The document provides an overview of a cloud-based security solution, summarizing its key capabilities in securing devices and data in cloud environments. Specifically, it outlines the solution's vulnerability management, security model, scalability and ease of use. Compliance with standards like PCI DSS and frameworks like NIST is also highlighted.

1. !
!
!"#$%$&'$%(!)*+$,$%"$,(
"#$$%&!'$(&!)"*+&!)$,"!
",-!./!"0123!#452667824(2!$94!:;9!
-..+/00"%1(23.$450((
64%$,"7(8)9%/+$*"9"&4(:$%.07$;/((
#"$(
8)9%/+$*"9"&4(<$%$1/,/%&($0($(!/+#"7/(
+$,+<*#"!=>?6?!@>AB>3!
CDE5!./!'?0!CFDG!

2. =%(2'/(>/?&(@A(<"%)&/0B(
• :372/!#453.9>(H.4!5.!I.9?0JE!K>6423?176750!
@?49E(?B2!
• I;2!:78!$;7L!5.!"6.>9M:?E29!K'!
• K'!:>023JE!";2(N67E5!
• O.P!Q>?60E!"?4!O26B!5;2!,4523B37E2!74!I23AE!./!
:>E742EE!?49!$2(>3750!%.E5>32!
• R2B6.0A245!P75;!R7S23245!$2(>3750!$.6>H.4E!!
• %"#!R$$!".AB67?4(2!
• QT+!
C!

3. !/7)+"&4(8)9%/+$*"9"&4(6/C%/.(
• -(0/7)+"&4(#)9%/+$*"9"&4("0($(D/$E%/00("%($(;+3.)7&(&'$&(73)9.(
$993D($%($F$7E/+(&3(73,;+3,"0/(&'/("%&/1+"&4G($#$"9$*"9"&4(3+(
73%C./%H$9"&4(3I(&'$&(;+3.)7&J(

4. U!

5. V!

6. K)++/%&(!/7)+"&4(6"9/,,$(
• "0123M5;32?5E!?49!328>6?H.4E!9.4J5!(?32!
?1.>5!1>E742EE!E7W2!
• $.LP?32!X?PEY!?4!2Z23!83.P748!(.4(234!
• I;2!2[524929!1>E742EE!37ENY!B?35423E&!
E>BB6723E&!?49!.5;23!E5?N2;.6923E!

7. L'4(K3,,3%(-;;+3$7'/0(&3(
=%I3+,$H3%(!/7)+"&4(M$"9(
• -B24!E.>3(2!E2(>3750!5..6E!
• #I!7E!5?EN29!5.!A?4?82!5;2!E2(>3750!(;?662482E!
• <.5!?!(.AA.4!?8249?!?5!5;2!:.?39!62Z26!

8. O.P!R.!.>!I?(N62!I;2!<2P!
K>6423?176750!@?49E(?B2]!

9. N4(!H99(O,;934"%1(&'/(P9.(!7'339(!&49/(

10. 2'/(N"1(!'"Q(&3(K93).RN$0/.(!/7)+"&4(
• <30&(3I()0($+/(I$,"9"$+(D"&'(&'/(*/%/C&0(3I(793).($%.(!$$!(*4(
%3DS(93D(730&G(I$0&/+RH,/R&3R#$9)/G(T/?"*"9"&4G($0(D/99($0(;$4R$0R
3%/(13/0(

11. K'!$.6>H.4!:>023JE!";2(N67E5!

12. 8<(!39)H3%(N)4/+50(K'/7E9"0&((
• +3(;752(5>32!
• $2(>3750!
• $(?6?176750!^!,?E2!./!_E2!
• +((>3?(0!^!
%23/.3A?4(2!
• R7E(.Z230!^!'?BB748!
• $(?44748!
• `2B.3H48!
• `2A297?H.4!
• %.67(0!".AB67?4(2!
• '?4?82A245!
• ".E5!
• $.6>H.4!%3.Z7923!

13. 8<(N)4/+50(K'/7E9"0&(R(-+7'"&/7&)+/(
• O.P!7E!5;2!K'!E.6>H.4!9267Z2329]!
• R.2E!5;2!E.6>H.4!.S23!?!83?B;7(?6!>E23!74523/?(2]!
• R.!#!;?Z2!5.!3>4!?4!?8245!.4!?66!A0!425P.3N29!92Z7(2E]!
• R.2E!5;2!B3.9>(5!32a>732!A2!5.!3>4!?!R:]!
• b;0!E;.>69!#!(.4E7923!>E748!$??$!/.3!K']!

14. 8<(N)4/+50(K'/7E9"0&(R(!/7)+"&4(
• b;?5!7E!5;2!E2(>3750!A.926!>E29!5.!B3.52(5!5;2!E.6>H.4]!
• O.P!7E!5;2!E.6>H.4!B;0E7(?660!B3.52(529]!
• O.P!9.2E!5;2!K'!E.6>H.4!B3.52(5!Z>6423?176750!9?5?!53?4EA7EE7.4]!
• b;?5!?((2EE!(.453.6E!1>765!745.!5;2!E.6>H.4]!
• O.P!9.2E!5;2!E.6>H.4!B3.52(5!Z>6423?176750!E(?4!9?5?]!

