Qualys Unveils Policy Audit with Enhanced Efficiency for Continuous Audit Readiness
Qualys (NASDAQ: QLYS) has announced Policy Audit, an enhancement to its policy compliance solution, designed to streamline audit processes and ensure continuous compliance readiness. The update focuses on automating evidence collection and prioritizing risk-based remediation.
Key features include:
- Coverage across 450 technologies, 1,000+ out-of-the-box policies, and 90+ frameworks
- Automated mapping to frameworks like PCI DSS 4.0, DORA, NIST, CMMC, and FedRAMP
- Reduction in audit failure rates by up to 95%
- Cost reduction of audit processes by 50%
Additionally, Qualys introduced Audit Fix, an optional feature that proactively repairs audit findings using pre-defined scripts and golden policies integrated into CI/CD pipelines. The Policy Audit solution will be available in Q2.
Qualys (NASDAQ: QLYS) ha annunciato Policy Audit, un miglioramento della sua soluzione di conformità alle policy, progettato per semplificare i processi di audit e garantire una preparazione continua alla conformità. L'aggiornamento si concentra sull'automazione della raccolta delle evidenze e sulla priorizzazione delle azioni correttive basate sul rischio.
Le caratteristiche principali includono:
- Copertura di 450 tecnologie, oltre 1.000 policy predefinite e più di 90 framework
- Mappatura automatica a framework come PCI DSS 4.0, DORA, NIST, CMMC e FedRAMP
- Riduzione dei tassi di fallimento degli audit fino al 95%
- Riduzione dei costi dei processi di audit del 50%
Inoltre, Qualys ha introdotto Audit Fix, una funzionalità opzionale che ripara proattivamente i risultati degli audit utilizzando script predefiniti e policy di riferimento integrate nelle pipeline CI/CD. La soluzione Policy Audit sarà disponibile nel secondo trimestre.
Qualys (NASDAQ: QLYS) ha anunciado Policy Audit, una mejora de su solución de cumplimiento de políticas, diseñada para agilizar los procesos de auditoría y garantizar una preparación continua para el cumplimiento. La actualización se centra en automatizar la recopilación de evidencias y priorizar la remediación basada en riesgos.
Las características clave incluyen:
- Cobertura de 450 tecnologías, más de 1,000 políticas predefinidas y más de 90 marcos regulatorios
- Mapeo automático a marcos como PCI DSS 4.0, DORA, NIST, CMMC y FedRAMP
- Reducción de las tasas de fallos en auditorías hasta en un 95%
- Reducción del 50% en los costos de los procesos de auditoría
Además, Qualys ha introducido Audit Fix, una función opcional que repara proactivamente los hallazgos de auditoría utilizando scripts predefinidos y políticas estándar integradas en las tuberías CI/CD. La solución Policy Audit estará disponible en el segundo trimestre.
Qualys (NASDAQ: QLYS)는 감사 프로세스를 간소화하고 지속적인 준수 준비 상태를 보장하도록 설계된 정책 준수 솔루션의 향상된 기능인 Policy Audit을 발표했습니다. 이번 업데이트는 증거 수집 자동화와 위험 기반 수정 우선순위 지정에 중점을 두고 있습니다.
주요 기능은 다음과 같습니다:
- 450개 기술, 1,000개 이상의 기본 제공 정책, 90개 이상의 프레임워크 지원
- PCI DSS 4.0, DORA, NIST, CMMC, FedRAMP와 같은 프레임워크에 대한 자동 매핑
- 감사 실패율 최대 95% 감소
- 감사 프로세스 비용 50% 절감
또한 Qualys는 Audit Fix라는 선택적 기능을 도입하여 미리 정의된 스크립트와 골든 정책을 CI/CD 파이프라인에 통합하여 감사 결과를 적극적으로 수정합니다. Policy Audit 솔루션은 2분기에 출시될 예정입니다.
Qualys (NASDAQ : QLYS) a annoncé Policy Audit, une amélioration de sa solution de conformité aux politiques, conçue pour simplifier les processus d'audit et garantir une préparation continue à la conformité. Cette mise à jour met l'accent sur l'automatisation de la collecte des preuves et la priorisation des corrections basées sur les risques.
