Latest news with #Qualys'
Channel Post MEA
21-07-2025
- Business
- Channel Post MEA
Business Context Missing In Most Cyber Risk Programs: Qualys
According to new research commissioned by Qualys and conducted by Dark Reading, despite rising investments, evolving frameworks, and more vocal boardroom interest, most organizations remain immature in their risk management programs. Nearly half of organizations (49%) surveyed for Qualys' 2025 State of Cyber-risk Assessment report, today have a formal business-focused cybersecurity risk management program. However, just 18% of organizations use integrated risk scenarios that focus on business-impacting processes, showing how investments manage the likelihood and impact of risk quantitatively, including risk transfer to insurance. This is a key deficiency, as business stakeholders expect the CISO to focus on business risk. Key findings from the research include: Formal Risk Programs are Expanding, But Business Context is Still Missing 49% of surveyed organizations report having a formal cyber risk program in place which looks like a promising statistic on the surface. But dig deeper, and the data shows otherwise: Business Alignment Gaps: Only 30% report that their risk management programs are prioritized based on business objectives Recent Implementations: 43% of existing programs have been in place for less than two years, indicating a nascent stage of maturity Future Plans: An additional 19% are still in the planning phase More Investment ≠ Less Risk: Why the Cyber ROI isn't Adding Up Cybersecurity spending has continued to grow. Yet one of the most revealing insights from the study is that a vast majority (71%) of organizations believe that their cyber risk levels are rising or holding steady. 51% say their overall cyber risk exposure is increasing 20% say it remains unchanged Only 6% have seen risk levels decrease The Missing Metric: Business Relevance in Asset Intelligence Visibility in cyber risk management is about a principle that hasn't changed in 20 years: you can't protect what you can't see. Yet even in 2025, asset visibility remains one of the biggest blind spots: 83% of organizations perform regular asset inventories, but only 13% can do so continuously 47% still rely on manual processes 41% say incomplete asset inventories are among their top barriers to managing cyber risk Risk Prioritization Needs to be a Business Conversation, Not a Technical One Another illusion that persists is the idea that all risks can and should be patched. The longstanding practice of prioritizing vulnerabilities based solely on severity is no longer sufficient. The industry looks to be grasping the fact that risk prioritization needs to go beyond single scoring methods like CVSS alone, with 68% of respondents using integrated risk scoring combining threat intelligence or using cyber risk quantification with forecasted loss estimates to prioritize risk mitigation actions. However, these next data points show that the industry still has some way to go: Nearly one in five (19%) of organizations continue to rank vulnerabilities using a single score like CVSS alone Just 18% update asset risk profiles monthly Reporting Risk in Business Terms, Not Security Jargon Executives do not want to hear how many vulnerabilities have been patched. They want to understand what the organization stands to lose, and what's being done to protect it. Yet the study finds that while 90% of organizations report cyber-risk findings to the board: Only 18% use integrated risk scenarios Just 14% tie risk reports to financial quantification Business stakeholders are only involved less than half the time (43%) And only 22% include finance teams in cyber risk discussions 'The key takeaway from the research isn't just that cyber risk is rising. It's that current methods are not effectively reducing that risk by prioritizing the actions that would make the greatest impact to risk reduction, tailored to the business. Every business is unique; hence, each risk profile and risk management program should also look unique to the organization. Static assessments, siloed telemetry, and CVSS-based prioritization have reached their limit,' commented Mayuresh Ektare, Vice President, Product Management, Enterprise TruRisk Management, Qualys. 'To address this, forward-leaning teams are adopting a Risk Operations Center (ROC) model: a technical framework that continuously correlates vulnerability data, asset context, and threat exposure under a single operational view. The ROC model provides a proven path forward for organizations ready to manage cyber risk the way the business understands it and expects it to be managed,' Ektare continued. Below are some recommendations to help businesses better align cybersecurity risk with business priorities: Business risk is all about context. In order to have a good understanding of organizational risk, a business first needs to understand what their business-critical assets are, then understand their risk factors or threats as it relates to those crown jewel assets. Without this context, vulnerabilities or threats are just information. If everything is critical, nothing is. Prioritizing risks is paramount as organizations do not have unlimited resources. In order to be capitally efficient, companies need to spend as little as possible to avoid the largest possible amount of risk. Whatever is not mitigated through technology represents risk that needs to be accepted, or transferred to cyber insurance. To get a good read of the cyber-risks across the enterprise, organizations need a diverse telemetry of risk signals. Organizations can't rely on just one — such as scanning for vulnerabilities — instead, companies need visibility into their application security, identity security stack, and more, every part of the enterprise that is exposing your attack surface. Instead of focusing on reactive incident response — for example with a SIEM or a SOC — organizations need a better system that proactively looks to predict risks and works to reduce the likelihood of an event happening by implementing a Risk Operations Center (ROC). This approach to risk management helps leaders make better, more informed decisions based on their unique business context. Organizations need to overhaul the way they are communicating cyber-risk to the board. Integrated risk scenarios that focus on business-impacting processes, such as how investments and insurance impact risk, will be the future of 'business-oriented' risk reporting, and much more effective at the purpose of communicating to board members.
Yahoo
20-05-2025
- Business
- Yahoo
QLYS Q1 Earnings Call: Channel Partnerships and AI Security Drive Outperformance
Cloud security and compliance software provider Qualys (NASDAQ:QLYS) beat Wall Street's revenue expectations in Q1 CY2025, with sales up 9.7% year on year to $159.9 million. The company expects next quarter's revenue to be around $161.2 million, close to analysts' estimates. Its non-GAAP profit of $1.67 per share was 13.8% above analysts' consensus estimates. Is now the time to buy QLYS? Find out in our full research report (it's free). Revenue: $159.9 million vs analyst estimates of $157.1 million (9.7% year-on-year growth, 1.8% beat) Adjusted EPS: $1.67 vs analyst estimates of $1.47 (13.8% beat) Adjusted Operating Income: $71.22 million vs analyst estimates of $63.8 million (44.5% margin, 11.6% beat) The company slightly lifted its revenue guidance for the full year to $652.5 million at the midpoint from $651 million Management raised its full-year Adjusted EPS guidance to $6.15 at the midpoint, a 7.9% increase Operating Margin: 32.4%, up from 30.7% in the same quarter last year Free Cash Flow Margin: 67.3%, up from 26.3% in the previous quarter Net Revenue Retention Rate: 103%, in line with the previous quarter Annual Recurring Revenue: $639.6 million at quarter end, up 9.7% year on year Billings: $153.1 million at quarter end, up 6.1% year on year Market Capitalization: $4.97 billion Qualys delivered better-than-expected results in Q1, with revenue and non-GAAP profit both exceeding Wall Street's expectations. Management attributed the performance to ongoing customer demand for cloud-native cybersecurity risk management and a strategic focus on channel partnerships. CEO Sumedh Thakar highlighted the company's integrated Enterprise TruRisk Management (ETM) platform and continued product expansion as key differentiators, stating that Qualys is 'increasingly well armed with fresh new capabilities to further strengthen our strategic position.' Looking ahead, Qualys' leadership pointed to a more cautious operating environment, with CFO Joo Mi Kim noting increased budget scrutiny among customers and a challenging upsell environment. Despite this, the company modestly raised its full-year revenue and non-GAAP EPS guidance, reflecting confidence in its partner-first sales approach and product innovation. Kim emphasized, 'We intend to continue to responsibly align our product and marketing investments to focus on high impact initiatives.' Q1 results were driven by continued investment in product development and deeper engagement with channel partners. Management discussed how enterprise customers are consolidating security tools and seeking solutions that unify risk data across multiple platforms. Channel Partnerships Expand Reach: Revenue from channel partners grew significantly faster than direct sales, with the channel now representing nearly half of total revenue. Management credited this to the partner-first sales strategy and indicated that partner-led deal registration increased again in Q1. Integrated Risk Operations Center (ROC): The new ROC offering helps organizations consolidate risk signals across various security tools, including those from other vendors. This solution is designed to provide actionable insights and prioritize remediation, which management says leads to operational efficiency and cost savings for customers. Cloud Security and TotalCloud CNAPP: Adoption of Qualys' cloud-native security tools, especially the TotalCloud Cloud-Native Application Protection Platform (CNAPP), continued to gain traction. Management mentioned several seven-figure annual bookings, particularly among large enterprises needing unified multi-cloud and container security. AI Security Posture Management Growth: The company expanded its TotalAI and AI Security Posture Management (AI-SPM) solutions to address risks associated with machine learning and large language models. Management described this as an early but important area, with pilot projects underway at select customers. Audit Readiness Automation: New solutions for policy audit and automated evidence collection were introduced, targeting regulatory compliance needs and helping customers reduce manual audit workloads. Management views this as a growing area of IT security spending. Management expects the rest of the year to be shaped by continued partner channel expansion, growing adoption of its cloud and AI security solutions, and persistent macroeconomic caution. Partner-First Sales Strategy: The transition toward working more closely with channel partners is expected to drive incremental pipeline and revenue, as more customers seek managed risk operations and integrated security solutions. Cloud and AI Security Adoption: Expanded offerings in cloud workload protection and AI risk management are anticipated to support future growth, particularly as enterprise customers increase investment in these areas. Budget Scrutiny and Upsell Challenges: Management highlighted ongoing customer cost controls and budget reviews as potential headwinds, which may temper new business growth and upsell rates, especially in North America. Jonathan Ho (William Blair): Asked about the impact of macroeconomic uncertainty on customer spending. Management noted longer decision cycles and increased ROI scrutiny, but said no major deals were pushed or lost. Patrick Colville (Scotiabank): Inquired about competition from endpoint security players expanding into network-based vulnerability management. CEO Sumedh Thakar responded that Qualys can integrate competitor data, and prioritizes actionable risk remediation over simply finding more vulnerabilities. Kingsley Crane (Canaccord): Questioned the demand environment for AI security solutions. Management described the market as still in the exploratory phase, with most customers evaluating risks and formulating future budgets for AI security. Rudy Kessinger (D.A. Davidson): Queried a decline in large customer counts above $500K in annual contract value. Management stated there were no unusual losses, attributing fluctuations to normal business dynamics and improved gross retention. Trevor Walsh (Citizens): Asked about the rollout and ramp of managed risk operations partners. Management explained that initial focus is on a few strategic partners, with plans to expand based on partner investment and customer demand. In coming quarters, the StockStory team will monitor (1) the pace at which channel partner contributions continue to grow as a share of overall revenue, (2) adoption rates for Qualys' new AI and cloud security solutions, and (3) any changes in customer renewal and upsell trends amid ongoing macroeconomic uncertainty. Progress toward federal market certifications and additional strategic partner certifications will also be key markers of execution. Qualys currently trades at a forward price-to-sales ratio of 7.6×. In the wake of earnings, is it a buy or sell? See for yourself in our free research report. The market surged in 2024 and reached record highs after Donald Trump's presidential victory in November, but questions about new economic policies are adding much uncertainty for 2025. While the crowd speculates what might happen next, we're homing in on the companies that can succeed regardless of the political or macroeconomic environment. Put yourself in the driver's seat and build a durable portfolio by checking out our Top 9 Market-Beating Stocks. This is a curated list of our High Quality stocks that have generated a market-beating return of 176% over the last five years. Stocks that made our list in 2020 include now familiar names such as Nvidia (+1,545% between March 2020 and March 2025) as well as under-the-radar businesses like the once-micro-cap company Kadant (+351% five-year return). Find your next big winner with StockStory today. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
07-05-2025
- Business
- Yahoo
Qualys's (NASDAQ:QLYS) Q1 Sales Beat Estimates, Quarterly Revenue Guidance Slightly Exceeds Expectations
Cloud security and compliance software provider Qualys (NASDAQ:QLYS) reported revenue ahead of Wall Street's expectations in Q1 CY2025, with sales up 9.7% year on year to $159.9 million. Guidance for next quarter's revenue was better than expected at $161.2 million at the midpoint, 0.8% above analysts' estimates. Its non-GAAP profit of $1.67 per share was 13.8% above analysts' consensus estimates. Is now the time to buy Qualys? Find out in our full research report. Qualys (QLYS) Q1 CY2025 Highlights: Revenue: $159.9 million vs analyst estimates of $157.1 million (9.7% year-on-year growth, 1.8% beat) Adjusted EPS: $1.67 vs analyst estimates of $1.47 (13.8% beat) Adjusted Operating Income: $71.22 million vs analyst estimates of $63.8 million (44.5% margin, 11.6% beat) The company slightly lifted its revenue guidance for the full year to $652.5 million at the midpoint from $651 million Management raised its full-year Adjusted EPS guidance to $6.15 at the midpoint, a 7.9% increase Operating Margin: 32.4%, up from 30.7% in the same quarter last year Free Cash Flow Margin: 67.3%, up from 26.3% in the previous quarter Billings: $155.3 million at quarter end, up 7.6% year on year Market Capitalization: $4.66 billion "Our Q1 results reflect the success of new product initiatives and demonstrate customer demand for natively-integrated cybersecurity risk management solutions," said Sumedh Thakar, Qualys' president and CEO. Company Overview Founded in 1999 as one of the first subscription security companies, Qualys (NASDAQ:QLYS) provides organizations with software to assess their exposure to cyber-attacks. Sales Growth Examining a company's long-term performance can provide clues about its quality. Any business can experience short-term success, but top-performing ones enjoy sustained growth for years. Over the last three years, Qualys grew its sales at a 13.3% compounded annual growth rate. Although this growth is acceptable on an absolute basis, it fell short of our standards for the software sector, which enjoys a number of secular tailwinds. Qualys Quarterly Revenue This quarter, Qualys reported year-on-year revenue growth of 9.7%, and its $159.9 million of revenue exceeded Wall Street's estimates by 1.8%. Company management is currently guiding for a 8.4% year-on-year increase in sales next quarter. Looking further ahead, sell-side analysts expect revenue to grow 6.4% over the next 12 months, a deceleration versus the last three years. This projection doesn't excite us and suggests its products and services will face some demand challenges.
