Qualys has been described as "one of the earliest
software-as-a-service security vendors."
Philippe Courtot first invested in the company in 1999. He became CEO and board chair in 2001. Courtot described Qualys as addressing a "mounting need for automatic detection of network vulnerabilities" when he announced the second round of financing. The company launched QualysGuard in 2000, making Qualys one of the first entrants in the vulnerability management market. This software could automatically scan corporate
local area networks (LANs) for vulnerabilities and search for an available patch. The company subsequently added compliance, malware detection, and web application scanning to its platform. Qualys
went public on the
Nasdaq under the stock ticker QLYS on September 28, 2012, raising net proceeds of $87.5 million. The stock doubled from 2019–2024. In 2015, Qualys launched its cloud platform and lightweight cloud agent, aimed at providing continuous monitoring of an organization's IT infrastructure and applications. The cloud platform introduced several new features designed to help organizations address cybersecurity and compliance issues. Another security service that Qualys offers is its Network Passive Sensor service, an advanced technology layer that monitors network traffic and detects what is on the network that needs to be secured. The Network Passive Sensor immediately sends asset metadata to the Qualys Cloud Platform, where it is analyzed for comprehensive security insights. In 2021, Courtot resigned from his role as Qualys' CEO for health reasons after leading the company for two decades. Sumedh Thakar became president and CEO following Courtot. In August 2021, Qualys partnered with
Red Hat to bring Qualys' Cloud Agent to
Red Hat Enterprise Linux (RHEL) CoreOS and Red Hat
OpenShift. The CoreOS Cloud Agent for OpenShift works with Qualys' Container Security Runtime, delivering continuous packages and vulnerabilities for the entire OpenShift stack. The Qualys Threat Research Unit (TRU) won two
Pwnie Awards in 2021, in the "Best Privilege Escalation Bug" and "Most Under-Hyped Research" categories. The TRU also won two Pwnie Awards in 2025, in the "Epic Achievement" and "Best Remote Code Execution (RCE)" categories. In November 2023, Qualys released its Enterprise TruRisk Management (ETM) software, which aggregates cyber risk signals to provide a risk-scoring framework for companies to measure and reduce IT risk. Thakar said that Qualys is expanding ETM to integrate risk data from different security tools, including other security vendors. This will give customers a single view of risk, so they can focus on reducing risk in the areas that are impacting the most important parts of their business. In 2024, he announced that Qualys would offer a free 30-day access to ETM to assist organisations in adhering to the
UK National Cyber Security Centre's (NCSC) guidelines that recommend a 5–7 day window for patching vulnerabilities. Qualys introduced its real-time Risk Operations Center (ROC) with ETM at its annual conference in San Diego in October 2024. In May 2024, Qualys launched a
managed security services partner (MSSP) portal as part of its global partner program. The portal was designed to enhance operational efficiencies for Qualys' partners and offer visibility into client accounts, licenses, and user roles. In March 2026, Qualys debuted Agent Val, the first agentic AI tool for exploit validation and autonomous remediation. ==References==