15. 8<(N)4/+50(K'/7E9"0&(U(!7$9$*"9"&4(V(O$0/(
3I(W0/(
• b;?5!9.2E!75!A2?4!5.!E?0!?!K'!E.6>H.4!(?4!E(?62]!
• O.P!9.2E!5;2!K'!E.6>H.4!E(?62!5.!;?4962!A0!425P.3N!E7W2]!
• #E!5;2!K'!E.6>H.4!/>660!?>5.A?529]!
• b;?5!62Z26!./!E>BB.35!(.A2E!P75;!5;2!E.6>H.4]!
• R.2E!5;2!E>BB.35!74(6>92!53?74748]!
• O.P!9.2E!5;2!E.6>H.4!745283?52!P75;!.5;23!?BB67(?H.4E]!

16. 8<(N)4/+50(K'/7E9"0&(U(-77)+$74(V(
X/+I3+,$%7/(
• O.P!?((>3?52!7E!5;2!K'!E.6>H.4]!
• b;232!9.2E!5;2!K'!E.6>H.4!825!75E!7452667824(2!?1.>5!
Z>6423?1767H2E]!
• O.P!9.2E!5;2!E.6>H.4!>B9?52!75E!R:!P75;!5;2!6?52E5!Z>6423?1767H2E]!
• "?4!A0!E(?4!B.67(72E!?>5.A?H(?660!74(6>92!42P!Z>6423?176750!
E784?5>32E]!
• O.P!9.2E!5;2!K'!E.6>H.4!97EB6?0!Z>6423?1767H2E]!

17. 8<(N)4/+50(K'/7E9"0&(U(6"073#/+4(V(
<$;;"%1(
• #E!97E(.Z230!^!A?BB748!?!(.AB.4245!./!5;2!E.6>H.4]!
• R.2E!5;2!E.6>H.4!A?N2!75!2?E0!5.!7924H/0!?66!92Z7(2E!.4!A0!
425P.3N]!
• b;?5!74/.3A?H.4!9.2E!A?BB748!32Z2?6!?1.>5!5;2!425P.3N]!
• "?4!5;2!E.6>H.4!97E(.Z23!c3.8>2d!92Z7(2E]!
• "?4!5;2!E.6>H.4!(.3326?52!A?BB748!9?5?!P75;!.>3!1>E742EE!>475E]!

18. 8<(N)4/+50(K'/7E9"0&(U(!7$%%"%1(
• b;?5!?32!5;2!5.B!5;748E!5.!6..N!/.3!74!?!Z>6423?176750!E(?4423]!
• R.!#!;?Z2!5.!A?4>?660!6?>4(;!2?(;!E(?4]!
• R.2E!5;2!E.6>H.4!E>BB.35!2[5234?6!T!745234?6!E(?4Ee!P75;!?66!9?5?!
74!.42!B6?(2!?49!P75;.>5!B.N748!?!;.62!74!A0!f32P?66]!
• #E!5;2!E.6>H.4!?162!5.!c5>31.(;?382d!E(?44748!EB229]!
• b;?5!?1.>5!E(?44748!425P.3NE!.P429!10!1>E742EE!B?35423E]!
• R.2E!5;2!E(?4423!E>BB.35!c53>E529!E(?44748d]!

19. 8<(N)4/+50(K'/7E9"0&(U(Y/;3+H%1(
• b;?5!50B2E!./!32B.35E!9.2E!5;2!E.6>H.4!B3.Z792]!
• b;?5!c(?4429d!.>5M./M1.[!32B.35E!?32!B3.Z7929!10!5;2!E.6>H.4]!
• b;?5!?32!5;2!E.6>H.4JE!52AB6?52!?49!(>E5.A!32B.3H48!
(?B?1767H2E]!
• O.P!9.2E!5;2!E.6>H.4!32B.3H48!3?4N!Z>6423?1767H2E]!
• "?4!5;2!E.6>H.4!E;?32!32B.35!P75;!92E784?529!B2.B62]!
• b;?5!/.3A?5E!9.2E!5;2!E.6>H.4!B3.Z792!/.3!2[5234?6!32B.35!
?BB67(?H.4E]!
• #E!5;232!(?B?176750!/.3!53249!?4?60E7E!?49!97S2324H?6!32B.3H48]!
• +32!5;2!32B.35E!5.!;26B!>E!(.AB60!P75;!%"#&!O#%++&!$-g!?49!.5;23!
328>6?H.4E]!
• "?4!5;2!E.6>H.4!P.3N!P75;!.5;23!$2(>3750!#4/.3A?H.4!
'?4?82A245!52(;4.6.872E]!

