成功の鍵 - スケジュールと予算に合うオンデマンドソリューション
Qualys ソリューションがお客様にもたらした成果こそが、Qualys にとっての成功です。業務の特殊性、文化、規模を問わず、お客様が成功するためには、ビジネス目標と歩調を合わせて効果的な IT セキュリティや規制へのコンプライアンスを実現できなければなりません。Qualys が何千社もの企業をどのようにサポートしてきたか、実際のお客様の声を集めました。
Industry:
Education
Headquarters:
New London, New Hampshire
Students:
985+ undergraduates
Employees:
380+
"I can tell you that all of the time and effort we've invested in security has paid off. Our workload has been cut dramatically. We're much more efficient now — and much more secure. Qualys provides us the easiest way to prioritize and fix our software vulnerability and configuration issues. You plug it in, and it works."
Information Security Analyst
Objectives
- Provide effective IT security throughout its network to ensure a secure and highly-available academic environment.
- Manual vulnerability scans lacked visibility into Colby-Sawyer infrastructure, and failed to easily identify servers and vulnerabilities that jeopardized security and compliance efforts.
Results
- QualysGuard quickly became a critical part of its risk management program, enabling the college to conduct daily scans of its critical servers and externally-facing network addresses.
- Automated on demand security and vulnerability audits, highly accurate vulnerability and configuration scans, and comprehensive reporting capability.
Industry:
Financial Services
Headquarters:
Osceola, Iowa
Locations:
5 branches throughout Iowa
Total Assets:
$289.4 million
"When we receive notifications from our QualysGuard scans we instantly see a comparison to the previous scan and know if everything is okay, or if there is a new vulnerability we need to take care of right away."
Network Administrator
Objectives
- Secure American State Bank's new online banking services.
- Meet internal and FDIC security compliance demands.
Results
- QualysGuard Express enables the bank to quickly and cost-effectively reduce security risks throughout the organization and meet complex banking regulatory demands.
Industry:
Financial Services
Headquarters:
San Francisco, California
Locations:
680+ branches throughout US
Employees:
10,700+
Customers:
3+ million households throughout 19 states
Total Assets:
$54 billion
"The QualysGuard solution is easiest to deploy, requires the least maintenance in terms of day-to-day care and feeding, has the least potential for conflicts with our existing platforms and production environment, and is economical."
VP of Network Engineering and Operations
Objectives
- Efficiently identify and eliminate network vulnerabilities across multiple operating system platforms and applications.
- Regulatory reporting to prove security compliance.
- Rapid deployment and user training for a reliable vulnerability management solution.
- Ability to easily handle branch and company expansion.
Results
- With QualysGuard, Bank of the West was able to scan their entire network within hours and successfully identify and eliminate risks.
- Able to now meet regulatory security requirements using QualysGuard reports.
- Bank of the West has been able to effortlessly increase their use of QualysGuard as the network demands of the bank grow without any additional overhead or staff.
Industry:
Financial Services
Headquarters:
Cincinnati, Ohio
Business
Diversified financial services company
Locations:
Operates 18 affiliates with 1,167 full-service banking centers throughout the US
Employees:
21,000+
Annual Revenue
$8.5+ billion
Total Assets:
$220 billion in managed assets
"It's not about being secure the day the auditors show up. It's about being secure and compliant every month, week, day, and hour. And QualysGuard helps us to achieve and demonstrate that continuous level of security and compliance."
Manager of Information Security Vulnerability Management Team
Objectives
- Fifth Third's vulnerability management team, dedicated to keeping 5,000 servers and 30,000 desktops secure, needed to move away from manual-based scanners that only allowed the team to run ad-hoc scans, and lacked the ability to centrally manage vulnerability data or trend the bank's risk management progress over time.
- Attain more accurate scan results and organize data by business units, system platforms, and any other way needed.
Results
- Fifth Third has 20 QualysGuard appliances deployed that continuously audit more than 30,000 specific IP addresses automatically throughout the bank's infrastructure.
- Via QualysGuard's ability to assign highly-specific asset tags, the bank can now parse its vulnerability information in any way it needs. The bank can break down its reporting by machine types, business units, and many other ways.
- Fifth Third has improved efficiency via the use of QualysGuard's API to automate report distribution to all IT managers, systems administrators and others.
Industry:
Financial Services
Headquarters:
New Orleans, Louisiana
Locations:
9 branches throughout New Orleans
Employees:
200+
"Not only do we use QualysGuard to perform all of our vulnerability assessments, it also helps us demonstrate compliance with financial regulations and manage overall business risk. We now have direct control over assessment and remediation — and a truer picture of security for the Bank's management."
Data Security Officer
Objectives
- Improve vulnerability assessment management and remediation processes.
- Cost-efficiently strengthen the security of bank networks, computers and applications.
Results
- QualysGuard Express provides cost-efficient, on demand vulnerability management - reducing risks and improving network security for the bank.
Industry:
Financial Services
Headquarters:
New York, New York
Locations:
Global commodity futures and options trading exchange
"All it took was a phone call and less than an hour to get up and running. Implementation was amazingly easy. And the results were immediate. The return is instant; it was a no-brainer. I've got it to the point where, unless remediation is required, I spend 15 minutes a week to review reports from [our] security scans."
Chief Information Security Officer
Objectives
- Ability to constantly monitor security posture, and implement controls to minimize risk of trade interruptions.
- Consistently meet internal policy and regulatory requirements for NYBOT security and its backup trading sites.
- Attain these objectives without any increase in IT security personnel.
Results
- QualysGuard provided an immediate way for NYBOT to implement a comprehensive vulnerability management system.
- QualysGuard helped NYBOT to attain all key security and compliance objectives
Industry:
Financial Services
Headquarters:
London, UK
Locations:
1,400+ locations throughout more than 50 countries
Employees:
60,000+
"Being able to report on remediation and response plans has also helped us meet strict financial compliance requirements. QualysGuard reports give me and my security team an instant overview of the overall level of health of security in my organization."
Group Head of Information Security
Objectives
- An effective way to quickly and efficiently tackle critical security problems in the bank's high risk, high profile environment.
- Develop an effective, global, risk-driven approach to security in their highly distributed enterprise.
Results
- QualysGuard Enterprise provides the bank fast and efficient automated network discovery, patching, and fix verification.
- Effective patch prioritization and easy integration with the bank's existing proprietary security applications.
Industry:
Financial Services
Headquarters:
San Dimas, California
Locations:
1,000+ member/owner credit unions
Employees:
450+
Total Assets:
$24+ billion
"In vulnerability management, it's all about response time. Qualys' remediation agent directly assigns tickets to fix things to my network technicians. The system then tracks those fixes."
Director of Enterprise Security
Objectives
- Move away from time-consuming, manual scans to automated vulnerability assessments.
- Ability to correlate and prioritize vulnerabilities to mitigate risks as soon as possible.
Results
- QualysGuard made it possible for WesCorp to conduct automated, on demand vulnerability scans.
- By correlating QualysGuard's vulnerability information with WesCorp's IT asset values, the financial services cooperative is able to instantly identify and remedy the most critical threats to its infrastructure.
Industry:
Government
Headquarters:
Rijswijk Zh, Zuid-Holland Netherlands
Business
Grants European patents for the contracting states to the European Patent Convention
Locations:
32 European nations, including every member state of the European Union
Employees:
6,500
"We tried a number of approaches to vulnerability scanning. But when we piloted QualysGuard, it just worked. And, because of Qualys' service model, it works with no overhead efforts from us. We don't have to manage a server, vulnerability updates, or any other hassles."
Director of Planning, Security and Inventory
Objectives
- As a result of the deployment of thousands of additional servers within its infrastructure, and the increased exposure of more of its internal IT systems to the Internet, the EPO needed', to find a way to streamline and automate vulnerability management.
- Secure its patent search portal, Esp@cenet, which offers more than 400 million pages of information and 100 different databases, freely available for search over the Internet.
Results
- Daily automated vulnerability assessments, QualysGuard's centralized management, and the correlation of real-time security events with EPO's other security tools provide the EPO with the ability to rapidly identify any risks posed against its systems — and quickly remedy any security concerns.
- QualysGuard's scalability met the demands of the EPO's rapid infrastructure growth.
- QualysGuard provides the low total cost of ownership the EPO sought. Qualys' on-demand architecture offers significant economic advantages with no capital expenditures, extra human resources, or infrastructure to deploy and manage.
Industry:
Government
Headquarters:
Tallahassee, Florida
Locations:
Throughout Florida
Employees:
17,000+
Customers:
17+ million
"With QualysGuard, we gained the ability to automatically scan everything we own for vulnerabilities. And it provides us with a documentation path for all servers including best security practices, vulnerability ranking and patches."