Les principales fonctionnalités incluent :
- Couverture de 450 technologies, plus de 1 000 politiques prêtes à l'emploi et plus de 90 cadres réglementaires
- Cartographie automatisée vers des cadres tels que PCI DSS 4.0, DORA, NIST, CMMC et FedRAMP
- Réduction des taux d'échec des audits jusqu'à 95 %
- Réduction des coûts des processus d'audit de 50 %
De plus, Qualys a introduit Audit Fix, une fonctionnalité optionnelle qui corrige de manière proactive les résultats d'audit en utilisant des scripts prédéfinis et des politiques de référence intégrées dans les pipelines CI/CD. La solution Policy Audit sera disponible au deuxième trimestre.
Qualys (NASDAQ: QLYS) hat Policy Audit angekündigt, eine Erweiterung seiner Lösung zur Richtlinienkonformität, die darauf abzielt, Audit-Prozesse zu optimieren und eine kontinuierliche Compliance-Bereitschaft sicherzustellen. Das Update konzentriert sich auf die Automatisierung der Beweissammlung und die Priorisierung risikobasierter Korrekturmaßnahmen.
Wichtige Funktionen umfassen:
- Abdeckung von 450 Technologien, über 1.000 vorgefertigten Richtlinien und mehr als 90 Frameworks
- Automatisches Mapping zu Frameworks wie PCI DSS 4.0, DORA, NIST, CMMC und FedRAMP
- Reduzierung der Audit-Ausfallraten um bis zu 95%
- Kostensenkung der Audit-Prozesse um 50%
Zusätzlich hat Qualys Audit Fix eingeführt, eine optionale Funktion, die Audit-Feststellungen proaktiv mithilfe vordefinierter Skripte und Gold-Standards, die in CI/CD-Pipelines integriert sind, behebt. Die Policy Audit-Lösung wird im zweiten Quartal verfügbar sein.
- Reduces audit failure rates by up to 95%
- Cuts audit costs by 50%
- Expands technology coverage to 450 platforms with 1000+ out-of-the-box policies
- Introduces new revenue stream with optional Audit Fix feature
- Product not immediately available (Q2 release date)
- Audit Fix requires additional purchase as optional feature
Insights
Qualys' Policy Audit enhances compliance management with automation that could strengthen recurring revenue and competitive positioning in a growing regulatory market.
Qualys' new Policy Audit enhancement represents a strategic expansion of their compliance capabilities at a time when regulatory burden is intensifying. The company cites that nearly 70% of service organizations now must comply with six or more regulatory frameworks – creating a significant market opportunity for automated solutions.
The product's technical capabilities are impressive, covering 450 technologies, 1,000+ out-of-box policies, and 90+ compliance frameworks including recent additions like PCI DSS 4.0 and DORA. This extensive coverage creates substantial barriers to entry for competitors while deepening Qualys' ecosystem entrenchment with existing customers.
What's particularly valuable is the integration with Qualys TruRisk for risk-based prioritization and the automated ITSM workflows that connect previously siloed teams. These efficiency features directly address the acute staffing shortages and budget constraints plaguing security teams.
The claimed 50% reduction in audit costs and 95% reduction in audit failure rates would translate to compelling ROI metrics for customers if achievable. The Q2 availability timing means this enhancement could contribute to revenue growth in the current fiscal year, particularly through upsell opportunities within their existing customer base.
The addition of the optional Audit Fix capability creates a natural expansion path for customers, potentially increasing average contract values through this complementary offering that extends the core functionality with proactive remediation capabilities.
Qualys' Policy Audit addresses critical compliance pain points with automation that reduces risk exposure while creating new upsell opportunities.
The timing of this Policy Audit release is strategically significant as organizations face an increasingly complex regulatory landscape. Compliance automation has become essential rather than optional, particularly as frameworks like DORA, CMMC, and updated PCI DSS 4.0 impose more stringent requirements.
The continuous evidence collection capability directly addresses a fundamental challenge in compliance management – the resource-intensive nature of audit preparation and the error-prone process of manual evidence gathering. By automating this process, Qualys is attacking the highest-cost component of compliance programs.
The real differentiator appears to be the risk-based prioritization approach. Rather than treating all compliance failures equally, the solution identifies which misconfigurations present the greatest actual risk based on business impact, asset value, and threat exposure. This alignment of compliance with security outcomes represents the maturing approach regulators themselves are increasingly demanding.
The inclusion of pre-mapped mandates across 90+ frameworks is particularly valuable as regulators increasingly harmonize requirements – allowing evidence collected once to satisfy multiple mandates simultaneously. This multiplier effect significantly enhances the solution's value proposition.