20. 8<(N)4/+50(K'/7E9"0&(U(Y/,/."$H3%(
• b;0!745283?52!32A297?H.4!P75;!Z>6423?176750!E(?4423]!
• O.P!9.2E!5;2!E.6>H.4!7AB62A245!32A297?H.4!B.67(0]!
• #E!5;232!?!B?3H(>6?3!.3923!74!P;7(;!5;2!E0E52A!E(;29>62E!
32A297?H.4]!
• b;?5!;?BB24E!P;24!?!H(N25!7E!82423?529]!
• R.2E!5;2!E.6>H.4JE!H(N2H48!/>4(H.4!745283?52!P75;!2[5234?6!
E0E52AE]!
• O.P!9.2E!5;2!E.6>H.4!A?4?82!32A297?H.4!2S.35E]!

21. 8<(N)4/+50(K'/7E9"0&(U(X39"74(K3,;9"$%7/(
• b;0!745283?52!B.67(0!(.AB67?4(2!P75;!K'!E.6>H.4]!
• O.P!7E!5;2!E.6>H.4!>E29!10!5;2!?>975.3E]!
• R.2E!5;2!E.6>H.4!E28328?52!?EE25E!/.3!(.AB67?4(2]!
• b;?5!B.67(72E!?49!(.453.6E!9.2E!5;2!E.6>H.4!E>BB.35]!
• "?4!5;2!E.6>H.4!E>BB.35!2[7EH48!B.67(72E]!
• O.P!9.2E!5;2!E.6>H.4!B3.Z792!?!B3.52(529!?>975!53?76]!

22. 8<(N)4/+50(K'/7E9"0&(U(<$%$1/,/%&(
• O.P!9.2E!5;2!E.6>H.4!?66.P!0.>!5.!A?4?82!?EE25E]!
• O.P!9.2E!5;2!E.6>H.4!?66.P!0.>!5.!A?4?82!>E23E]!
• O.P!9.2E!5;2!E.6>H.4!P.3N!P75;!(.AB62[!425P.3N!(.4f8>3?H.4E]!
• #E!5;232!?40!E0E52A!A?74524?4(2!32a>7329&!E>(;!?E!B?5(;748!
E(?4423!E.LP?32]!
• b;?5!?(H.4E!?32!32a>7329!5.!A?4?82!?(HZ750!10!?>975.3E]!

23. 8<(N)4/+50(K'/7E9"0&(U(K30&(
• b;?5!?32!5;2!(.E5E!./!9.748!K'!P75;!53?97H.4?6!E.LP?32!
E.6>H.4E]!
• #E4J5!75!(;2?B23!5.!;732!?!(.4E>65?45]!
• "?4!#!E?Z2!A.420!10!>E748!/322&!.B24ME.>3(2!E.LP?32]!
• R.2E!>E748!(.AA23(7?6!K'!E.LP?32!.S23!?!A.32!(.E5M2S2(HZ2!
.BH.4]!
• O.P!9.2E!$??$!6.P23!5;2!(.E5E!./!K']!
• *3.A!?4!.B23?H.4?6!B23EB2(HZ2&!P;?5!.5;23!P?0E!9.2E!$??$!6.P23!
(.E5E]!
• +E792!/3.A!92B6.0A245!E?Z748E&!7E4J5!$??$!h>E5!?E!2[B24E7Z2!?E!
>E748!E.LP?32]!
• b;?5!?32!5;2!cE.L!(.E5Ed!6.P2329!10!$??$]!!

24. 8<(N)4/+50(K'/7E9"0&(U(!39)H3%(X+3#"./+(
• b;?5!7E!5;2!E.6>H.4!B3.Z7923JE!1>E742EE!;7E5.30!?49!A?3N25!
E532485;]!
• b;?5!7E!5;2!E.6>H.4!B3.Z7923JE!K'!B3.9>(5!6742]!
• b;.!?32!E.A2!./!5;2!E.6>H.4!B3.Z7923JE!(>E5.A23E]!
• b;.!?32!E.A2!./!5;2!E.6>H.4!B3.Z7923JE!B?35423E]!
• b;?5!32(245!?P?39E!;?E!5;2!E.6>H.4!B3.Z7923!P.4!/.3!75E!E.6>H.4]!
• "?4!#!825!?!/322!2Z?6>?H.4!./!5;2!K'!E.6>H.4]!

25. O.P!Q>?60E!"?4!O26B!5;2!,4523B37E2!
74!I23AE!./!!
:>E742EE!?49!$2(>3750!%.E5>32!

26. Z)$940($&($([9$%7/(
Ci!
-(;"3%//+($%.(9/$./+("%(K93).(!/7)+"&4((K3,;9"$%7/(
]GAAA^(
!
">E5.A23E!
(_AA^( ".>45372E!
`a_<( @I'!
`2Z24>2Ej!
Q>?60E)>?39!"6.>9!%6?k.3A!T!$>752!./!#45283?529!$.6>H.4E!
I;2!DC!A.45;E!24929!R2(2A123!GDE5!!CFDC!

27. N9)/(K'";([93*$9(K)0&3,/+(N$0/(
]G_bA^(K)0&3,/+0(
6-=<:OY(
Cl!
l!./!5.B!DF!74!`25?76!
i!./!5.B!DF!74!";2A7(?6!
m!./!5.B!DF!74!:7.52(;4.6.80!
V!./!5.B!DF!74!"?3!'?4>/?(5>3748!
V!./!5.B!DF!74!:?4N748!
i!./!5.B!DF!74!'297?!
i!./!5.B!DF!74!I262(.AA>47(?H.4E!
n!./!5.B!DF!!74!$.LP?32!
V!./!5.B!DF!74!:>E742EE!$23Z7(2E!
m!./!5.B!DF!74!I2(;4.6.80!
:?E29!.4!*.312E!)6.1?6!CFFF!"6?EE7f(?H.4!

28. W%./+0&$%."%1(&'/(!/7)+"&4(X'"9303;'4(
"%(-7H3%(
Visibility
Awareness
Protection
Do I know what I have?
Do I know what is vulnerable?
Are my policies in place?
Are my web applications secure?
Am I actually at risk?
What is the impact if exploited?
Uptime vs Exploitation?
Brand reputation?
Customer data?
When and how best to patch?
How else can I protect if there is no patch
available?
Mitigation?
28

29. !->!(cA(K+"H7$9(K3%&+390(
Cn!

30. Q>?60E)>?39!"6.>9!$>752!./!#45283?529!
$2(>3750!T!".AB67?4(2!$.6>H.4E!
VMVM
Vulnerability
Management
PCPC
Policy
Compliance
PCIPCI
PCI
Compliance
Web Application
Firewall
*WAFWAFWASWAS
Web Application
Scanning
MDSMDS
Malware
Detection Service
SECURE
Seal
*In Beta
*
GF!
_47f29!?49!)6.1?6!K72P!./!$2(>3750!?49!".AB67?4(2!

31. ,[524E7162!$-"!%6?k.3A!
!
GD!
,[B?49748!5.!`2?6MI7A2!:78!R?5?!?49!".3326?H.4!

32. Z)$940[)$+.(!/7)+/.(P;/+$H3%(K/%&/+(=%I+$0&+)7&)+/(
GC!
! @?382E5!P.369P792!K'!92B6.0A245!P75;!CnG!E(?4423!74!UC!(.>45372E!!
E(?44748!.Z23!?!A7667.4!#%!oR?7A623p!
! I;2!K'!E5?49?39!?5!5;2!6?382E5!425P.3N!74!5;2!P.369!o)'p!
! n&FFF!q!$(?4423!+BB67?4(2E!74!DFFq!(.>45372E!

33. Q>?60E)>?39!K>6423?176750!'?4?82A245!
! @?52E5!,4;?4(2A245E!
– *.(>E!.4!32A297?H.4!
– r23.M9?0!B3297(H.4!745283?H.4!
– I7A2M1?E29!2[(2BH.4E!
– `>44748!N23426!Z>6423?16750!f6523!
– $(;29>629!32B.3H48!!
! _B(.A748!o*21^'?3(;p!!
– %?5(;!I>2E9?0!%3297(H.4!
– +A?W.4!,"C!E(?44748!
– +EE25!5?88748!745283?H.4!!
!
GG!

34. !!!!!!!!!!!r23.MR?0!+4?60W23!
!
!! r23.MR?0!+4?60W23!
– +66.PE!(>E5.A23E!5.!?4?60W2!W23.M
9?0!5;32?5E!?49!2EHA?52!5;273!
7AB?(5!.4!5;273!?EE25E!?49!(37H(?6!
E0E52AE!1?E29!.4!74/.3A?H.4!
(.662(529!/3.A!B32Z7.>E!E(?4!
32E>65Es!
! :242f5E!
– @?52E5!E784?5>32E!/.3!7R2/24E2!
2[(6>E7Z2!W23.M9?0!5;32?5E!
– ">E5.A7W?162!?623H48!?49!2A?76!
4.Hf(?H.4E!
– !+(H.4?162!9?5?!P75;!2EHA?52E!
?1.>5!P;?5!E0E52AE!?32!?5!37EN! http://www.qualys.com/zero-day!
GU!

35. Q>?60E)>?39!
+EE25!'?4?82A245!T!I?88748!
!! +EE25!I?88748!
– %?5245MB249748!52(;4.6.80!
24?162E!24523B37E2E!5.!2?E760!
A?4?82!A7667.4E!./!?EE25E!74!
6?382&!;78;60!904?A7(!
24Z73.4A245Es!
! :242f5E!
– R04?A7(!5?8E!62Z23?82!E(?4!
32E>65E!5.!?>5.A?H(?660!
.38?47W2!?EE25E!
– *?E5&!E(?6?162!5?8!?EE784A245!!
74!42?3!32?6MHA2!
– *62[7162!T!;723?3(;7(?6!
.38?47W?H.4!./!24523B37E2!
?EE25E!
GV!
http://www.qualys.com/forms/asset-tagging/!

36. Q>?60E)>?39!b21!+BB67(?H.4E!
$(?44748!
! @?52E5!,4;?4(2A245E!
– +>5;24H(?H.4!P75;!$26247>A!
– :3?49!42P!?(H.4?162!32B.3H48!
– b21!?BB!f4823!B374H48!
– <2P!ZG!+%#!/.3!?>5.A?H.4!
! _B(.A748!o'?3(;p!!
– 'R$!?49!:>3B!745283?H.4!
– I322!Z72P!
– #45283?H.4!P75;!'R$&!K'!?49!b+*!
Gi!

