NASDAQ-listed cybersecurity firm Qualys has opted to make its IT asset discovery tool free – and says it saw 700+ downloads on day one in early vindication of an adoption play that it will leverage commercially by offering additional premium services.
The company has also won backing from the Cloud Security Alliance (of which it is a founding member), whose CEO Jim Reavis praised the application’s ability to deliver “100 percent, near real-time visibility across global hybrid environments” and said he recommends the “philosophy” to the alliance’s 95,000+ members.
Qualys CEO Philippe Courtot told Computer Business Review: “Identifying assets is the cornerstone of security hygiene: you cannot secure what you don’t know.”
He added: “When we founded Qualys in 1999 we were one of the first companies to offer security as a SaaS. At the time security people were very leery of the cloud: IT people thought we’re taking their jobs away; security people thought we’re taking their data away. But we knew that architecture was the technology of the future.
“We’ve since built a formidable platform that integrates a lot of tools and gives deep visibility across architectures: there’s 12 apps native on the cloud platform; patch management, visibility across containers, APIs, IT/OT environments. It can plug into your SIEM, let you know which S3 buckets are public… It’s something very much needed: very few companies know what they have on their network.”
While there is no shortage of IT asset discovery tools on the market, including some open source flavours, Courtot claims that none have the breadth and reach of what his company is now providing; it identifies not just on-premise devices and applications, but clouds, containers, OT and IoT applications and devices.
Qualys, taking a leaf from a common open source freemium strategy, is rolling out the IT Asset Inventory solution with additional paid-for services that include the ability to identify and flag up hardware and software product release dates, end-of-life dates, license categories, and more so that managers can flag up unauthorized software, outdated hardware or end-of-life software with all of its attendant security risks.
“Most people think that the network is a static event,” said Christopher Kissel, research director, security products at IDC. “However, with new types of devices, transient workloads, contract and guest participation, the network is in fact fluid. At any given time, 15-20 percent of the network is unseen or unmanaged. Qualys created Global IT Asset Discovery and Inventory to address this dynamic, and it is a logical extension of what Qualys does well in device vulnerability assessment. That Global IT Asset Discovery and Inventory is offered as a free service is a great plus.”
The release came as the company announced its Q2 earnings. It reported 24 million “Cloud Agent” subscriptions and and 16 percent rise in revenues to $78 million, along with new customers including Bayer AG, Bloomberg L.P. and the City of Atlanta.