From keeping threats out to keeping data in

Qualys scans networks for holes in their defenses. Now it's looking to help companies comply with law by stopping leaks.

Michael Kanellos Staff Writer, CNET News.com

Michael Kanellos is editor at large at CNET News.com, where he covers hardware, research and development, start-ups and the tech industry overseas.

See full bio

Michael Kanellos

June 18, 2004 4:02 p.m. PT

2 min read

Qualys, which sells a service that tests network vulnerabilities, is tinkering with ways to expand into regulatory work or even network repair.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The Mountain View, Calif.-based company's strategy reflects a larger trend of expansion for security companies. Qualys' servers scan corporate networks for potential security cracks. Qualys then provides a report to customers so that they can repair the flaws. Approximately 90 percent of its 1,400 customers request a scan every two weeks; 60 percent ask for a scan every week.

"We simulate thousands of hackers," CEO Philippe Courtot told CNET News.com in an interview this week. "You can take a picture of the network from outside, and then send a report."

The idea now is to use the same basic technology to insulate companies from inadvertent disclosures punishable under the Sarbanes-Oxley or the Health Insurance Portability and Accountability (HIPAA) Acts. Under these laws, corporations can be held liable for the inadvertent release of private information. The company sketched its plans to move in this direction earlier this year and has been signing up partners to market the new services.

Courtot also said Qualys is considering entering the market for repairing the flaws that its service uncovers, which he termed a natural extension of the company's existing work.

Expansion is one of the dominant themes of the security industry at the moment. Most companies came into the industry concentrating on one or two aspects of security, such as virus protection. The changing nature of threats, however, has prompted Symantec and several others to begin to provide a wider variety of ongoing assessment and prevention services.

Qualys has already expanded into hardware, selling its scanning server to customers like DuPont and eBay. These companies then install the scanner on their own network so that they can test the vulnerability of their regional offices or suppliers.

The results of these scans are then forwarded to Qualys and are included as part of an overall security report, Courtot said.