Qualys on Feb. 13 announced a new on-site vulnerability management and policy compliance service: Qualys @Customer.
The new service allows Qualys customers to host installations of the QualysGuard vulnerability management service and retain local control of security data.
The news comes as Qualys makes plans for a major expansion of its SAAS (software as a service) offerings and lays the groundwork for an on-demand SIM (security information management) product by 2007, according to Philippe Courtot, chairman and CEO of Qualys in Redwood Shores, Calif.
The new @Customer service is a rack-mounted SOC (secure operations center) with QualysGuard, in addition to redundant databases, a router, Web application server, load balancer and VPN.
The rack-mounted SOC is intended as a scalable secure offering for vulnerability management, as well as risk assessment and policy compliance that can be delivered and deployed quickly for a price that starts at $100,000, said Courtot.
The new service was designed for service providers, large enterprises and other customers that cannot send security data off-site because of regulatory or contractual obligations, said Courtot.
Faritech PTY Ltd. in Johannesburg, South Africa, plans to use the new @Customer service to manage vulnerability data on behalf of the South African government, said Logan Hill, manager of security services business development at Faritech in Capetown, South Africa.
The @Customer product will help Faritec do IT asset discovery and vulnerability management for around 600 government departments and 100,000 IP addresses.
The on-site service also allows Faritec to comply with a federal data retention regulations and a South African law that prohibits so-called “critical assets” from leaving the country, Hill said.
The @Customer service also allows Faritec employees to manage vulnerability scans and other tasks across all 600 departments centrally, and from Faritecs SOC, Hill said.
Oracle is another company that is using the new service to manage customers vulnerability data.
Securing the data onsite enabled Oracle to closely manage control over and access to customer data and monitor SLAs (service level agreements), Courtot said.
The @Customer service is a departure for Qualys, which is one of the only security vendors with a purely on-demand software model.
However, Courtot said @Customer is not a sign that Qualys is abandoning the SAAS model.
To the contrary, the company is planning to expand its on-demand software offerings this year, introducing new modules for risk management, policy compliance and asset management, Courtot said.
The company is also redesigning the management interface for its products, using the popular AJAX development language to spruce up QualysGuards graphic user interface.
For 2007, the company plans to launch a full-blown SIM solution for small enterprises, he said.