What to expect from Qualys QSC 2025

De-risk the business

CEO Sumedh Thakar’s central theme is all about how Qualys works to deliver enterprise technologies that (as he puts it) enable firms to de-risk their businesses. 

It’s not so much about zero risk or eliminating risk (Thakar has enough grounding in reality to remind us that this is never really possible), it’s all about knowing what risks matter and being able to act accordingly.

Last year, Thakar’s main keynote session last year was entitled, “If Everything Is Critical, Nothing Is: Unveiling a New Approach to Cyber Risk Management” … and we explained that as meaning if ALL elements of the stack are treated as critically fragile as the next piece, then a business is never going to be able to prioritise and get its DevOps teams working to lock down the most important things first.

We have also made previous note of the fact that Qualys isn’t so much the cybersecurity company these days, it is a CNAPP specialist and systems compliance organization with key cloud configuration management skills and a CISO management console provider. We called it a cloud-based developer-focused container lockdown platform company that understands how data and application silos have resulted and wants to help fix them.

Who should attend?

This year (as always to be honest) Qualys is adamant that its event’s content is suitable for CIOs, CSOs and CTOs; directors and managers of network, security and cloud; developers and DevSecOps practitioners.

There will again be training this year… the company will host these sessions on Monday and Tuesday of the week, which makes sense given that this is the protocol that most vendors would follow.

“QSC, the Qualys Cyber Risk Conference, delivers thought-provoking keynotes, high-impact sessions, and hands-on workshops on threat detection, cloud security, automation, and risk-driven security strategies. You will discover how to streamline security operations, reduce noise, maximise ROI, and strengthen business resilience, and align security initiatives with your leadership. Don’t miss this opportunity to shape the future of modern cybersecurity and de-risk your organisation,” notes the company, in the welcome address to its event online.

The company has also made note of some milestone releases on its roadmap.

We saw the release of Qualys Vulnerability Detection Management and Response (VMDR) in 2019… and since that time Qualys has come forward with CyberSecurity Asset Management (CSAM) with External Attack Surface Management (EASM), Custom Assessment and Remediation (CAR), VMDR 2.0 with TruRisk and TotalCloud with TruRisk Insights. 

Qualys says that these products offer end-to-end asset management and security coverage as a comprehensive platform, with a unified view of risk under one agent and a single scalable solution.

Total AI

Qualys TotalAI is purpose-built for the unique realities of AI risk, going beyond basic infrastructure assessments to directly test models for jailbreak vulnerabilities, bias, sensitive information exposure and critical risks mapped to the OWASP Top 10 for LLMs. It works by offering automatic prioritisation of AI security risks and risks that are identified are mapped to real-world adversarial tactics with MITRE ATLAS and automatically prioritised through the Qualys TruRisk™ scoring engine.

“AI is reshaping how businesses operate, but with that innovation comes new and complex risks,” said Thakar, president and CEO of Qualys. “TotalAI delivers the visibility, intelligence and automation required to stay agile and secure, protecting AI workloads at every stage… from development through deployment. We are proud to lead the way with the industry’s most comprehensive solution, helping businesses innovate with confidence, while staying ahead of emerging AI threats.”

It all comes back to what we know as the shift-left approach i.e. incorporating security and testing of AI-powered applications into existing CI/CD workflows, which strengthens both agility and security posture, while ensuring sensitive models remain protected behind corporate firewalls.

Qualys Tweets on X at @qualys and the event hashtag is #qualysQSC.