Bureau Chief, Strategic IT
Objectives
- Revamp security policies and procedures to match legal requirements.
- Cost-efficiently improve network security of public health services and personal health data.
- Overcome lack of IT security staffing and distributed operations.
Results
- After a three month analysis of market alternatives, the Florida Department of Health (DOH) selected QualysGuard as its primary way to find vulnerabilities, manage the remediation process, and verify the execution of other automated security processes such as patching.
- The Florida DOH now scans its entire network once a month, and critical systems are scanned daily to ensure they meet all internal security and regulatory mandates.
- QualysGuard's service-based model allows the department to save up to 90 percent of the cost associated with manual, software-based vulnerability management processes.
Industry:
Healthcare
Headquarters:
San Diego, California
Business:
ASH provides complementary health benefits, fitness, and health improvement programs
Size:
National, 13+ million members, Privately held
Employees:
380+
"I've never found any other vulnerability management tool that is as comprehensive as QualysGuard. We never have encountered a situation in which a third-party audit found something QualysGuard didn't."
Senior Director of IT Operations and Information Security Officer
Objectives
- Cost-effectively achieve ongoing IT security and regulatory compliance risk mitigation for its own network.
- Simplify PCI compliance.
- ASH doesn't have a staff dedicated to IT security; as a result, its IT director and system administration team need the most automated way to keep its systems secure and compliant.
Results
- QualysGuard provides the company the ability to centrally manage the risks associated with all of its networked assets, and quickly identify and remedy those that are out of policy, misconfigured, or otherwise vulnerable.
- As a PCI DSS-approved scanning vendor, Qualys makes it straightforward for ASH to conduct its annual self-assessments and quarterly network scans.
- QualysGuard provides ASH's system administrators with a proactive way to protect the company's network throughout the entire vulnerability management life cycle, including asset discovery, asset prioritization, vulnerability assessment and analysis, remediation planning, and fix verification.
Industry:
Healthcare
Headquarters:
Danville, Pennsylvania
Locations:
38 throughout Pennsylvania
Employees:
9,900+
Customers:
2.5+ million
Total Assets:
$1.5+ billion
"QualysGuard reports are an excellent solution for documenting IT security controls and compliance with regulatory requirements. QualysGuard helps us protect the security and integrity of our systems supporting our electronic medical record systems."
Chief Information Security
Objectives
- Protect the security and integrity of EMR accessed online by clinical providers and patients, and comply with HIPAA security regulations.
- Provide and verify security for a complex system of several patient and clinical provider Web portals with more than 435 network applications, 70 of which feed data to the EMR system.
Results
- QualysGuard automatically finds vulnerabilities and documents remediation for its network that supports Geisinger's EMR system.
- QualysGuard proved to save time by automating the processes associated with vulnerability management: from host discovery and vulnerability assessment to fix verification.
Industry:
Insurance
Headquarters:
Paris, France (Parent)
Locations:
Worldwide
Employees:
17,000+
Annual Revenue
$104+ billion
Customers:
17+ million
Stock Symbol
AXA (NYSE)
"QualysGuard is technically the best vulnerability management solution... and epitomizes my vision of the ideal vulnerability management platform."
Global Security Architect
Objectives
- Ability to ensure that public servers are highly secure, patches are up-to-date, and security policy standards are met without exception.
- Maintain operating efficiencies and optimize profitability by deploying cost-saving technologies.
- Accurate vulnerability data with comprehensive reporting.
Results
- QualysGuard Enterprise provides a comprehensive, 360-degree view of AXA's network security.
- A fully automated vulnerability management and workflow system for fast detection and remediation of security risks.
- Dynamic reporting presents immediate visibility of network security posture across the entire organization.
Industry:
Healthcare
Headquarters:
Philadelphia, Pennsylvania
Locations:
Worldwide
Employees:
32,700+
Total Assets:
$44+ billion
Stock Symbol
CI (NYSE)
"Before QualysGuard we had an ad hoc process; Qualys brought much stronger control and visibility into our processes. QualysGuard gives us the ability to detect our vulnerabilities across our network and really ensure that we have the level of security and compliance we need."
Chief Information Protection Officer
Objectives
- Meet diverse regulatory compliance mandates, including: Sarbanes-Oxley, Gramm-Leach-Bliley, the Health Insurance Portability and Accountability Act (HIPAA), and others.
- Ensure all systems are adequately secured, and that compliance controls remain in place.
