Qualys Expands Its Popular FreeScan Service

Qualys Expands Its Popular FreeScan Service

Now Provides Comprehensive Audits for Websites, Patch Tuesday Vulnerabilities,
OWASP Threats and SCAP Configuration for Both Internal and External Systems

SAN FRANCISCO, Feb. 25, 2013 (GLOBE NEWSWIRE) -- RSA Conference USA 2013 Booth
#1431-- Qualys, Inc. (Nasdaq:QLYS), a pioneer and leading provider of cloud
security and compliance management solutions, today announced that it has
expanded its popular FreeScan service to support scanning internal and
external systems and web applications and also added new security and
compliance audits for Patch Tuesday vulnerabilities, OWASP (Open Web
Application Security Project) threats and SCAP (Security Content Automation
Protocol)Configuration. These free tools can be accessed immediately at
qualys.com/secure, and Qualys® will showcase them during the RSA Conference at
booth #1431.

Delivered via the QualysGuard Cloud Platform, FreeScan is used by
organizations all over the world to quickly test online whether their
computers, networks, web sites and web applications are at risk from the
latest threats. Qualys has expanded the service's vulnerability scanning and
configuration auditing to help organizations efficiently respond to software
patches, test their own web applications and web sites, and check if they are
in compliance with emerging security standards.

"Security teams are overwhelmed by a barrage of advisories about
vulnerabilities in critical software, such as Java, Flash and PDF Readers, and
escalating attacks on web-based applications," said Ira Winkler, president of
the Internet Security Advisors Group. "With FreeScan, organizations can now
have an immediate and accurate view of their security and compliance postures
without having to deploy complex and costly traditional enterprise software
security solutions."

Qualys FreeScan now integrates a variety of security and compliance scans into
a single, uniform console:

  oPatch Tuesday PC Audit. This scans PCs to find missing updates and patches
    from business software, such as Microsoft Windows, Oracle Java and Adobe
    Flash and Reader. It identifies which patches are required to address
    vulnerabilities that are found and provides links for downloading the
    necessary updates. After fixes have been installed, this scan can be run
    again to verify that computers are up-to-date.
  oOWASP Web Application Audit. This tests web applications, either inside a
    company's network or on the Internet, to see if they comply with the
    latest OWASP industry-standard guidelines for defending against online
    attacks, such as SQL injection and cross-site scripting (XSS). It
    organizes any issues that are found according to the corresponding OWASP
    categories and helps application developers fix application weaknesses.
  oSCAP Compliance Audit. This tests computers within a company's network to
    see if they comply with leading security configuration benchmarks, such as
    the U.S. Government Configuration Baseline (USGCB), which is required by
    many U.S. federal agencies and organizations that do business with the
    government.
  oWeb Site Scan for Vulnerabilities and Malware. This performs a
    comprehensive check of a company's web site for server and application
    vulnerabilities, hidden malware and SSL security configuration errors.

Additionally, FreeScan now supports the deployment of virtual scanners for
scanning internal systems and web applications.

"We are pleased to bring to market this free cloud-based service so security
teams are better equipped to fend off the increasing and crippling cyber
attacks on their organizations," said Philippe Courtot, chairman and CEO of
Qualys.

Availability

Qualys FreeScan is available at qualys.com/secure and can be used at no charge
for up to 10 scans of network devices and web applications per organization.

About Qualys

Qualys, Inc. (Nasdaq:QLYS), is a pioneer and leading provider of cloud
security and compliance solutions with over 6,000 customers in more than 100
countries, including a majority of each of the Forbes Global 100 and Fortune
100. The QualysGuard Cloud Platform and integrated suite of solutions helps
organizations simplify security operations and lower the cost of compliance by
delivering critical security intelligence on demand and automating the full
spectrum of auditing, compliance and protection for IT systems and web
applications. Founded in 1999, Qualys has established strategic partnerships
with leading managed service providers and consulting organizations, including
Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro.
The company is also a founding member of the CloudSecurityAlliance (CSA).

For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys,
Inc. All other products or names may be trademarks of their respective
companies.

CONTACT: Melinda Marks
         Qualys, Inc.
         (650) 801-6242
         mmarks@qualys.com
        
         Rod McLeod
         The Bateman Group for Qualys
         (415) 503-1818
         qualys@bateman-group.com