The testimonial from UIDAI (India's massive digital identity program) provides credibility from an organization managing exceptionally sensitive data at scale. The endorsement from an entity responsible for protecting biometric data of over a billion citizens carries substantial weight in validating the solution's capabilities.
Enhancements streamline evidence collection, prioritize risk-based remediation, and ensure continuous audit readiness, helping organizations reduce compliance costs and regulatory exposure
Enterprises are grappling with an increasing compliance burden, with nearly
"Integrating Qualys Policy Audit into our workflows has transformed how we manage compliance. The seamless collaboration between teams, combined with real-time visibility across multiple mandates, has streamlined our operations and enabled proactive risk management. It's a game-changer for audit readiness," noted Sandeep Khanna, CISO at UIDAI (Unique Identification Authority of
Qualys Policy Audit helps organizations avoid security breaches and audit failures by automatically mapping evidence to frameworks like PCI DSS 4.0, DORA, NIST, CMMC and FedRAMP. It includes comprehensive coverage across 450 technologies, over 1,000 out-of-the-box policies and more than 90 frameworks, ensuring continuous compliance and audit readiness while minimizing the risk of audit failures. Policy Audit delivers:
- Continuous Audit Readiness: Policy Compliance automates continuous evidence collection, minimizes human error, and helps monitor audit gaps with a real-time view of organizations' compliance posture. By reducing audit failure rate by up to
95% , it helps organizations proactively mitigate the risk of fines and penalties, and ensures they are always audit ready. - Reduced Risk Exposure: Policy Audit leverages Qualys TruRisk to automatically map compliance and data privacy risks. It also identifies and prioritizes critical misconfigurations based on business impact and asset and threat exposure to show which failures matter most, where they're most widespread, and how they impact multiple mandates. This enables organizations to prioritize fixes based on risk.
- Streamlined Audit Operations: Automated ITSM workflows bridge siloed teams, ensuring the correct information reaches the right people quickly. Seamless integration with GRC tools enhances visibility and streamlines compliance tracking and risk management, while automated remediation workflows speed remediation efforts and reduce breach exposure.
- Audit-Ready Reporting: Multiple reports are automatically generated from a single data collection, leveraging 90+ pre-mapped mandates to easily monitor compliance trends risk levels and mandate adherence. These customizable audit-ready reports for executives and stakeholders streamline on-demand audits and ensure compliance and reduce audit costs by
50% .
"Organizations are facing a growing number of mandates, and audit readiness is more critical than ever. Yet many struggle with complex regulations, limited staff, tight budgets, and manual processes—making compliance costly and error-prone," said Sumedh Thakar, president and CEO of Qualys. "Policy Audit transforms audits from a source of stress into a streamlined, automated process that empowers teams to do more while keeping the organization continuously audit ready."
Introducing Audit Fix
To further mitigate breach exposure, Qualys is also introducing Audit Fix as an optional but powerful addition to Policy Audit. Audit Fix allows users to proactively repair audit findings before they escalate into compliance issues using a library of pre-defined, out-of-the-box scripts and golden policies that integrate into CI/CD pipelines. Customizable remediation workflows integrated into Policy Audit help to significantly reduce breach exposure and accelerate continuous compliance.
Availability
Qualys Policy Audit will be available in Q2. For a 30-day trial, visit qualys.com/forms/policy-audit or to learn more, read our blog, "Qualys Policy Audit, the New Standard for Audit Readiness", or attend our Policy Audit webinar.
Additional Resources
- Read our blog post, "Qualys Policy Audit, the New Standard for Audit Readiness"
- Watch the Policy Audit video
- Sign up for a free trial of Qualys Policy Audit
- Follow Qualys on LinkedIn and X
About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.
The Qualys Enterprise TruRisk Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Oracle Cloud Infrastructure, Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com.
* Shnider, A. Compliance Digital Transformation Report, Coalfire. Available at: https://coalfire.com/insights/resources/reports/compliance-in-the-era-of-digital-transformation-fr.
Qualys, Qualys VMDR®, Qualys TruRisk and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
Media Contact:
Rachel Yap Winship
Qualys
Media@Qualys.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/qualys-unveils-policy-audit-with-enhanced-efficiency-for-continuous-audit-readiness-302436834.html
SOURCE Qualys, Inc.
FAQ
What are the key benefits of Qualys Policy Audit for compliance management?
When will Qualys (QLYS) Policy Audit be available to customers?
How does Qualys Policy Audit address regulatory compliance challenges?
What is the new Audit Fix feature in Qualys Policy Audit?
