Qualys First to Provide Real-Time Vulnerability Assessment for Check Point Firewalls

QualysGuard Achieves OPSEC Certification to Automate Firewall Security Assessment and Monitoring

Redwood Shores, CA -March 25, 2002- Qualys™, Inc., the leader in the emerging category of Managed Vulnerability Assessment, today announced that it has achieved OPSEC® certification from Check Point™ Software Technologies Ltd. [NASDAQ: CHKP], the worldwide leader in securing the Internet. Through OPSEC certification, QualysGuard™ for Check Point provides Managed Vulnerability Assessment to seamlessly integrate with Check Point's VPN-1®/FireWall-1® Internet security platform, offering customers automatic and continuous monitoring for vulnerabilities inadvertently introduced during enforcement point policy changes.

As the gatekeeper between corporate data assets and the external world, firewalls are the critical line of defense against network intruders. Leveraging the OPSEC framework, QualysGuard for Check Point proactively scans and analyzes newly deployed policy changes in FireWall-1 and provides near-instant feedback on the impact of enforcement point changes to the security of the rest of the network. Administrators are notified with concise, graphical HTML-based QualysGuard reports via email and Check Point Management Console log events, so they can assess, identify, fix, and verify elimination of vulnerabilities.

"QualysGuard for Check Point is an excellent service that automatically identifies security exposures as they are created," stated David Thomas, Security Practice Manager of VeriSign, Inc. "With QualysGuard, our security consultants have instant feedback when firewall policies are updated, so they can monitor, analyze, and repair vulnerabilities."

QualysGuard, Qualys' advanced Web-based Managed Vulnerability Assessment platform, fundamentally changes the way network security operates, enabling businesses to proactively protect their corporate data assets by automatically monitoring their networks with a Web-based service. Companies of all sizes -from enterprise to small business- can protect their network resources, while at the same time radically decreasing the costs to assess, identify, fix, and verify elimination of vulnerabilities.

"Vulnerability and risk assessment services are a key component of an end-to-end security solution. We are pleased that the QualysGuard for Check Point service has achieved OPSEC certification for its seamless integration with our management console," said Upesh Patel, OPSEC Alliance Manager. "With enterprises facing increasingly complex Internet security threats, the QualysGuard for Check Point platform serves as proactive protection against vulnerabilities, maintaining the highest level of security throughout the network."

"Qualys' certification in the new OPSEC Security Assessment initiative reinforces the necessity for proactive Managed Vulnerability Assessment for businesses of every size," said Philippe Courtot, Chairman and CEO of Qualys. "QualysGuard for Check Point provides customers with real-time network perimeter scanning and a comprehensive understanding of their exposed risks."

The QualysGuard for Check Point Plug-In integrates with the Check Point Enterprise Management Console, easing administration while maximizing performance and security. FireWall-1 policy changes are monitored through OPSEC interfaces to automatically trigger a QualysGuard audit that determines the effects of the policy changes. Installed on a standalone server or on the management console, the QualysGuard for Check Point Plug-In operates with the full range of Check Point Management Solutions for small businesses, enterprises, and MSP-Class Provider-1 operations.

The QualysGuard Firewall Policy Analysis Process evaluates practical implications of a firewall policy change -such as the exposure of a new host or application- producing a trend analysis for each scanned IP address by vulnerability, status, severity and category. The firewall administrator receives an email notification with a link to a complete set of HTML graphical reports with a risk score and a comprehensive report covering vulnerabilities to over 300 applications on more than 20 different platforms.

For more information on Qualys and Check Point, please visit http://www.checkpoint.com/opsec/ partners/qualys.html

About Qualys
Qualys, Inc., the leader in Managed Vulnerability Assessment, enables security providers, security professionals, and corporate customers to automatically audit Internet-connected networks for security vulnerabilities. Qualys' innovative Web service delivers automated, scalable, and cost-effective security auditing and risk assessment of global networks. Founded in 1999 by a team of Internet security experts, Qualys is headquartered in Redwood Shores, California, with offices in France, Germany and the U.K. Customers using the QualysGuard service include Adobe Systems, Agilent Technologies, Apple Computer, Bank of the West, BlueCross BlueShield, BT Ignite, Fujitsu, Hewlett Packard, and Siebel Systems. Qualys is privately financed by Deutsche Bank ABS Ventures, Trident Capital, Mercury Interactive, and VeriSign, the leading provider of Internet trust services. For more information about Qualys, please go to http://www.qualys.com.

About Check Point's OPSEC
OPSEC (Open Platform for Security) is the industry's open, multi-vendor security framework. With over 300 partners, OPSEC guarantees customers the broadest choice of best-of-breed integrated applications and deployment platforms that support Check Point's Secure Virtual Network Architecture. Products that carry the OPSEC Certified seal have been tested to guarantee integration and interoperability.

###

Qualys, the Qualys logo, and QualysGuard are trademarks or registered trademarks of Qualys, Inc. All other company and product names may be trademarks of their respective owners.

Check Point, the Check Point logo, VPN-1, FireWall-1 and OPSEC are trademarks, service marks, or registered trademarks of Check Point Software Technologies Ltd. or its affiliates.