Yahoo
04-05-2025
- Business
- Yahoo
Are Investors Undervaluing Qualys, Inc. (NASDAQ:QLYS) By 24%?
The projected fair value for Qualys is US$168 based on 2 Stage Free Cash Flow to Equity Qualys is estimated to be 24% undervalued based on current share price of US$128 Our fair value estimate is 23% higher than Qualys' analyst price target of US$137 In this article we are going to estimate the intrinsic value of Qualys, Inc. (NASDAQ:QLYS) by projecting its future cash flows and then discounting them to today's value. Our analysis will employ the Discounted Cash Flow (DCF) model. There's really not all that much to it, even though it might appear quite complex. Companies can be valued in a lot of ways, so we would point out that a DCF is not perfect for every situation. For those who are keen learners of equity analysis, the Simply Wall St analysis model here may be something of interest to you. Trump has pledged to "unleash" American oil and gas and these 15 US stocks have developments that are poised to benefit. We're using the 2-stage growth model, which simply means we take in account two stages of company's growth. In the initial period the company may have a higher growth rate and the second stage is usually assumed to have a stable growth rate. To begin with, we have to get estimates of the next ten years of cash flows. Where possible we use analyst estimates, but when these aren't available we extrapolate the previous free cash flow (FCF) from the last estimate or reported value. We assume companies with shrinking free cash flow will slow their rate of shrinkage, and that companies with growing free cash flow will see their growth rate slow, over this period. We do this to reflect that growth tends to slow more in the early years than it does in later years. Generally we assume that a dollar today is more valuable than a dollar in the future, so we discount the value of these future cash flows to their estimated value in today's dollars: 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 Levered FCF ($, Millions) US$220.0m US$245.8m US$264.3m US$288.8m US$316.8m US$338.2m US$357.0m US$373.9m US$389.3m US$403.8m Growth Rate Estimate Source Analyst x16 Analyst x15 Analyst x5 Analyst x2 Analyst x2 Est @ 6.77% Est @ 5.57% Est @ 4.72% Est @ 4.13% Est @ 3.72% Present Value ($, Millions) Discounted @ 7.7% US$204 US$212 US$212 US$215 US$219 US$217 US$213 US$207 US$200 US$193 ("Est" = FCF growth rate estimated by Simply Wall St)Present Value of 10-year Cash Flow (PVCF) = US$2.1b The second stage is also known as Terminal Value, this is the business's cash flow after the first stage. For a number of reasons a very conservative growth rate is used that cannot exceed that of a country's GDP growth. In this case we have used the 5-year average of the 10-year government bond yield (2.8%) to estimate future growth. In the same way as with the 10-year 'growth' period, we discount future cash flows to today's value, using a cost of equity of 7.7%. Terminal Value (TV)= FCF2034 × (1 + g) ÷ (r – g) = US$404m× (1 + 2.8%) ÷ (7.7%– 2.8%) = US$8.4b Present Value of Terminal Value (PVTV)= TV / (1 + r)10= US$8.4b÷ ( 1 + 7.7%)10= US$4.0b The total value is the sum of cash flows for the next ten years plus the discounted terminal value, which results in the Total Equity Value, which in this case is US$6.1b. To get the intrinsic value per share, we divide this by the total number of shares outstanding. Compared to the current share price of US$128, the company appears a touch undervalued at a 24% discount to where the stock price trades currently. The assumptions in any calculation have a big impact on the valuation, so it is better to view this as a rough estimate, not precise down to the last cent. We would point out that the most important inputs to a discounted cash flow are the discount rate and of course the actual cash flows. If you don't agree with these result, have a go at the calculation yourself and play with the assumptions. The DCF also does not consider the possible cyclicality of an industry, or a company's future capital requirements, so it does not give a full picture of a company's potential performance. Given that we are looking at Qualys as potential shareholders, the cost of equity is used as the discount rate, rather than the cost of capital (or weighted average cost of capital, WACC) which accounts for debt. In this calculation we've used 7.7%, which is based on a levered beta of 1.136. Beta is a measure of a stock's volatility, compared to the market as a whole. We get our beta from the industry average beta of globally comparable companies, with an imposed limit between 0.8 and 2.0, which is a reasonable range for a stable business. See our latest analysis for Qualys Strength Currently debt free. Weakness Earnings growth over the past year underperformed the Software industry. Opportunity Annual earnings are forecast to grow for the next 3 years. Good value based on P/E ratio and estimated fair value. Threat Annual