New Research From Qualys Underscores the Importance of Regular Scanning to Expedite Compliance

New Research From Qualys Underscores the Importance of Regular Scanning to 
Expedite Compliance 
Data Collected From More Than 5 Million Scans on Over 53 Million
Hosts Across 12,000 Checks Over a Period of 12 Months 
REDWOOD CITY, CA -- (Marketwired) -- 04/23/13 --  Qualys, Inc.
(NASDAQ: QLYS), a pioneer and leading provider of cloud security and
compliance management solutions, today announced that it analyzed
QualysGuard Policy Compliance (PC) data from more than five million
scans performed by organizations worldwide to help enterprises
understand key trends as they plan their compliance strategies.
Information from this research will aid organizations in their
compliance project planning, i.e. the most used controls, the
pass/fail ratio for key controls and how often the controls are
checked, so they can stay abreast of key trends and best practices in
As regulatory compliance pressure mounts and the trend towards
continuous monitoring increases, enterprise security teams are
adapting and are using solutions like QualysGuard PC to automate
General Computer Controls (GCC) to adopt a broad and proactive
auditing approach. The use of such solutions provides enterprises
with the ability to move from a sampling, point in time approach to
100% coverage with near real-time results while reducing costs. 
Key data and trends from this data include: 

--  A large number of devices scanned -- more than half of the scan target
    -- are out of support. Companies are depending on a large number of
    computer technologies, especially operating systems that are no longer
    supported by their manufacturers through standard support. Examples
    include Windows 2000, Windows 2003, Windows XP, RHEL, AIX 5, Solaris 8
    and Solaris 9. Windows 2003 Server and Windows XP account for the vast
    majority of technologies under extended support, which will end in
    July 2015 and April 2014, respectively.
--  Newer computer technologies have a higher rate of passing compliance,
    confirming the general trend of higher security for newer technologies
    also on the compliance side.
--  Companies with more frequent compliance scans have a higher rate of
    passing scans. This trend confirms recent findings in the area of
    Continuous Monitoring, where organizations that monitor more
    frequently also show accelerated improvements.
--  Passwords are high on controls lists. Thirteen out of the top 20
    controls are password-related. At the same time, top failing controls
    are password related.

"This data from over five million scans released by Qualys provides a
glimpse into the state of policy compliance across companies
worldwide, highlighting some simple ways that organizations can
improve their security efforts," said Scott Crawford, research
director for EMA. "For example, the data highlights the need to
establish processes for managing key controls such as settings for
accounts, passwords, audits and databases. It also shows how regular,
automated scans can highlight where and how organizations can more
efficiently target remediation, attain compliance objectives and
lower their IT security risk." 
About QualysGuard Policy Compliance 
QualysGuard Policy Compliance, or QualysGuard PC, allows customers to
analyze and collect configuration and access control information from
their networked devices and web applications and automatically maps
this information to internal policies and external regulations in
order to document compliance. QualysGuard PC is fully automated and
helps reduce customers' cost of compliance without requiring the use
of software agents. For more information, visit 
About Qualys
 Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading
provider of cloud security and compliance solutions with over 6,000
customers in more than 100 countries, including a majority of each of
the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform
and integrated suite of solutions help organizations simplify
security operations and lower the cost of compliance by delivering
critical security intelligence on demand and automating the full
spectrum of auditing, compliance and protection for IT systems and
web applications. Founded in 1999, Qualys has established strategic
partnerships with leading managed service providers and consulting
organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu,
NTT, Symantec, Verizon, and Wipro. The company is also a founding
member of the Cloud Security Alliance (CSA). 
For more information, please visit 
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of
Qualys, Inc. All other products or names may be trademarks of their
respective companies. 
Image Available: 
Image Available: 
Melinda Marks
Qualys, Inc.
(650) 801-6242 
Rod McLeod
The Bateman Group for Qualys
(415) 503-1818 
Press spacebar to pause and continue. Press esc to stop.