enterprise for both perimeter scanning and the auditing of vulnerabilities on network segments within the corporate firewall, and on partner networks.
- eBay now has a default vulnerability management standard to evaluate security throughout both eBay's network and partner networks.
- Simplified reporting gives senior executives a concise, real-time view into the company's security risks. QualysGuard facilitates measuring the change in those risks as security measures are implemented.
Industry:
Technology
Headquarters:
Redwood City, California
Business:
Enterprise software and services, including Oracle Database and Grid, Middleware, On Demand services, and enterprise applications
Employees:
56,000+
Annual Revenue:
$14.3+ billion
Stock Symbol:
ORCL (NASD)
"QualysGuard's easy-to-use and intuitive web interface, and granular access controls combined with Qualys' no cost training, enabled Oracle GIT Security to extend the vulnerability assessments, as a self-service, to other security organizations within the company. It allows us to accelerate rollout of the scans, improved security awareness without increasing headcount, or risk to the assets and data."
Senior Manager, Oracle's GIT Security Engineering Team
Objectives
- Put into place a vulnerability management solution that would scale to meet its global operations.
- Find most accurate and secure way to identify and fix IT vulnerabilities.
- The vulnerability management solution must provide a highly secure way to store Oracle's vulnerability information to meet its internal security policy and customer security and confidentiality agreements.
Results
- QualysGuard Enterprise provides a solution that would scale to meet Oracle's global operations, and provide the automated, on-demand security and vulnerability audits the company sought.
- Accurate vulnerability and configuration scans, according to Oracle's in-house testing.
- QualysGuard@Customer scales to millions of scans per month, and provides Oracle assurance that vulnerability information remains confidential.
- QualysGuard's PCI DSS capabilities mean that Oracle can conduct compliance scans for its internal hosting operations.
Industry:
Technology
Locations:
United States and Puerto Rico
Business:
Paylocity provides web-based payroll, HR and time and attendance solutions across the U.S.
"QualysGuard saves us a significant amount of time, especially when you consider the amount of effort it takes to manually identify vulnerabilities and research the potential impact of vulnerabilities on your system. It's just tremendous."
Director of Information Technology
Objectives
- To make certain its rapidly growing applications and dynamic infrastructure remains resilient to failure and resistant to breaches.
Results
- QualysGuard helped Paylocity to streamline its vulnerability and IT risk management processes. Today, IT managers can focus on more strategic things as a result of QualysGuard saving so much time by accurately identifying vulnerabilities, and providing actionable fix information.
Industry:
Technology
Headquarters:
Bozeman, Montana
Employees:
500+
Annual Revenue:
$110+ million
Stock Symbol:
RNOW (NASD)
"Qualys' on-demand delivery model is a key differentiator. There was no integration, and the installation was painless. It's why we were able to get up and running in a couple of hours."
Chief Information Security Officer
Objectives
- RightNow's customers (many in highly regulated industries) were increasingly asking all of their vendors to prove their IT security due diligence.
- Automated, accurate, process-oriented detection of security risks.
- Detailed vulnerability and risk management reporting.
Results
- QualysGuard Enterprise provided the complete 360-degree cycle of discovery, remediation, tracking, and reporting that the company sought - all in a single service.
- Comprehensive reports deliver quantifiable proof of security levels and effectiveness of risk-reduction program.
Industry:
Technology
Headquarters:
Cary, North Carolina
Business:
Leader in business intelligence and analytics software helps companies in every industry transform their data into predictive insights about company performance, customers, markets, risks and more.
Locations:
Worldwide
Employees:
10,000+
Annual Revenue:
$1.9+ billion
"The quality of our vulnerability reports is just phenomenal now. QualysGuard, through its well documented API, gives us the ability to include anything we need in our reports. There hasn't been a report that we wanted to build that we couldn't easily create."
Network Security Engineer, Systems and Information Security
Objectives
- To fully automate and simplify its vulnerability management processes for its global Internet-facing operations.
- SAS' previous vulnerability scanner failed to provide the level of accuracy and reporting capabilities the company sought.
- Network audits were very time-consuming, with security managers having to manually research the false positives and correlate the real risk of vulnerabilities.
Results
- QualysGuard helped SAS to centrally manage the risks associated with all of their network assets, and quickly identify those that could be at risk.
- QualysGuard enables IT assets to be custom tagged for enhanced classification levels - simplifying the management of networked devices, grouping them by specific business units so actionable reports can be generated.