37. '7(3.E.L!"?E2!$5>90!

38. http://www.qualys.com/mds!
!!!!!'?6P?32!R252(H.4!$23Z7(2!
!
!! '?6P?32!R252(H.4!
– +66.PE!1>E742EE2E!5.!B3.?(HZ260!E(?4!
5;273!P21!B3.B23H2E!/.3!A?6P?32!
74/2(H.4E&!32(27Z2!?>5.A?529!?6235E!
?49!(32?52!74M92B5;!32B.35E!/.3!
7924Hf(?H.4!?49!32A.Z?6!./!A?6P?32!
/3.A!5;2E2!P21!E752Es!
! :242f5E!
– $(?6?162&!?>5.A?529!E(?44748!
– ,?E0M5.M_E2!>E23!74523/?(2!
– "2453?67W29!A?4?82A245!^32B.35E!
– +9Z?4(29!32A297?H.4!?49!?4?60E7E!
Gm!

39. Q>?60E)>?39!%.67(0!".AB67?4(2!
!
! ! @?52E5!,4;?4(2A245E!
– ).6924!#A?82!
– %.67(0^".453.6!7AB.35!2[B.35!!
– $(?4!b749.PE!?E!?!4.4!?9A74!
– b'#!a>230!/.3!_E23!92f429!(.453.6E!
– $.6?37E!DD&!,$g7&!`O,@i&!_1>45>!mMDC&!
'$$Q@!$23Z23!CFDC!
! _B(.A748!o'?3(;p!!
– <2P!%.67(0!,975.3!
– @74>[!4.4!?9A74!E(?44748!
– +BB67(?H.4!(.Z23?82!##$&!+B?(;2!
Gn!

40. http://www.qualys.com/forms/questionnaires/!
!!!!!!!!!!!!">E5.A7W?162!Q>2EH.44?732E!!
!!!!!!
!
!
! ">E5.A!Q>2EH.44?732E!
– ,4?162E!(>E5.A23E!5.!2?E760!1>769!
a>2EH.44?732E!>E748!5;2!_47f29!
".AB67?4(2!*3?A2P.3N!o_"*p&!?E!
P266!?E!62Z23?82!2[7EH48!1>E742EE!
B3.(2EE!P.3NX.PE!5.!2Z?6>?52!
(.453.6E&!8?5;23!9.(>A245E!?49!
2Z7924(2!?49!Z?679?52!(.AB67?4(2s!
– )+!74!'?3(;!!
! :242f5E!
– +>5.A?H.4!./!A?4>?6!?EE2EEA245E!
– +176750!5.!92f42^(>E5.A7W2!?>975!
P.3N!X.P!
– #49>E530!62?9748!B.67(0!32B.E75.30!!
./!42?360!DFFF!E5?49?39E!?49!
328>6?H.4E!Z7?!_"*!!
UF!

41. !!!!!!!!!!!!!!!!!$23Z7(2E!74!R2Z26.BA245!
!
!'.1762!R2Z7(2!$2(>3750!T!".AB67?4(2!
"6.>9!$2(>3750!+8245!E(?6?162!5.!A7667.4E!./!92Z7(2E!oQGJDG!:25?p!!
!
b21!+BB67(?H.4!+4?60H(E!
:78!9?5?!(.3326?H.4!(6.>9!1?(N249!5.!(.3326?52!?66!?BB67(?H.4!74/.!oQUJDG!:25?p!
!
$2(>32!b21!)?52P?0^_`@^".45245!*76523748!
:?E29!.4!5;2!Q>?60E)>?39!"6.>9!%6?k.3A!?49!"6.>9!$2(>3750!+8245!oQUJDG!:25?p!
!
b21!,[B6.75^`2A297?H.4!".4E.62!!
K237f2E!Z>6423?1767H2E&!82423?52E!2[B6.75E!?49!745283?52E!P75;!:>3B!$>752!oQUJDG!:25?p(
((
UD!

42. UC!
b21!+BB67(?H.4!$(?44748!GsF!
$>BB.35E!'?6P?32!R252(H.4!?49!:>3B!#45283?H.4!
@?382!92B6.0A245E!?5!'7(3.E.L!?49!.5;23E!

43. UG!
Q>?60E)>?39!/.3!+A?W.4!!
%32?>5;.37W29!/.3!,"C!?49!K%"!
+>5.A?529!97E(.Z230!?49!E(?44748!P75;74!,"C!?49!K%"!?EE25E!

44. UU!
:3.PE23";2(N!/.3!:>E742EE2E!
+>5.A?529!+>975E!./!:3.PE23E!?49!_E23EJ!%"E!
$(?62E!5.!A7667.4E!./!>E23E!!

45. UV!
$2(>3750!$23Z7(2E!?5!.>3!*74823HBE!
b21E752E&!-b+$%&!%?5(;!I>2E9?0&!$"+%!+>975E!
*322!(6.>9!E2(>3750!E23Z7(2E!5;?5!E(?62E!5.!A7667.4E!./!>E23E!