- Quickly and accurately detect systems not in compliance as well as the ability to take quick corrective actions.
- Eliminate complex, ad-hoc processes for end-to-end vulnerability management.
Results
- QualysGuard enabled CIGNA to streamline control of its entire vulnerability management lifecycle: asset discovery, vulnerability assessments, track security fixes, and meet federal, state, and internal policy regulations.
- Ability to quickly assess its complex infrastructure to make certain that proper security and mitigating controls are always in place.
Industry:
Healthcare
Headquarters:
Netherlands
Employees:
2,300+
Customers:
106+ million
Annual Revenue
$7+ billion
"We have a responsibility to protect the health care information of our customers. With QualysGuard, we know we're doing just that."
ICT System Security Consultant at VGZ-IZA-Trias
Objectives
- VGZ-IZA-Trias sought an easy-to-deploy, highly accurate and automated way to manage and mitigate the vulnerabilities that threaten the security and regulatory compliance of its infrastructure.
- VGZ also needed a vulnerability management solution that would enable the company to scan its infrastructure whenever needed, be up-to-date with the latest security checks, and not prone to time-consuming false positives.
- Make certain VGZ's infrastructure remains compliant with Dutch government health care privacy regulations.
Results
- VGZ-IZA-Trias selected QualysGuard Enterprise to automatically identify and mitigate system vulnerabilities.
- QualysGuard eliminates the need for VGZ to deploy, maintain, and update any vulnerability management software.
- The in-depth remediation information provided from QualysGuard helps VGZ to quickly remedy any uncovered vulnerabilities.
- QualysGuard's 99.997% accuracy rate virtually eliminates all false positives.
Industry:
Manufacturing
Headquarters:
London, UK
Locations:
Worldwide
Employees:
32,000+
Annual Revenue
$11.9+ billion
Stock Symbol
ICI (NYSE)
"If you can't measure security, you can't manage it. Qualys lets me measure and manage my network security. Their reports demonstrate ongoing security improvement in working with IT suppliers."
Director of Global Information Security
Objectives
- Attain a clear and accurate picture of at risk ICI devices.
- Worldwide deployment of network security auditing solution.
- Validate the network security of suppliers and ICI partners. And on demand ability to scan and see results from anywhere.
Results
- QualysGuard worldwide deployment completed within hours.
- ICI can now scan its entire global infrastructure for vulnerabilities at least once a week.
- Automated security audits and remediation workflow across the enterprise.
- Comprehensive documentation of ongoing security audits for management, auditors and government regulators.
Industry:
Manufacturing
Headquarters:
Fairfield, California
Locations:
Worldwide
Employees:
670+
"We don't want the hassles of maintaining this type of software. It's pretty much hands-off to get the benefits with QualysGuard. We have not had any successful attacks since we installed QualysGuard."
Network Administrator and Security Specialist
Objectives
- As Jelly Belly brought many of its Web operations in-house, the company sought a way to enhance its network security capabilities to protect its e-commerce operations. This required its small IT staff to be able to conduct timely and comprehensive security analysis, scanning and remediation.
Results
- QualysGuard provides vulnerability and risk management monitoring for all of its external-facing servers and IT devices including routers, firewall, Web site, and e-mail.
- No need to dedicate staff to keep up with new vulnerabilities or update the on demand QualysGuard solution.
Industry:
Manufacturing
Headquarters:
Paris, France
Locations:
1,084+ restaurants (France)
Employees:
45,000+ (France)
Annual Revenue
$3.5+ billion (France)
Stock Symbol
MCD (NYSE)
"QualysGuard enables us to automate our internal and external vulnerability audits. We get a concise report of how both insiders and outsiders can view our systems, so we always can know how our systems are in compliance with our internal policies as well as regulations."
Manager of IT Infrastructure
Objectives
- McDonald's France, a subsidiary of McDonald's Corp., needed a way to automate its vulnerability assessments to make certain they're in continuous compliance with internal security policies, as well as such regulations as Sarbanes-Oxley and the Payment Card Industry Data Security Standard.
- Needed to automate many of the processes associated with vulnerability risk management: system discovery, vulnerability identification, and remediation.
Results
- McDonald's France turned to QualysGuard's on demand Web service and appliance to automatically identify and more effectively mitigate system vulnerabilities and misconfigurations.
- QualysGuard enables the company to streamline control of its entire vulnerability management life cycle — asset discovery, vulnerability assessment, security fix tracking — and meet federal, state and internal policy regulations.
- QualysGuard now plays a vital role in McDonald's France regulatory compliance efforts, helping the company to not only achieve security, but also to demonstrate to auditors how its system patches are always well maintained.
Industry:
Not-For-Profit
Headquarters:
Washington, DC
Business
Leading animal protection non-profit that fights for the protection of animal rights through advocacy, education, legislative, and hands-on programs.
Size
The nation's largest animal protection organization with 10+ million members and constituents.
"By turning to QualysGuard PCI, we significantly save on the time and resources we need to dedicate to maintaining PCI Compliance."
Chief Information Officer
Objectives
- While the Humane Society had maintained a secure network, it was a costly and time-consuming process to continuously maintain PCI compliance.
- Needed a streamlined way to complete the required PCI DSS questionnaires and network vulnerability audits, and validate compliance to its acquiring banks.
Results
- QualysGuard PCI helps the Humane Society to automatically validate its PCI DSS compliance.
- QualysGuard helps the Humane Society protect its member and contributor information.
- The Humane Society is now able to quickly complete PCI DSS "Self-Assessment Questionnaires" via QualysGuard.
- QualysGuard allows the Humane Society to document and submit proof of compliance to acquiring banks.
Industry:
Publishing/Media
Headquarters:
Chicago, Illinois
Locations:
Worldwide
Employees:
60,000+
Annual Revenue
$11+ billion
Stock Symbol
RRD (NYSE)
"We really liked the simplicity of self-service that Qualys' on-demand model provides. All other solutions required self-installation of separate scanning servers, buying a SQL license, getting the database administrator and server people involved, and other overhead. With Qualys, we just installed one appliance and turned it on."
Director of Technology Services
Objectives
- Comprehensive vulnerability assessments were thwarted by complex applications, limited staffing and distributed operations.
- RR Donnelley sought a way to transform vulnerability management from being haphazard and reactive into regular, systematic evaluations of enterprise security.
Results
- QualysGuard provides a cost-efficient way for RR Donnelley to manage its network security risks.
- QualysGuard makes it possible for the company to conduct on demand vulnerability assessments throughout its global network.
- Every business unit immediately put the vulnerability management service to work without requiring more internal resources.
Industry:
Financial Services
Headquarters:
Swindon, United Kingdom
Business
Arval, a subsidiary of BNP Paribas, provides vehicle fleet financing and long-term contract hire
Size
5,500 employees
Locations:
30 countries, primarily throughout Europe
"While Qualys allows us to define our problems more clearly, the solution also enables us to focus our forces on resolving them (via incident and problem management) and anticipate conformity by providing the permanent audit unit with the indicators required in line with new legislation."
Corporate Information Security Officer
Objectives
- Streamline manual vulnerability analysis into an automated, seamless process that supports Arval's ITIL best practices and ISO 27001 framework.
- Enable Arval's security managers, working with limited resources and tight budgets, and rising regulatory constraints, to more effectively manage IT security and regulatory compliance risks.
Results
- QualysGuard provides automated and highly accurate vulnerability identification, while also integrating tightly within Arval's ITIL and ISO 27001 management practices.
- QualysGuard continuously assesses the security of Arval's internal, and externally-facing IT systems and has proven to scale along with Arval's rapid business expansion.
- QualysGuard provides Arval the ability to better discover and manage all of its networked devices - desktops, servers, routers, and more - to create detailed reports that are used by all levels of administrators and business leaders.
- QualysGuard has helped Arval to more proactively monitor and manage its internal auditing and compliance efforts.
Industry:
IT Security Services
Headquarters:
San Mateo, California
Business:
Security assessments, consulting, and certification for retail organizations with credit card-based sales
Size:
U.S. and international customers
"QualysGuard is a very valuable tool and a perfect fit for financial security certifications."
Managing Director
Objectives
- Find a cost-efficient way to conduct remote vulnerability management.
- Find an easy-to-use solution for clients without deep technical expertise.
- Implement an affordable vulnerability management solution.
Results
- QualysGuard proved to be the effective, cost-efficient solution.
- Enables provisioning of ongoing value-added security services to its customers.
- Easy to understand and use, and supports credit card security standards.
Industry:
IT Security Services
Headquarters:
Columbus, Ohio
Business:
Security assessments and consulting for small to medium-sized businesses and state agencies
Size:
Statewide. Five consultants.
"The reporting is so clean with Qualys that I don't need a high-dollar consultant explaining data to the customer. This boosts our margins and makes everyone happy."
CEO and Principal Consultant
Objectives
- Required a more reliable up-to-date vulnerability management tool that would free consultants.
- Prior software-based solutions were time-consuming and created enormous financial burdens to maintain and use.
- Sought an affordable vulnerability management solution.
Results
- QualysGuard proved to be the effective, cost-efficient solution.
- Jacadis can deliver security to small organizations without on-staff technical expertise.
- Jacadis has improved the security services it delivers to its clients and improved the efficiency of its consulting operations.
Industry:
IT Security Services
Headquarters:
Jericho, New York
Business:
Risk management assurance and advisory services
Locations:
Throughout US
"I couldn't compete with the larger IT consulting firms without QualysGuard."
Founder and Principal
Objectives
- Find an easy-to-use and accurate way to manage vulnerabilities for the firm's financial services customers.
- Prior software-based solutions were-time consuming and created enormous financial burdens to maintain and use.
- Sought an affordable vulnerability management solution.
Results
- QualysGuard enables Joel Lanz to provide clients highly accurate and thorough security assessments.
- Ease of identifying client network assets and vulnerabilities through Qualys' on demand architecture.
- Cost-effective.
- Comprehensive and customizable reporting features.
Industry:
IT Security Services
Headquarters:
Lubbock, Texas
Business:
Audits the Internet security of federally insured deposit institutions for proof of regulatory compliance and board fiduciary responsibilities
Locations:
National
"I use Qualys as the foundation of my Internet security testing service."
Principal Auditor
Objectives
- Required a faster, more cost-efficient way to independently audit the Internet security of federally insured deposit institutions.
- Needed to replace a software-based solution that was unreliable, always out-of-date, time-consuming, and complicated to use with clients in 39 states.
Results
- QualysGuard enables independent audits with reliable, comprehensive, and easy to use interface.
- Easy to use for a "non technical" auditor.
- Dramatically cut costs of doing independent audits cost-effectively.
- Always up-to-date with current vulnerabilities.
Industry:
Food Management Services
Headquarters:
France
Business:
Global market leader in food and management services
Locations:
Worldwide
Employees:
313,000+ employees in 76+ countries
Annual Revenue:
$16.4+ billion (2006)
"QualysGuard combines technical functionality, ease of use and a good ROI. In less than one year, Sodexho has decreased its vulnerabilities by 40 percent."
Global Security Chief Officer
Objectives
- Gain greater insight into network topology, system configurations, and level of overall security.
- Attain a centralized vulnerability management program, with proactive autonomy throughout various subsidiaries.
Results
- QualysGuard made it possible for Sodexho to attain consistent levels of security throughout the enterprise, while also preserving its decentralized management hierarchy.
- Effective, accurate, on-demand vulnerability management that's easy to use and requires no infrastructure to deploy.
- Independent audits with reliable, comprehensive, and easy to use interface.
- Reporting provides both security and business managers with security information tailored to their specific needs and job functions.
Industry:
Technology
Headquarters:
San Jose, California
Locations:
Worldwide
Major Brands
eBay, Skype, PayPal, Shopping.com, Rent.com
Employees:
13,000+
Annual Revenue
$5.9+ billion
Stock Symbol
EBAY (NASD)
"QualysGuard has made the job of auditing our network much easier. We used to have to dig through results and do a lot of manual analysis to get meaningful reports, and those were inconsistent. Qualys takes care of that nightmare."
Senior Manager, Information Security
Objectives
- Reliable identification of network vulnerabilities across global network.
- A practical way to audit the network security of business partners and to help those partners quickly remediate vulnerabilities and eliminate risks.
- Rollout an automated solution that would find the most recent vulnerabilities without requiring constant and time-consuming staff research.
- Provide senior management the ability to audit and review security posture at any time.
Results
- After a careful market evaluation, eBay selected QualysGuard Enterprise for both perimeter scanning and the auditing of vulnerabilities on network segments within the corporate firewall, and on partner networks.
- eBay now has a default vulnerability management standard to evaluate security throughout both eBay's network and partner networks.
- Simplified reporting gives senior executives a concise, real-time view into the company's security risks. QualysGuard facilitates measuring the change in those risks as security measures are implemented.
