Not a member yet? Register now and get started.

lock and key

Sign in to your account.

Account Login

Forgot your password?

Qualys Idea Proposal (QLYS)

Qualys Idea Proposal (QLYS)

Are cybersecurity market conditions and competitive dynamics ripe for Qualys to accelerate its revenue growth?

Report Available: June 30, 2022


Blueshift’s initial research found QLYS benefiting from heightened attention on cybersecurity as one of the leaders in the vulnerability management segment. QLYS is trying to differentiate itself from competitors and increase the stickiness of its solutions by bringing multiple security pieces into a single platform. Under the guidance of a new CEO, the company is revamping its go-to-market approach with significant investments in its sales team and a new focus on its partner channel. Among the challenges QLYS faces in trying to accelerate its revenue growth is that it operates in a fairly mature segment of cybersecurity and leading vendors in other areas of IT security could encroach on its space.



  1. QLYS, a developer of cybersecurity software for businesses, topped Wall Street estimates on both the top and bottom lines in Q1. Revenues were up 17% from a year ago to $113.4 million and its net dollar expansion rate—a measure of whether existing customers are spending more—was 110% in Q1, up both year over year and sequentially. With a strong start to the year, QLYS raised both the bottom and top end of its guidance for 2022, projecting revenue in the range of $484 million to $486.5 million, representing about 18% growth.
  1. QLYS’s core business focuses on a relatively mature corner of the cybersecurity market known as vulnerability management, with annual growth forecasts of only about 11% over the next five years. But company executives say they are benefiting from heightened demand for IT security solutions to combat the explosion of malware, ransomware, and other malicious cyberattacks. The so-called Log4Shell vulnerability, for example, sent shockwaves through the security industry in late 2021 when it was discovered that it had the potential to let hackers compromise millions of devices across the internet. In its own study of Log4Shell using more than 150 million scans globally, QLYS said organizations took an average of 17 days to patch the hole in their systems. “We believe the continued increase in the attack surface coupled with the growing concerns over cyberattacks like ransomware and cyberwarfare is pushing organizations around the world to shed outdated, siloed, security and compliance systems and move to integrated security platforms to reduce their risk and response time,” QLYS CEO Sumedh Thakar said.
  1. QLYS bills itself as the only cloud-based solution that combines asset inventory, vulnerability detection, patch management, and endpoint detection and response (EDR) into a single agent. Under Thakar, who took over as CEO last year following the passing of QLYS’s longtime leader Philippe Courtot, the company is investing heavily in its go-to-market operation, planning “double-digit growth” in its sales team and trying to beef up its partner channel. On the product side, the company is trying to push customers to its VMDR (Vulnerability Management, Detection, and Response) solution and adding new modules around assessment and remediation. Customer penetration of VMDR hit 40% in Q1, but executives think that figure can reach at least 70%. A key channel for QLYS continues to be MSFT’s Azure as QLYS provides the white-labeled vulnerability management solution for Azure customers.
  1. QLYS’s key competitors in the vulnerability management market include TENB and RPD. TENB said its calculated current billings grew 31% in Q1. “Momentum across cybersecurity is accelerating, as increased threats are driving a healthy spending environment. The need for customers to understand their true exposure and risk is at an all-time high,” TENB CEO Amit Yoran said. Vendors who focus on other areas of IT monitoring and security—such as CRWD, DDOG, and DT—are also potential competitive threats. CRWD, for example, specializes in endpoint protection but has a vulnerability management module called Falcon Spotlight. One cybersecurity publication recently ranked both CRWD and QLYS among the top five vulnerability management solutions.


Can QLYS accelerate from high teens to 20+% revenue growth? How commoditized are vulnerability management solutions? Does QLYS’s VMDR product increase stickiness? Will branching into patching and remediation give QLYS a competitive edge over TENB and RPD? Is the vulnerability management market fiercely competitive on price? Will other IT security vendors like CRWD dent QLYS’s growth prospects? Will the elevated threat environment in cybersecurity mean more spending on vulnerability management or do most businesses have a solution already? Will vulnerability management remain a standalone solution 3-5 years from now? To answer these and other questions, Blueshift will gather data and issue a market research report from independent sources in the following areas: QLYS customers, Competitor customers, QLYS channel partners, Competitor channel partners, and Industry specialists. 


Companies: Qualys Inc. (QLYS), Crowdstrike Holdings Inc. (CRWD), DataDog Inc. (DDOG), Dynatrace Inc. (DT), Microsoft Corp. (MSFT), Rapid7 Inc. (RPD), Tenable Holdings Inc. (TENB)


Research Begins: June 13, 2022


To see other ideas Blueshift Research is currently working on, please click here.


Blueshift Research’s sister company, Intro-act, has launched the Intro-act Scorecard, the C-suite’s standard, ongoing measure of corporate investor engagement.


The Scorecard optimizes the ROI on corporate access by measuring: Concentration, Directionality, Breadth, Impact, Depth, and Duration


See the sample Scorecard. Watch the Scorecard video.