46. ">E5.A23!$>BB.35!
Ui!
!!!!->3!A7EE7.4!7E!5.!B3.Z792!5;2!749>E530JE!12E5!Z?6>2!74!E>BB.35!E23Z7(2E!10!9267Z23748!
P.369M(6?EE!52(;47(?6!?EE7E5?4(2!5;?5!2AB.P23E!.>3!(>E5.A23E!5.!A?[7A7W2!5;2!
1242f5E!./!.>3!E23Z7(2Es!
!
".66?1.3?HZ2!$>BB.35!'.926!
CU[l(
t b2!32(3>75!E247.3!62Z26!52(;47(?6!
B23E.4426!?49!53?74!E>1h2(5!A?u23!
2[B235E!P;.!P.3N!(6.E260!P75;!
24874223748!?49!.B23?H.4E!74!.3923!
5.!2[B29752!32E.6>H.4s!
t $53?5287(!74Z2E5A245!5.!74(32?E2!
86.1?6!E>BB.35!32E.>3(2E!10!GFv!74!
B3.832EE!5.!12!(.AB62529!249!./!
QDMCFDGs!
'2537(E!
t ".45?(5!3?H.!?5!w!D!(?66^A.45;!B23!
E>1E(37BH.4!
t "?66E!?32!?4EP2329!P75;74!D!A74s!
+1?49.429!3?52!w!Gv!86.1?660!
t +Z23?82!2A?76!32EB.4E2!HA2E!62EE!
5;?4!D!9?0!
t `2E.6>H.4!HA2!?Z23?82E!DF!9?0E!/.3!
(.AB62[!24523B37E2!7EE>2E!
Q>?60E!".AA>4750!
t -46742!(.AA>4750!/.3!12E5!B3?(H(2E&!
5;739!B?350!E>BB.35&!=4.P62982!:?E2&!
?49!53?74748!Z792.E!
t Q>?60E!%6?k.3A!$5?5>E!B?82!
747H?HZ2!74!B3.832EEs!
`29P..9!"750&!
"+!
$6.>8;&!_=!
`?6278;&!<"!
%;767BB742E!
Global Support
%>42&!#497?!

47. 6/;934,/%&(D"&'(
@+.(X$+&4(!/7)+"&4(
!39)H3%0(

48. #4523326?529!I2(;4.6.872E!?49!*>4(H.4E!
Um!
Qualys Vulnerability Management (VA)
Qualys Policy Compliance (SCA)
Qualys Policy Web Application Scanning (DAST)
Qualys API’s
Asset Management
Reporting
Remediation Workflow

49. Un!
Security Intelligence
Risk Management
Penetration Testing Network Behavior Intelligence
Network Access Control
IT-GRC
IDS/IPS
Help Desk Ticketing Systems
Access Management
WAF Integration
SIEM Integration

50. XK=(6!!(K3,;9"$%7/(

51. ".AB67?4(2!`2?E.4748!
<.4!(.AB67?4(2!7E!4.5!?4!.BH.4!

52. %"#!R$$!%374(7B62E!T!`2a>732A245E!

53. '23(;?45!T!$23Z7(2!%3.Z7923!@2Z26E!T!
K?679?H.4!+(H.4E!

54. K?679?H.4!`2a>732A245E!
Annual on-site
security audits
MasterCard and Visa require the largest merchants (level 1)
and service providers (levels 1 and 2) to have a yearly on-site
compliance assessment performed by a certified third-party
auditor
Annual self-
assessment
questionnaire
In lieu of an on-site audit, smaller merchants (levels 2, 3 and
4) and service providers (level 3) are required to complete a
self-assessment questionnaire to document their security
status.
Quarterly external
network scans
All merchants and service providers are required to have
external network security scans performed quarterly by a
certified third-party vendor. Scan requirements are rigorous:
all 65,535 ports must be scanned, all vulnerabilities detected
at a “High” severity level must be remediated, and two reports
must be issued—a technical report that details all
vulnerabilities detected with solutions for remediation, and an
executive summary report with a PCI approved compliance
statement suitable for submission to acquiring banks for
validation

55. $262(H48!?!%"#!<25P.3N!$2(>3750!
I2EH48!$23Z7(2!
Efficient
Vulnerability
Remediation
Process
Automated
Report
Preparation and
Online Filing
Accuracy

56. %"#!".AB67?4(2!x!=20!*2?5>32E!!
• -7'"/#/(XK=(K3,;9"$%7/(!&$&)0($%.(!/7)+/(>/&D3+E(I+3,(6$&$(
N+/$7'/0(

57. %"#!".AB67?4(2!x!=20!*2?5>32E!!
• K3%#/%"/%&94(K3,;9/&/(
&'/(XK=(d!/9I(-00/00,/%&(
Z)/0H3%%$"+/e(P%9"%/(

58. %"#!".AB67?4(2!x!=20!*2?5>32E!!
• Z)"7E94(O9","%$&/(
!/7)+"&4(2'+/$&0(D"&'(
6/&$"9/.(Y/,/."$H3%(
=%0&+)7H3%0(

59. %"#!".AB67?4(2!x!=20!*2?5>32E!!
• -)&3R!)*,"&(K3,;9"$%7/(!&$&)0(6"+/7&94(&3(&'/(-7f)"+"%1(N$%E0(