- Automated approach to vulnerability management has increased SAS' security team's ability to understand its risk posture and reduced costs by eliminating the need for outside consulting audits.
Industry:
Technology
Headquarters:
Santa Clara, California
Locations:
Worldwide
Employees:
2,500+
Annual Revenue:
$380 million
Stock Symbol:
WEBX (NASD)
"We don't ever have to spend time keeping the Qualys appliance ready and online. It's just stable, reliable, and always there. QualysGuard is a very good example of a product that we've been able to deploy and rely upon, and not have to worry about being its architects."
Manager of Security Engineering and Operations
Objectives
- Maintain an effective vulnerability management program to ensure continuous security and maintain various third-party security certifications and audit reports, including WebTrust and SAS-70.
- Replace manual process using vulnerability scanners due to lack of reliability and flexibility required for WebEx's IT risk management program.
Results
- WebEx selected QualysGuard's on-demand Web service and internal scanners to automatically identify and more effectively mitigate vulnerabilities.
- QualysGuard delivers comprehensive reports for various executive and technical groups within WebEx for ongoing security measurement.
- WebEx has reduced network security risks and improved its overall vulnerability management process.
Industry:
Telecom
Headquarters:
United Arab Emirates
Locations:
throughout sixteen markets in the Middle East, Africa, and Asia
Annual Revenue:
$6+ billion (2007)
Business:
Etisalat provides an array of communication services from phone to mobile, broadband, and cable television to specialized e-Government offerings, traditional e-mail, hosting, and domain name system (DNS) management services.
"We had a strong need to make sure our services and security were enhanced for the integrity and availability of all of our services. We believe QualysGuard is a service that provides the ability to quickly assess and maintain our security posture."
Manager of Security Performance, Security Operations and Maintenance
Objectives
- Build an automated risk management program that could scale with Etisalat's rapid growth.
- Tight IT security team needed more security insight and manageability than could be provided by open source tools.
Results
- Automated on-demand security and vulnerability audits
- Ability to manage vulnerability management process for multiple IT operations teams
- Group IT assets according to business value
- Highly accurate vulnerability and configuration scans
- Easy to deploy, manage, and operate
- Scalable enough to secure international network
- Comprehensive reporting capabilities
Industry:
Transportation
Headquarters:
Prague, Czech Republic
Business:
This airline serves roughly 70 cities in 40 countries throughout Europe, North Africa, the Middle East, North America, and Asia.
"QualysGuard provides rapid, comprehensible, and consistent reporting concerning our vulnerability trends. QualysGuard's accurate assessment data enables us to quickly assess the effectiveness of our vulnerability remediation processes."
Security & Technical Architect
Objectives
- Maintain a vulnerability management program that not only helped the airline keep its PCI DSS compliance, but also mitigate risk across its IT infrastructure.
Results
- Today, as a result of QualysGuard deployment, the company is able to conduct automated scans of its external Web-facing network, part of its internal network, and all of the PCI DSS governed systems.
Industry:
Transportation
Headquarters:
Denver, Colorado
Business:
Affordable-fare airline
Locations:
Frontier is the second-largest carrier in Denver, operates about 280 flights per day, and services 58 cities throughout North America, including Canada and Mexico.
Annual Revenue:
$1.2+ billion (2006)
Employees:
5,600+
"QualysGuard PCI works smoothly. We didn't realize that it was possible for us to scan and assess ourselves for compliance, but that's exactly what we do with QualysGuard PCI. It's helped us to be even more efficient with our security program."
IT Security Manager
Objectives
- To meet PCI DSS compliance, Frontier had turned to the expertise of a security solutions provider and Qualified Security Assessor (QSA). But Frontier wanted the flexibility to conduct a scan whenever needed. Business technology and networks change quickly, and whenever Frontier wanted to evaluate a server or application that changed, it would have to call the QSA, schedule a scan and pay an additional fee for each evaluated IP address.
- Frontier needed a way to streamline how it attains and manages its compliance to the PCI Data Security Standard for its Web site.
Results
- QualysGuard PCI, delivered as an on-demand Web service required no software or infrastructure for Frontier to deploy and manage.
- QualysGuard PCI streamlined the compliance operations for Frontier, and enabled the company to move all of its PCI compliance efforts in-house, save time and free much of its security budget for more strategic investments.