Industry:
Technology
Headquarters:
Redwood City, California
Business
Enterprise software and services, including Oracle Database and Grid, Middleware, On Demand services, and enterprise applications
Employees:
56,000+
Annual Revenue
$14.3+ billion
Stock Symbol
ORCL (NASD)
"QualysGuard's easy-to-use and intuitive web interface, and granular access controls combined with Qualys' no cost training, enabled Oracle GIT Security to extend the vulnerability assessments, as a self-service, to other security organizations within the company. It allows us to accelerate rollout of the scans, improved security awareness without increasing headcount, or risk to the assets and data."
Senior Manager, Oracle's GIT Security Engineering Team
Objectives
- Put into place a vulnerability management solution that would scale to meet its global operations.
- Find most accurate and secure way to identify and fix IT vulnerabilities.
- The vulnerability management solution must provide a highly secure way to store Oracle's vulnerability information to meet its internal security policy and customer security and confidentiality agreements.
Results
- QualysGuard Enterprise provides a solution that would scale to meet Oracle's global operations, and provide the automated, on-demand security and vulnerability audits the company sought.
- Accurate vulnerability and configuration scans, according to Oracle's in-house testing.
- QualysGuard@Customer scales to millions of scans per month, and provides Oracle assurance that vulnerability information remains confidential.
- QualysGuard's PCI DSS capabilities mean that Oracle can conduct compliance scans for its internal hosting operations.
Industry:
Technology
Headquarters:
Bozeman, Montana
Employees:
500+
Annual Revenue
$110+ million
Stock Symbol
RNOW (NASD)
"Qualys' on-demand delivery model is a key differentiator. There was no integration, and the installation was painless. It's why we were able to get up and running in a couple of hours."
Chief Information Security Officer
Objectives
- RightNow's customers (many in highly regulated industries) were increasingly asking all of their vendors to prove their IT security due diligence.
- Automated, accurate, process-oriented detection of security risks.
- Detailed vulnerability and risk management reporting.
Results
- QualysGuard Enterprise provided the complete 360-degree cycle of discovery, remediation, tracking, and reporting that the company sought - all in a single service.
- Comprehensive reports deliver quantifiable proof of security levels and effectiveness of risk-reduction program.
Industry:
Technology
Headquarters:
Cary, North Carolina
Business
Leader in business intelligence and analytics software helps companies in every industry transform their data into predictive insights about company performance, customers, markets, risks and more.
Locations:
Worldwide
Employees:
10,000+
Annual Revenue
$1.9+ billion
"The quality of our vulnerability reports is just phenomenal now. QualysGuard, through its well documented API, gives us the ability to include anything we need in our reports. There hasn't been a report that we wanted to build that we couldn't easily create."
Network Security Engineer, Systems and Information Security
Objectives
- To fully automate and simplify its vulnerability management processes for its global Internet-facing operations.
- SAS' previous vulnerability scanner failed to provide the level of accuracy and reporting capabilities the company sought.
- Network audits were very time-consuming, with security managers having to manually research the false positives and correlate the real risk of vulnerabilities.
Results
- QualysGuard helped SAS to centrally manage the risks associated with all of their network assets, and quickly identify those that could be at risk.
- QualysGuard enables IT assets to be custom tagged for enhanced classification levels - simplifying the management of networked devices, grouping them by specific business units so actionable reports can be generated.
- Automated approach to vulnerability management has increased SAS' security team's ability to understand its risk posture and reduced costs by eliminating the need for outside consulting audits.
Industry:
Technology
Headquarters:
Santa Clara, California
Locations:
Worldwide
Employees:
2,500+
Annual Revenue
$380 million
Stock Symbol
WEBX (NASD)
"We don't ever have to spend time keeping the Qualys appliance ready and online. It's just stable, reliable, and always there. QualysGuard is a very good example of a product that we've been able to deploy and rely upon, and not have to worry about being its architects."
Manager of Security Engineering and Operations
Objectives
- Maintain an effective vulnerability management program to ensure continuous security and maintain various third-party security certifications and audit reports, including WebTrust and SAS-70.
- Replace manual process using vulnerability scanners due to lack of reliability and flexibility required for WebEx's IT risk management program.
Results
- WebEx selected QualysGuard's on-demand Web service and internal scanners to automatically identify and more effectively mitigate vulnerabilities.
- QualysGuard delivers comprehensive reports for various executive and technical groups within WebEx for ongoing security measurement.
- WebEx has reduced network security risks and improved its overall vulnerability management process.