60. %"#!".AB67?4(2!x!
=20!*2?5>32E!!
• !/7)+/(L/*(-;;9"7$H3%0(
&3(<//&(XK=(]J](
Y/f)"+/,/%&0(
• >3(!3QD$+/(&3(6/;934(3+(
<$"%&$"%(
• O$04R&3RW0/G(K30&(Og/7H#/(
XK=(K3,;9"$%7/(2'+3)1'(
&'/(K93).(

61. 2'$%E(h3)(
K3%&$7&(W0(I3+($((
@AR6$4(M+//(2+"$9(?49^.3((
P%R!"&/(6/,3(?49^.3(XPK(
73%&$7&)0i74*/+"%&/99"1/%7/J,4(
(
3+(#"0"&(
DDDJ74*/+"%&/99"1/%7/J,4Vf)$940(

62. 6/;934,/%&(U(
@(X'$0/(-;;+3$7'(

63. *73E5!%;?E2!
• Discovery and Mapping
• Planning
− Setting up Asset Groups
− Setting Business Units and Users
− Setting up Scan Schedules
! Initial Phasing of Scans
! How to start incrementally and achieve stakeholder buying.
• Implementation
− Commence Light Weight Scanning
! Light weight asset scan
! Ensure able to scan all assets
− Define Scan Profiles
! Based Assets Groups
− Commence Profile Scans
! Review Results
− Adjust plan prior to next phase:
63

64. C49!%;?E2e!
• !/j%1();(&'/(Y/;3+&0(
− b;?5!32B.35E!?32!32a>7329!
! ,[2(>HZ2!`2B.35!
! %?5(;!`2B.35!
! $2Z23750!`2B.35!
− b;?5!62Z26!./!83?4>6?3750!!
− b;.!32(27Z2E!32B.35E!
− O.P!.L24!
• 2'/%(2/0&(!7$%%"%1($%.(Y/;3+&0(3#/+($(0,$99/+(0)*0/&(3I($00/&0(
• [$&'/+(I//.*$7E(3%S(
− `2B.35E!
− $(?44748!!
• 2'/%(+$,;(&3('$#/(73#/+$1/(3I($99($00/&0(
! b22N60!$(?4E]!
! $(?4!10!$>1425]!
! $(?4!10!$2(H.4!./!'>6HB62!$>1425E]!
• K)++/%&(X+37/00(
− `2Z72P!?49!*742!5>42!
64

65. I;739!%;?E2!
• Y/#"/D(D"&'(!&$E/'39./+(_0&(]A(6$40($%.(1$"%(I//.*$7E(
• =I($99("0(&'/%($77/;&$*9/(933E(&3(",;9/,/%H%1($)&3,$H3%(&'3)1'(
− $(?44748!!
− `2B.3H48!
− `2A297?H.4!b.3N!*6.P!
• !/j%1();(&'/(Y/,/."$H3%(L3+ET3D(
− ".4f3A29!@2Z26!V!P75;!=4.P4!,[B6.75E!
− I;24!?66!@2Z26!V!
− I;24!@2Z26!U!!
− I;24!@2Z26!G!25(ss!
• !/j%1();(&'/(O?/7)H#/(6$0'*3$+.(
• O0&$*9"0'(N$0/9"%/G(2+/%."%1($%.(!73+/(7$+."%1(kM3+(O$7'(NWV-00/&([+3);l(
• 2'/%BB(
− ".4E7923!+>5;24H(?H.4!K'!E(?4!7/!4.5!12748!(?33729!.>5!
− ".4E7923!745283?H.4!745.!G39!B?350!E2(>3750!E.6>H.4!
65

66. $>BB.3H48!$6792E!

67. _E?176750!?49!b.3NX.PE!
*62[7162!b21!CsF!_#!
Common User Experience Across all Applications
Interactive dashboards Powerful Workflows
Context-based UI Actionable Menus & Filters
67

68. _E?176750!?49!b.3NX.PE!
$(;29>629!32B.35E!
Streamline the process
of generating recurrent
reports
Secure distribution
Granular Notification
68

69. %37.37HW?H.4!?49!`2A297?H.4!I..6E^`2B.35E!
!
69
Patch Reports give you the most efficient list of patches to fix
the maximum number of vulnerabilities

70. K>6423?176750!I3249!`2B.35!
• 2'/(d8)9%/+$*"9"H/0(*4(!/#/+"&4(
3#/+(2",/e(1+$;'(#"0)$994(
"./%HC/0(&'/(&3&$9(%),*/+(3I(
73%C+,/.(#)9%/+$*"9"H/0($%.(
;3&/%H$9(#)9%/+$*"9"H/0($&(/$7'(
0/#/+"&4(9/#/9J(
((
• h3)(7$%(,3."I4(&'/(O?/7)H#/(
Y/;3+&(&/,;9$&/(&3("%79)./(
#)9%/+$*"9"&4(./&$"90($%.(
$.."H3%$9(1+$;'0G($%.(&3($.m)0&(
&'/(H,/(;/+"3.(&'$&(&'/(+/;3+&(
73#/+0J(!//(dO%&/+;+"0/(
Y/;3+H%1e("%(K'$;&/+(n(I3+(,3+/(
"%I3+,$H3%J(
70
!
CONFIDENTIAL |

