Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 1 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 1 of 99
`
`
`
`
`EXHIBIT 4
`
`EXHIBIT 4
`
`
`
`
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 2 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 2 of 99
`
`[able of antents
`
`UNITED STATES
`
`SECURITIES AND EXCHANGE COMMISSION
`Washington, 0.0. 20549
`
`FORM 10-K
`
`Annual Report Pursuant to Section 13 or 15ml of the Securities Exchange Act of 1934
`For the Annual Period Ended December 31. 2012
`or
`
`El
`
`Transition Report Pursuant to Section 13 or 15(d} at the Securities Exchange Act of 1934
`For the transition period from
`to
`Commission file number 001 (55662
`
`QUALYS, INC.
`(Exact name of registrant as specified in its charter)
`
`Delaware
`
`{State or other jurisdiction of
`Incorporation or organization)
`
`7741584165
`
`[I.R.S. Employer
`Identification Number]
`
`1600 Bridge Parkway. Redwood City, California 94065
`{Address of principal executive offices, including zip code)
`{650) am ciao
`{Registrant‘s telephone number. including area code)
`
`Securities registered pursuant to section 120:) of the Act:
`
`Common stock, $0.001 par value per share
`
`NASDAQ Stock Market
`
`Title of each class
`
`Name or each exchange on which registered
`
`Securities registered pursuant to section 13l9l of the Act: None
`Indicate by check mark if the registrantis a well-known seasoned issuer. as defined in Rule 406 ofthe Securities Act Yes El No [it
`
`Indicate by check mark if the registrantis not required to file reports pursuant to Section 13 or Section film of the Act. Yes D No IE]
`
`indicate by check mark whetherthe Registrant (1} has filed all reports required to be filed by Section 13 or 15(d) ofthe Securities Exchange Act of 1934
`during the preceding 12 months(or for such shorter period thatthe Registrantwas required to file such reports]. and (2]: has been subject to such filing
`requirements for the past 90 days. Yes IX] No El
`
`Indicate by check mark whetherthe registrant has submitted electronically and posted on its corporate Web site, ifany. every Interactive Data File required to
`be submitted and posted pursuant to Rule 405 of Regulation S—T during the preceding 12 months [or for such shorter period thatthe registrantwas required
`to submitand post such files). Yes [it No El
`
`Indicate by check mark ifdisclosure ofdelinquentfilers pursuant to Item 405 of Regulation 5-K(§229.405 of this chapter) is not contained herein. and will not
`be contained. to the bestof registrant's knowledge. in definitive proxy or information statements incorporated by reference in Part III otthis From 10-K or any
`amendmentto this Form 10-K. til
`
`Indicate by check mark whether the registrant is a large accelerated filer‘ an accelerated filer. a non—accelerated filer‘ or a smaller reporting company. See the
`definitions of‘large accelerated filer," "accelerated titer" and "smaller reporting company" in Rule 12b-2 of the Exchange Act (Check one]:
`
`
`
`
`X
`
`Large accelerated filer
`
`El
`
`Accelerated filer
`
`El
`
`Non-accelerated filer
`(Do notcheck ifa smaller
`reporting company}
`
`Smaller reporting company
`
`El
`
`Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b—2 ofthe Exchange Act). Yes El No [K]
`
`The registrant‘s common stock began trading on the NASDAQ Stock Marketon September 28, 2012. As of December 31 , 2012, the aggregate market value of
`voting shares ofcommon stock held by non-affiliates ofthe registrantwas $216.6 million based on the last reported sale price of the registrant‘s common
`stock on December 31 , 2012. Shares ofcommon stock held by each executive officer and director and by each person who owns 5% or more ofthe
`outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination ofafiiliate status is not necessarily a
`conclusive determination for other purposes.
`
`The numberof shares oi the Registrant’s common stock outstanding as of February 26. 2013 was 31541650 shares.
`
`DOCUMENTS INCORPORATED BY REFERENCE
`Portions ofthe registrant's Proxy Statement for its 2013 Annual Meeting of Stockholders are incorporated by reference in Part III ofthis Annual Report on Form
`
`QUALYSOOO30017
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 3 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 3 of 99
`10-K where indicated. Such proxy slalemenlwill he filed wiih ihe Securities and Exchange Commission wiihin 120 days ofihe registrant's fiscal year ended
`December 31‘ 2012.
`
`
`
`QUALYSOOO300‘I 8
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 4 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 4 of 99
`
`Table of Contgnfi
`
`Business
`Risk Factors
`Unresolved Staff Comments
`
`Properties
`Legal Proceedings
`Mine Safety'DisclosureS
`
`Qualys, Inc.
`TABLE OF CONTENTS
`
`PART I
`
`PART II
`
`Market for Registrant's Common Equity. Related Stockholder Matters and Issuer Purchases of Equity Securities
`Selected Financial Data
`Management's Discussion and Analysis of Financial Condition and Results of Operations
`Quantitative and Qualitative Disclosures About Market Risk
`
`Financial Statements and Supplementary Data
`Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
`Controls and Procedures
`Other Information
`
`PART III
`
`Directors. Executive Oflicers-and Corporate. Governance
`Executive Compensation
`Security Ownership of Certain Beneficial Ownersand Management and Related Stockholder Matters
`Certain Relationships and Related Transactions. and Director Independenoe
`Principal Accounting Fees and Services
`
`PART IV
`
`Item 1.
`Item 1A.
`Item 13.
`
`Item 2.
`Item 3.
`Item 4 ..
`
`Item 5.
`Item 6.
`Item F.
`Item 7A.
`
`Item 8.
`Item 9.
`Item 9A.
`Item QB.
`
`Item 10.
`Item 11.
`Item 12.
`Item 13.
`Item 14.
`
`Exhibits and Financial Statement Schedu les
`
`Item 15.
`Signatures
`Exhibit Index
`
`Page
`
`3
`11
`33
`
`33
`33
`33
`
`34
`37
`41
`5?
`
`58
`85
`35
`85
`
`86
`36
`86
`86
`86
`
`8.?
`88
`69
`
`Id
`
`QUALYSOOO30019
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 5 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 5 0f 99
`
`Table gf antenls
`
`Forward-Loom ng Stamments
`
`PART I
`
`ln addition to historical information. this Annual Report on Form 10-K contains “toward-looking” statements within the meaning of the federal
`securities laws. winch statements involve substantial risks and uncertainties. Fonvar’dJooking statements generally relate to future events or our
`future financial or operating performance. in some cases, it is possible to identify toward-looking statements because they contain words such as
`“anticipates. " "believes. " “contemplates, " rcontinue. " “could, " "estimates. " “expects, " ”future. " 'intends, " 'tlkely. " ‘may, " "plans. " ‘potential. " ‘predicts. "
`“projects. " “seek. " "should. " “target” or- ‘Will. " or the negative of these rmrds or other similar terms or expressions that concern our expectations.
`strategy, plans or intentions. Fonvard-ioolting statements contained in this Annual Report on tfl-K include. but are not limited to, statements about:
`
`-
`
`our financial perfonnance, including our revenues, costs, expenditures. growth rates, operating expenses and ability to generate
`positive cash flow to attain and sustain profitability:
`anticipated technology trends. such as the use of cloud solutions,-
`our ability to adapt to changing market conditions;
`economic and financial conditions. including volatility in foreign exchange rates:
`our ability to diversify our sources of revenues:
`the effects of increased competition in our market:
`our ability to effectively manage our growth;
`our anticipated investments in sales and marketing and research and develerment:
`maintaining and expanding our relationships with channel partners;
`our ability to maintain, protect and enhance our brand and intellectual property:
`costs associated with defending intellectual property infringement and other claims:
`our ability to attract and retain qualified employees and key personnel:
`our ability to successfully enter new markets and manage our lntemational expansion; and
`other factors discussed in this Annual Report on Form 10-K in the sections titled ”Risk Factors, " "Management's Discussion and
`Analysis of Financial Condition and Results of Operations " and "Business. "
`
`We have based the forward-looking statements contained in this Annual Report on Form ‘lth primarily on our current expectations and
`projections about future events and trends that we believe may affect our business, financial condition, results of operations and prospects. The
`outcome of the events described in this fonvard-looking statements is subject to risks, uncertainties, assumptions. and other factors including
`those described in Part l, item 1A {Risk Factors) of this Annual Report. Moreover. we operate in a very competitive and rapidly changing
`environment. New risks and uncertainties emerge from time to time. and it is not pessihle for us to predict all risks and uncertainties that could
`have an impact on the toward-looking statements used herein. We cannot provide assurance that the results, events, and circumstances reflected
`in the forward-looking statements will be achieved or occur. and actual results. events or circumstances could differ materially from those
`described in the forward-looking statements.
`
`You should not rely on fonvard-looking statements as predictions of future events. Except as required bylaw, neither we nor any other person
`assumes responsibility for the accuracy and completeness of the fonvard—looking statements, and we undertake no obligation to update any
`fomard-looking statements to reflect events or circumstances after the date of such statements.
`
`Qualys. the Qualys logo and QualysGuerd. and other trademarks and service marks of Qualys appearing in this Annual Report on Form “3-K
`are the property of Qualys. This Annual Report on Form 10-K also contains trademarks and trade names of other businesses that are the property
`of their respective holders. We have omitted the ® and T'“ designations, as applicable. for the trademarks used in this Annual Report on Form 10-
`K.
`
`QUALYSOOOSOOEO
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 6 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 6 of 99
`
`lagle gf antents
`
`Item 1 .
