Qualys makes major push for cloud security at Black Hat

Phillipe Courtot, chief executive of Qualys, has been singing the praises of cloud-based security for more than a decade. Now the topic is fashionable and generating a $65 million a year for his company, and Qualys announced some upgrades to its cloud security platform this week at the Black Hat security conference in Las Vegas.

Among the new offerings are an enhanced version of QualysGuard consulting edition that will allow consultants to perform security audits of companies more efficiently and cost effectively.

The QualysGuard Web Application Scanning 2.0 product will be available starting Aug. 30. The product, which has been in beta testing for the past six months, lets organizations use the cloud to catalog, scan, and discover large numbers of web applications. The new product is much more automated than the past one and has a lower rate of false positives, or detecting a problem where none really exists.

“At first, people didn’t believe cloud security would work,” Courtot said. “Now we have thousands of customers and we’re growing 50 percent a year.”

The platform also has an improved user interface and functions as a software-as-a-service (SaaS) cloud platform. The user interface has more dashboards, menus and filters to get to important data quickly. Users can get to the user interface through a single web portal.

The product allows companies to proactively secure their web apps. That’s important because malware writers often find vulnerabilities in the apps and inject malware into them, subjecting consumers who use the apps to malware. Constant automated scanning can protect against these rogue threats, Courtot said in an interview.

If any web applications disclose sensitive data, Qualys can detect them and alert security personnel.

“Companies are moving their apps to the cloud and web security is now a major target,” Courtot said. “The only way to deal with this is automated detection. We can do this seamlessly.”

QualysGuard WAS 2.0 is available on a subscription basis based on the number of web apps scanned. QualysGuard is already used by 5,500 organizations in 85 countries, including 45 companies in the Fortune 100. It performs more than 500 million internet protocol audits per year. Qualys has strategic agreements with BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, Dell SecureWorks, Symantec, Tata Communications and TELUS.

With the new consulting edition, consultants can now quickly set up vScanners on their laptops or at client sites to initiate audits. Qualys says it only gets a few errors per million scans these days. The QualysGuard Consultant Edition costs $2,495 a year. The company expects to generate more than $75 million in recurring revenue this year. Courtot said the company is profitable and has been for three years. Qualys has 271 employees.