earnings are forecast to grow slower than the American market. Although the valuation of a company is important, it shouldn't be the only metric you look at when researching a company. The DCF model is not a perfect stock valuation tool. Instead the best use for a DCF model is to test certain assumptions and theories to see if they would lead to the company being undervalued or overvalued. If a company grows at a different rate, or if its cost of equity or risk free rate changes sharply, the output can look very different. Can we work out why the company is trading at a discount to intrinsic value? For Qualys, we've put together three fundamental factors you should look at: Financial Health: Does QLYS have a healthy balance sheet? Take a look at our free balance sheet analysis with six simple checks on key factors like leverage and risk. Future Earnings: How does QLYS's growth rate compare to its peers and the wider market? Dig deeper into the analyst consensus number for the upcoming years by interacting with our free analyst growth expectation chart. Other Solid Businesses: Low debt, high returns on equity and good past performance are fundamental to a strong business. Why not explore our interactive list of stocks with solid business fundamentals to see if there are other companies you may not have considered! PS. Simply Wall St updates its DCF calculation for every American stock every day, so if you want to find the intrinsic value of any other stock just search here. Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team (at) article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned.
Channel Post MEA
14-03-2025
- Channel Post MEA
DeepSeek Fails 58% of the Jailbreak Tests by Qualys TotalAI
Qualys recently conducted a security analysis of the distilled DeepSeek-R1 LLaMA 8B variant using the company's newly launched AI security platform, Qualys TotalAI. The DeepSeek model had a failure rate of 61% when tested against Qualys TotalAI's Knowledge Base (KB) attacks and a failure rate of 58% when tested against Jailbreak attacks. TotalAI KB Analysis Qualys TotalAI's KB Analysis prompts the target LLM with questions across 16 categories — including controversial topics, factual inconssitencies, hate speech and discrimination, legal information, privacy attacks, profanity and sensitive information disclosure — and evaluates the responses using Qualys' Judge LLM. Responses are assessed for vulnerabilities, ethical concerns, and legal risks. If a response is deemed vulnerable, it receives a severity rating based on its directness and potential impact. This ensures a comprehensive assessment of the model's behavior and associated risks. In the Qualys KB testing, 891 assessments were conducted and the model failed 61% of the tests. The worst performing category was misalignment, where the model had a pass rate of just 8%. This was followed by controversial topics (13%), and factual inconsistencies (21%). On the other end of the spectrum, the model did prove to be very good at filtering out sexual content, passing 100% of the tests. TotalAI Jailbreak Testing Jailbreaking an LLM involves techniques that bypass built-in safety mechanisms, enabling the model to generate restricted responses. These vulnerabilities can result in harmful outputs, including instructions for illegal activities, misinformation, privacy violations, and unethical content. Successful jailbreaks expose weaknesses in AI alignment and present serious security risks, particularly in enterprise and regulatory settings. The model was tested against 18 jailbreak types through 885 attacks. It failed 58% of these attempts, demonstrating significant susceptibility to adversarial manipulation. During the analysis, DeepSeek R1 struggled to prevent several adversarial jailbreak attempts, including steps on how to make an explosive device, create content for websites that encourage hate speech, conspiracy theories and violent action, exploiting software vulnerabilities, promoting incorrect medical information, etc. 'As AI adoption accelerates, organizations must move beyond performance evaluation to tackle security, safety, and compliance challenges. Gaining visibility into AI assets, assessing vulnerabilities, and proactively mitigating risks is critical to ensuring responsible and secure AI deployment,' commented Dilip Bachwani, CTO, Qualys. 'Qualys TotalAI provides full visibility into AI workloads, proactively detects risks, and safeguards infrastructure. By identifying security threats like prompt injection and jailbreaks, as well as safety concerns such as bias and harmful language, TotalAI ensures AI models remain secure, compliant, and resilient. With AI-specific security testing and automated risk management, organizations can confidently secure, monitor, and scale their AI deployments.' For detailed findings from the tests, industry implications and steps organizations can take to mitigate risks associated with use of DeepSeek models, please visit:
