New Release Raises the Bar in Terms of Ease of Use and Automation of PCI Compliance Tasks

September 3, 2010

4 Min Read


Redwood Shores, Calif., - September 1, 2010 - Qualys', Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced QualysGuard PCI 5.0, giving customers a simplified way to meet the latest Payment Card Industry Data Security Standard (PCI DSS) compliance requirements. It includes updates following new Approved Scanning Vendor (ASV) requirements released in March 2010, and a simplified user interface (UI) with workflows – helping customers easily and accurately detect security vulnerabilities, and efficiently remediate issues for PCI compliance.

Built on the same highly accurate scanning infrastructure as QualysGuard Vulnerability Management (VM), QualysGuard PCI is the leading PCI compliance solution used by 68 percent of all ASVs and 46 percent of Qualified Security Assessors (QSAs) to help merchants with PCI DSS certification and validation. QualysGuard PCI 5.0 streamlines the process with a new easy-to-follow wizard-driven UI guiding customers through answering the Self-Assessment Questionnaire (SAQ), running compliance scans, remediating network and web application vulnerabilities, and documenting proof of compliance for online submission to acquiring banks.

New QualysGuard PCI 5.0 features include:

* Dashboard Homepage. The new home page is a starting hub for all the important workflows like asset wizard, SAQ wizard or starting a scan. It instantly provides users with the status of compliance, including percentage of hosts that pass and counts of high, medium and low vulnerabilities. * Asset Scoping Wizard. A new workflow has been added to walk customers through the process of identifying IPs and domains that are in scope for PCI compliance. * Compliance Wizard. Customers are required to work with ASVs to confirm on a quarterly basis that reports adhere to PCI DSS requirements for scoping, false positive documentation and scan completeness. The new compliance wizard helps customers through each step of the process in an informative manner, presenting what the user needs to complete to generate the compliance report, including special notes, the consolidated action plan and filling out the mandatory merchant attestation. * Interactive Reports. The ASV scan report now includes a new format with additional content, revised scoring terminology (High, Medium and Low), and sections for attestations. The report is fully interactive as it highlights confirmed and potential vulnerabilities, with sliding panels for detailed information and quick filters to search and sort on various criteria instantly. * False Positives Reporting. Approved false positives must be revalidated by the ASVs on a quarterly basis. New workflows now provide an easy-to-use interface to identify these false positives and resubmit them for approval every 90 days.

“Customers continue to face more PCI compliance requirements that could increase their scope and complexity,” said Avivah Litan, VP and distinguished analyst, Gartner Inc. “Continuous automated monitoring and audit related processing will help keep organizations PCI compliant by reducing the number of errors introduced by humans and lax business practices.”

“With the growing number of financial transactions on the Internet and increasing attempts to steal credit card data, achieving PCI DSS compliance has become vital to ensure the protection of credit card data,” said Philippe Courtot, chairman and CEO, Qualys. “However, it can be a challenging task as the PCI Standards Security Council continues to add new requirements to address the new attacks. This new release raises the bar in terms of ease of use and interactivity while fully supporting the new PCI DSS requirements.”

Pricing and Availability QualysGuard PCI 5.0 is now available in production. Qualys is also an Approved Scanning Vendor. More information and a live demonstration about this release are available on the Qualys Community at:

For pricing and more information, visit About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard' service is used today by more than 4,000 organizations in 85 countries, including 42 of the Fortune Global 100 and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit ###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights