Raina Solutions - On Demand Vulnerability Management and Policy Compliance from Qualys, Inc.

Free Tools and Trials

Try one of Qualys' free on demand vulnerability management lifecycle tools, or register for one of QualysGuards 14-day trials to identify and eliminate security vulnerabilities on your network so that you can achieve and maintain compliance. There's nothing to install or download - all you need is a publicly facing IP and a web browser to scan your network.

First Name: *

Last Name: *

Title: *

Email: *

Phone: *

Company: *

Country: *

Network Size: *

IT Security & Compliance | Delivered as a Service

For businesses today, managing IT security risk and meeting compliance requirements is paramount

The past decade has seen an unprecedented wave of security breaches that have compromised the integrity of company-owned information—resulting in substantial financial and operational loss while devastating the confidence of customers, business partners and stakeholders. This tide of events has led to the establishment of technical standards, IT governance frameworks and laws designed to improve and enforce security—creating further pressure for organizations to define, control and govern their IT infrastructures more effectively.

Qualys’ on demand approach to security and compliance enables organizations of all sizes to successfully perform vulnerability management, policy compliance and web application security initiatives cohesively, while reducing costs and streamlining operations.

Utilizing an innovative Software-as-a- Service (SaaS) approach, the QualysGuard® Security and Compliance Suite incorporates Qualys’ industryleading vulnerability management service with a robust IT compliance solution, comprehensive web application scanning and malware detection services.

Together in one easy-to-use security management platform,
organizations can:

Define policies to establish a secure IT infrastructure in accordance with proper governance and best practices frameworks
Automate ongoing security assessments, and manage vulnerability risk on systems and applications effectively
Mitigate risk and eliminate threats utilizing the most trusted vulnerability management application in the industry
Monitor and measure IT compliance from one unified console—saving time and reducing costs
Distribute security and compliance reports customized to meet the unique needs of business executives, auditors and security professionals

Globally Deployable, Scalable Security Risk
& Vulnerability Management

The core foundation of the QualysGuard Security and Compliance Suite is Qualys’ award-winning vulnerability management application. QualysGuard VM automates all steps of the vulnerability management lifecycle process, enabling the immediate discovery of all devices and applications across your network while accurately identifying and helping you eliminate threats that make network attacks possible.

QualysGuard VM is priced as a prepaid annual subscription based on the number of IPs scanned (External + Internal). Sign up for free trial

QualysGuard Vulnerability Management (VM) enables you to:

Discover and prioritize all network assets with no software to install or maintain Identify and fix security vulnerabilities proactively Manage and reduce business risk Ensure compliance with laws, regulations and corporate security policies Distribute remediation efforts via a comprehensive workflow engine Integrate with 3rd party and customer applications via extensible XMLbased API

Automated PCI Compliance Validation for Merchants
& Acquiring Institutions

QualysGuard PCI provides businesses, online merchants and Member Service Providers the easiest, most cost-effective and highly automated way to achieve Payment Card Industry (PCI) DSS compliance. QualysGuard PCI draws upon the same highly accurate scanning infrastructure as QualysGuard VM—used by thousands of organizations around the world to protect their networks from the security vulnerabilities that make attacks against networks possible. Qualys is an Approved Scanning Vendor (ASV).

QualysGuard PCI is priced as a prepaid annual subscription based on the number of external IPs scanned. Sign up for free trial

QualysGuard PCI Compliance (PCI) enables you to:

Protect cardholder information and keep networks secure from attacks Complete an annual PCI DSS “Self- Assessment Questionnaire” Pass a network security scan every 90 days by an approved scanning vendor Document and submit proof of compliance to acquiring banks Meet requirement 6.6 by performing automated web application scans on publicly facing sites

Free Malware Detection Service Protects
Your Customers & Safeguards Your Brand

Thousands of web sites are infected with malware daily, propagating the infection to visitors of their web sites at an increasing speed. To combat these threats, QualysGuard Malware Detection is a FREE service that proactively scans web sites of any size, anywhere in the world for malware infections and threats. QualysGuard Malware Detection provides businesses with automated alerts and in-depth reporting for effective remediation of identified malware to help protect their web sites and visitors from malware.

