How’s this for a nightmare scenario: The CEO or CFO gets his hands on a Web-based network vulnerability assessment tool he can use from the browser on his desk to make sure you have everything properly buckled down.Philippe Courtot, chairman and CEO of Qualys, trots that out as a scare tactic, essentially saying his tool is so easy to use that you better install it to find the weak spots before the top cheese does.He’s half joking, of course, but with new data security regulations coming online and increased boardroom pressure for security compliance, it’s clear that companies can no longer simply rely on annual security checkups.Qualys, founded in 1999, is attacking the problem with a service it calls On-Demand Network Security. The basic idea, Courtot says, is to assess network vulnerability without requiring customers to install and learn new tools. The company has 65 network scanners in the U.S., Europe and Asia that it uses to map customer networks from the outside, looking to see what firewall ports are open, or servers are available, etc. Once complete, the baseline is used to generate reports detailing what has been added or changed.Then the company scans for weak spots, looking for evidence of 2,500 vulnerabilities the company has profiled in a database. About 20 to 30 new vulnerabilities are added each week, Courtot says. When problems are identified, the service alerts the customer and outlines the potential exposure. For remediation, Qualys finds or develops fixes, subjects both to an internal QA process and then makes them available for download.Customers who want to complement the outside scan with an inside view receive a packaged scanner that, once clamped on the network, is authenticated by Qualys and provides a pipeline in. The box is owned and managed by Qualys, but all information gathered by either type of scan is kept encrypted and is visible only to the customer.One shortcoming of the Qualys approach is that customers can’t scan desktops for banned programs, say FTP. Courtot says he might add that capability by introducing client code.On-Demand costs roughly $50,000 per year for customers with a Class C IP license, and the company says it has 1,000 subscribers, including the Federal Reserve Bank.One interesting insight is that Courtot says customers are averaging 22 scans per year. That says something about pent-up fear out there. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe