Qualys Extends Vulnerability Management Solution to Customers With QualysGuard Connector for Amazon Web Services

Qualys Extends Vulnerability Management Solution to Customers With QualysGuard
Connector for Amazon Web Services

New Connector Provides Continuous Asset Discovery and Automates Vulnerability
Scanning of Amazon EC2 and Amazon VPC Instances

SAN FRANCISCO, Feb. 25, 2013 (GLOBE NEWSWIRE) -- RSA Conference USA 2013 Booth
#1431 -- Qualys Inc. (Nasdaq:QLYS), a pioneer and leading provider of cloud
security and compliance management solutions, today announced powerful new
vulnerability management capabilities for its customers using Amazon Web
Services (AWS), specifically Amazon Elastic Compute Cloud (Amazon EC2) and
Amazon Virtual Private Cloud (Amazon VPC), using a QualysGuard connector
leveraging Amazon APIs. The QualysGuard connector for use with AWS automates
the discovery and tracking of assets in Amazon EC2 and Amazon VPC
environments, allows them to be automatically scanned for vulnerabilities, and
provides reports giving customers visibility and control of security and
compliance in their cloud environments.

The QualysGuard connector for use with AWS provides automated discovery and
tracking of AWS-hosted assets by detecting and synchronizing changes to
customers' virtual machine instance inventories. The instances can be tracked
over time, even as their IP addresses change, and are scanned for
vulnerabilities using QualysGuard Virtual Scanner Appliances deployed on
Amazon EC2 or Amazon VPC. This allows security personnel to automate
vulnerability assessments using QualysGuard workflows. For example, assets can
be scanned automatically after first discovery, on a regular calendar
schedule, at intervals based upon each instance's uptime, selectively based
upon particular attributes of each instance, or some combination of factors.

"It is important for customers to have the ability to extend their security
and compliance programs into AWS," said Terry Wise, Head of Worldwide Partner
Ecosystem, AWS. "We are excited that Qualys has joined the AWS Partner Network
and is providing our customers with value added security solutions enabling
customers to deploy more workloads on AWS."

This new set of capabilities announced by Qualys includes:

  o Native AWS API connectors. These can be configured to connect QualysGuard
    to one or more AWS accounts to synchronize asset inventories from all AWS
    Regions and Amazon VPCs. Important instance attributes and contextual
    metadata are collected and updated as they change over time. Dynamic Asset
    Tags, which can drive or influence policies and reporting throughout
    QualysGuard, may be automatically assigned to assets as part of the import
    process. Attributes and contextual metadata about Amazon EC2 instances are
    also captured and available as data points to inform further Dynamic Asset
    Tagging within QualysGuard.
     
  o Vulnerability scanning, pre-authorized by Amazon. In collaboration with
    AWS, Qualys has built safeguards into a new Amazon EC2 Scanning capability
    within QualysGuard that ensures that scanning will not inadvertently
    target other AWS customers' instances and that all AWS policies for
    vulnerability scanning are adhered to. Based upon this, customers may scan
    at their convenience, as Amazon EC2 Scanning using QualysGuard has been
    pre-authorized by AWS, negating the need to obtain explicit permission
    from AWS before proceeding with scanning as is typically required.
     
  o Enhancements to the QualysGuard Virtual Scanner Appliance AMI (Amazon
    Machine Image), available to customers in AWS Marketplace. Qualys now has
    a scanner release in AWS Marketplace designated as "Pre-Authorized" for
    use with the Amazon EC2 Scanning capability within QualysGuard that
    leverages the AWS API connection.

"Many organizations moving assets to cloud environments are lacking the tools
to effectively manage security and assess their compliance posture," said
Philippe Courtot, chairman and CEO for Qualys. "Now, working with AWS and
leveraging their open APIs, we are able to provide our customers with a
comprehensive solution to address their security and compliance within AWS's
cloud environments."

Pricing and Availability

These features are currently available to Qualys customers as part of their
QualysGuard subscriptions. Annual QualysGuard subscriptions start at $2,495
per year for 32 IPs. At least one QualysGuard Virtual Scanner Appliance
license at $995 per year is required for internal network scanning
functionality on AWS. For more information, visit www.qualys.com/amazon.

About Qualys

Qualys, Inc. (Nasdaq:QLYS), is a pioneer and leading provider of cloud
security and compliance solutions with over 6,000 customers in more than 100
countries, including a majority of each of the Forbes Global 100 and Fortune
100. The QualysGuard Cloud Platform and integrated suite of solutions helps
organizations simplify security operations and lower the cost of compliance by
delivering critical security intelligence on demand and automating the full
spectrum of auditing, compliance and protection for IT systems and web
applications. Founded in 1999, Qualys has established strategic partnerships
with leading managed service providers and consulting organizations, including
Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro.
The company is also a founding member of the CloudSecurityAlliance (CSA).

For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys,
Inc. All other products or names may be trademarks of their respective
companies.

CONTACT: Melinda Marks
         Qualys, Inc.
         (650) 801-6242
         mmarks@qualys.com
        
         Rod McLeod
         Bateman Group for Qualys
         (415) 503-1818
         qualys@bateman-group.com