Malware Detection is a FREE service, Sign up

QualysGuard Malware Detection (MAL) delivers:

Automated malware detection on externally facing web sites Immediate insight into malware issues through automatic daily scanning Automated alerting system when malware is found Simple user interface that is easy to use Uses both Behavioral and Static Analysis methods resulting in near zero false positives Identification of vulnerable code snippets for quick and easy removal Aids in protecting your customers’ systems Scales to scan millions of URLs on a daily basis

QualysGuard Security and Compliance Suite

Primary Feature Comparison	Enterprise Edition	Express Edition
Configuration Options
Maximum Number of Users	Unlimited	6
Maximum Number of IPs	Unlimited	3,072
Maximum Number of Intranet Scanners	Unlimited	2

QualysGuard Vulnerability Management
Network Discovery and Asset Prioritization	✔	✔
Identifies and Fixes Vulnerabilities	✔	✔
Remediation Workflow Engine	✔	✔
Distributed Scanning	✔	N/A
Reporting and Scorecards	✔	✔
Report Sharing	✔	N/A
Advanced API Integration	✔	Limited

QualysGuard Policy Compliance Policy Definition and Customization
Policy Definition and Customization	✔	✔
Compliance Scanning	✔	✔
Compliance Reporting	✔	✔
Exception Handling and Management	✔	✔

QualysGuard PCI Compliance
Network Security Scans	✔	✔
Integrated Self-Assessment Questionnaire	✔	✔
Integrated Compliance Report Submission	✔	✔
and Online Certification	✔	✔

QualysGuard Web Application Scanning
Crawling and Link Discovery	✔	✔
Assessment of Web Applications	✔	✔
Reporting and Scorecards	✔	✔

QualysGuard Malware Detection
Behavioral Analysis	✔	✔
Static Analysis	✔	✔
Automated Alerts	✔	✔

Qualys GO SECURE
Perimeter Vulnerability Scanning	✔	✔
Malware Detection	✔	✔
SSL Certificate Validation	✔	✔
Qualys SECURE Seal	✔	✔


Pricing and Availability


QualysGuard Security and Compliance Suite is now available in both Enterprise and Express configurations. Pricing varies based on the number of users, IPs, web applications and QualysGuard Scanner Appliances required. QualysGuard is sold as an annual subscription that includes unlimited scanning for a specific number of devices or web applications, 24x7 customer support, all maintenance and the cost of the scanner appliances. QualysGuard Malware Detection is a free service.

Qualys has thousands of subscribers around the world including more than 40 of the Fortune Global 100 and has the world’s largest vulnerability management deployment at a Fortune Global 50 company with over 223 appliances, distributed in 53 countries and scanning over 700,000 systems.

“QualysGuard gives us the ability to detect our vulnerabilities across our network and really ensure that we have the level of security and compliance we need.”
“QualysGuard is a very good example of a product that we’ve been able to deploy and rely upon, and not have to worry about being its architects.”
“QualysGuard helps us to make sure our network is secure and that our systems, and those of our customers, are hardened as well.”
“QualysGuard has made the job of auditing our network much easier. Qualys takes care of that nightmare.”

Download a .pdf printable version

7 Common Mistakes

Integrated View of IT Security and Compliance

Understanding your overall security posture— and doing so in relation to compliance requirements— has historically been time consuming, costly to implement, difficult to manage, and limited in terms of cross-functional information use.

QualysGuard Security and Compliance Suite eliminates network and application auditing as well as compliance inefficiencies by leveraging your organization’s core IT security information. As one consolidated suite, groups with different responsibilities can access and respond to similar information for their specific needs.