71. _E?176750!?49!b.3NX.PE!
!Review all your scanning activity at a glance in a task oriented
agenda (map, VM scans, PC scans, WAS scans)
71

72. %37.37HW?H.4!?49!`2A297?H.4!I..6E^`2B.35E!
Q>?60E)>?39!r23.MR?0!+4?60W23!
http://www.qualys.com/zero-day
Allows customers to analyze
zero-day threats and estimate
their impact on their assets and
critical systems based on
information collected from
previous scan results.
Benefits
• Latest signatures for
iDefense exclusive zero-day
threats
• Customizable alerting and
email notifications
• Actionable data with
estimates about what
systems are at risk
72

73. %37.37HW?H.4!?49!`2A297?H.4!I..6E^`2B.35E!
Leverage the new indexing engine leveraged by tagging and allowing fast
searches.
73

74. Q>?60E)>?39!r23.MR?0!+4?60W23!
!
!
• o/+3R6$4(-%$94p/+(
– +66.PE!(>E5.A23E!5.!?4?60W2!W23.M
9?0!5;32?5E!?49!2EHA?52!5;273!
7AB?(5!.4!5;273!?EE25E!?49!(37H(?6!
E0E52AE!1?E29!.4!74/.3A?H.4!
(.662(529!/3.A!B32Z7.>E!E(?4!
32E>65Es!
• N/%/C&0(
– @?52E5!E784?5>32E!/.3!7R2/24E2!
2[(6>E7Z2!W23.M9?0!5;32?5E!
– ">E5.A7W?162!?623H48!?49!2A?76!
4.Hf(?H.4E!
– !+(H.4?162!9?5?!P75;!2EHA?52E!
?1.>5!P;?5!E0E52AE!?32!?5!37EN!
http://www.qualys.com/zero-day!
lU!

75. @+.(X$+&4(=%&/1+$H3%((

76. $.>3(2f32!#%$!#R$!#45283?H.4!
• Z)$940(#)9%/+$*"9"&4(.$&$(,$4("%79)./(#)9%/+$*"9"H/0(I3+($;;9"7$H3%0(&'$&(Y>-(,$4(%3&(./&/7&J(
• =,;$7&($%$940"0(/?;$%./.(&3(0/1,/%&0(3I(43)+(%/&D3+E(%3&(4/&(,3%"&3+/.(*4(Y>-(
• -.."H3%$9(73%&/?&)$9(%/&D3+E(./&$"9($%.(,3+/(/g/7H#/(",;$7&($%$940"0(
• O?&/%0"3%(3I(43)+("%#/0&,/%&("%(43)+(7)++/%&(039)H3%((
• =,;+3#/.(%/&D3+E(0/7)+"&4(
The joint solution delivers to customers a more accurate assessment of the detected incident facilitating
remediation prioritization and ultimately reducing the amount of incident response resources consumed by
non-critical or non-relevant incidents.
li!

77. *V!b+*!#45283?H.4!
• [+/$&/+($;;9"7$H3%(0/7)+"&4(
• M$0&/+(=,;9/,/%&$H3%(
• :3D/+(+"0E(,$%$1/,/%&(
(
QualysGuard scans applications to identify vulnerabilities and can directly configure BIG-
IP ASM policies to implement a “virtual patch” that blocks malicious attacks.
ll!

78. +`"O,`!#IM)`"!#45283?H.4!
• -)&3,$&/.(K399/7H3%(3I(8)9%/+$*"9"&4($%.(K3,;9"$%7/(6$&$(
• =%&/1+$&/.(Y/;3+H%1(I3+(=2([YK(Og3+&0(((
• Y"0E(K9$00"C7$H3%($%.(X+"3+"Hp$H3%(
• [+/$&/+($;;9"7$H3%(0/7)+"&4(
• M$0&/+(=,;9/,/%&$H3%(
• :3D/+(+"0E(,$%$1/,/%&(
(
QualysGuard integration with IT-GRC solutions allows customers to automatically import vulnerability
or compliance information from QualysGuard into their IT-GRC solution.
lm!

79. $#,'!#45283?H.4!
• Y/$9RH,/(/#/%&(73%&/?&)$9"p$H3%(I3+(/%&/+;+"0/(0/7)+"&4("%&/99"1/%7/(
• -.$;H#/(./I/%0/(I3+(;+3&/7H%1(#)9%/+$*9/($00/&0(
• M37)0/.($%.($)&3,$&/.(#)9%/+$*"9"&4(07$%%"%1(I3+(&$+1/&/.(./#"7/0(
• 2"1'&("%&/1+$H3%(I3+(73%039".$&/.(&'+/$&(,$%$1/,/%&(
The integration enables the joint solution to automatically launch on-demand scans based on
environment changes or policy compliance rules, prioritize events and provide detailed vulnerability
information through one central interface.
ln!