QualysGuard IT Security & Compliance Suite includes:

QualysGuard Vulnerability Management

Globally Deployable, Scalable Security Risk and Vulnerability Management

QualysGuard Policy Compliance

Define, Audit, and Document IT Security Compliance

QualysGuard PCI Compliance

Automated PCI Compliance Validation for Merchants and Acquiring Institutions

QualysGuard Web Application Scanning

Automated Web Application Security Assessment and Reporting that Scales with Your Business

QualysGuard Malware Detection

Free Malware Detection Service for Web Sites

Qualys GO SECURE

Web Site Security Testing Service and Security Seal that Scans for Vulnerabilities, Malware and SSL Certificate Validation

Agent-less Solution to Define Policies, Collect IT Compliance Data & Manage Exceptions

QualysGuard Policy Compliance extends QualysGuard’s global scanning capabilities to collect OS configuration and application access controls from hosts and other assets within your organization, and maps this information into policies, identifies violations for remediation, and documents IT policy compliances with regulations and mandates. Together with QualysGuard VM, an organization can reduce the risk of internal and external threats, while at the same time provide proof of compliance demanded by auditors across multiple compliance initiatives.

QualysGuard PC is priced as a prepaid annual subscription based on the number of IPs scanned (External + Internal). Sign up for a free trial at: http://www.qualys.com/FREETRIAL

QualysGuard Policy Compliance (PC) delivers:

Identification of policy violations across all network assets with no software to install or maintain
Automated, agent-less compliance auditing using the same QualysGuard infrastructure used for vulnerability scanning
Comprehensive controls library based on CIS and NIST standards— mapped directly to frameworks and regulations such as COBIT, ISO, HIPAA, Basel II, etc.
Customizable auditing capabilities for multiple regulatory initiatives and mandates

Automated Web Application Security Assessment & Reporting that Scales with Your Business

QualysGuard Web Application Scanning provides automated crawling and testing for custom web applications. Users can manage web applications, launch scans, and generate reports. The automated nature of the service enables regular testing that produces consistent results, reduces false positives and easily scales for large numbers of web sites.

QualysGuard WAS is priced as a prepaid annual subscription based on the number of web applications (URLs) scanned. Sign up for a free trial at: http://www.qualys.com/FREETRIAL

QualysGuard Web Application Scanning (WAS):

Lowers total cost of operations by automating repeatable testing processes
Identifies vulnerabilities of syntax and semantics in custom web applications
Performs both authenticated and non-authenticated crawling and auditing
Profiles the target application to ensure accuracy and reduce false positives
Scales to any number of web applications, internal or external, and can be used in production or development environments.

Secure Your Web Sites from Malware & Vulnerabilities & Increase Sales

Qualys GO SECURE is a new service that allows businesses of all sizes to scan their web sites for the presence of malware, network and web application vulnerabilities, as well as SSL certificate validation. Once a web site passes these four comprehensive security scans, the Qualys GO SECURE service generates a Qualys SECURE seal for the merchant to display on their web site demonstrating to online customers that the company is maintaining a rigorous and proactive security program.

Qualys GO SECURE is priced as a prepaid annual subscription based on the number of web sites. Sign up at: http://www.qualys.com/GOSECURE

Qualys GO SECURE validates that a web site has gone through a comprehensive security audit by scanning for:

Perimeter vulnerabilities

identifying externally facing vulnerabilities of the web server that could give attackers access to information stored on the host

Web application vulnerabilities

by crawling and injecting http requests to the web application to identify vulnerabilities such as SQL injection and cross-site scripting (XSS)

Malware detection

to identify malicious software that could be hosted by the web site and infect its visitors

SSL certificate validation

to verify the web site is using an up-to-date SSL certificate from a trusted certificate authority (CA) for encryption of sensitive information during online transactions

About Qualys

Through its on demand IT security risk and compliance management solutions, Qualys makes it possible for organizations to strengthen the security of their networks and applications, and conduct automated security audits that ensure regulatory compliance and adherence to internal security policies.

Qualys is the only security company that delivers these solutions through a single Software-as-a-Service platform: QualysGuard. All of Qualys’ on demand solutions can be deployed within hours anywhere around the globe, providing customers an immediate view of their security and compliance posture. As a result, QualysGuard is the most widely deployed security on demand solution in the world, performing more that 250 million audits per year.