`
`Business
`
`Overview
`
`We are a pioneer and leading provider of cloud security and compliance solutions that enable organizations to identify security risks to their
`IT lnfrastmctures. help protect their IT systems and applications from ever-evolving cyber attacks and achieve compliance with internal policies
`and external regulations. Our cloud solutions address the growing security and compliance complexities and risks that are amplified by the
`dissolving boundaries between internal and external IT infrastructures and web environments. the rapid adoption of cloud computing and the
`proliferation of geographically dispersed IT assets. Our integrated suite of security and compliance solutions delivered on our QualysGuard Cloud
`Platform enable our customers to identify their IT assets. collect and analyze large amounts of IT security data. discover and prioritize
`vulnerabilities. recommend remediation actions and verify the implementation of such actions. Organizations use our integrated suite of solutions
`delivered on our QualysGuard Cloud Platform to cost-effectively obtain a unified view of their security and compliance posture across globally-
`distributed IT infrastructures.
`
`IT infrastnictures are more complex and globally-distributed today than ever before, as organizations of all sizes increasingly rely upon
`myriad interconnected information systems and related IT assets. such as servers. databases. web applications, routers. switches. desktops.
`laptops. other physical and virtual infrasthcture. and numerous external networks and cloud services. In this environment. new and evolving
`technologies intended to improve organizations‘ operations can also increase vulnerability to cyber attacks. which can expose sensitive data,
`damage IT and physical infrastructures. and result in serious financial or reputational consequences. In addition, the rapidly increasing amount of
`data and devices in IT environments makes it more difficult to identify and remediate vulnerabilities in a timely manner. The predominant approach
`to IT security has been to implement multiple disparate security products that can be costly and difficult to deploy. integrate and manage and may
`not adequately protect organizations. As a result. we believe there is a large and growing opportunity for comprehensive cloud security and
`compliance solutions.
`
`We designed our QualysGuard Cloud Platform to transform the way organizations secure and protect their IT infrasthctures and applications.
`Our cloud platform offers an integrated suite of solutions that automates the lifecycle of asset discovery. security assessments, and compliance
`management for an organization's IT infrastructure and assets. whether they reside inside the organization. on their network perimeter or in the
`cloud. Since inception, our solutions have been designed to be delivered through the cloud and to be easily and rapidly deployed on a global scale
`across a broad range of industries. enabling faster implementation and lower total cost of ownership than traditional on-premise enterprise software
`products. Our customers, ranging from some of the largest organizations to small businesses, are all served from our globally-distributed cloud
`platform. enabling us to rapidly deliver new solutions. enhancements and security updates.
`
`We were founded and incorporated in December 1999 with a vision of transforming the way organizations secure and protect their IT
`infrastructure and applications and initially launched our first cloud solution. QualysGuard Vulnerabiiity Management. in 2000. This solution has
`provided the substantial majority of our revenues to date. representing 31%.. 90% and 92% of total revenues in 2012. 2011 and 2010. respectively.
`As this solution gained acceptance. we introduced new solutions to help customers manage increasing IT security and compliance requirements.
`In 2006. we added our PCI Compliance solution. and in 2008. we added our Policy Compliance solution. In 2009, we broadened the scope of our
`cloud services by adding Web Application Scanning. We continued our expansion in 2010. launching Malware Detection Service and Qualys
`SECURE Seal for automated protection of websites. On September 28. 2012. our common stock commenced trading on the NASDAQ Stock
`Market under the trading symbol "QLYS." and on October 3, 2012 we closed our initial public offering.
`
`We provide our solutions through a software—as—aservice model. primarily with renewable annual subscriptions. These subscriptions require
`customers to pay a fee in order to access our cloud solutions. We invoice our customers for the entire subscription amount at the start of the
`subscription term. and the invoiced amounts are treated as deferred revenues and are recognized ratably over the term of each subscription.
`Historically. we have experienced significant revenue growth from existing customers as they renew and purchase additional subscriptions.
`Revenues from customers existing at or prior to December 31. 2011 grew $7.8 million to $84.0 million during 2012. We expect this trend to
`continue.
`
`QUALYSOOO3002‘I
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 7 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 7 of 99
`
`[sale of Contents
`
`Our QualysGuard Cloud Platform is currently used by over 6.150 organizations in more than 100 countries. including a majority of each of the
`Forbes Global 100 and Fortune 100. Our revenues increased from $65.4 million in 2010 to $6.2 million in 2011. and reached $91.4 million in 2012.
`We generated net income of $0.8 million in 2010. $2.0 million in 2011, and $2.3 million in 2012. Total assets as of December 31, 2012 and 2011
`were $170.3 million and $68.8 million. respectively.
`
`Our Growth Strategy
`We intend to leverage our innovation and extensive expertise to strengthen our leadership position as a trusted provider of cloud security and
`compliance solutions. The key elements of our growth strategy are:
`-
`Continue to innovate and enhance our cioud piati‘onn and suite of soiutr‘ons. We intend to continue to make significant
`investments in research and development to extend our cloud platform's functionality by developing new security solutions and further
`enhancing our existing suite of solutions. In 2012. we introduced several new solutions on our platform. including our Web Application
`Scanning and Zero-Day Risk Analyzer, and have additional solutions under development.
`
`-
`
`.
`
`.
`
`.
`
`Expand the use of our suite of soiutions by our iarge and diverse customer base. With more than 6,150 customers across many
`industries and geographies. we believe we have a significant opportunity to sell additional solutions to our customers and expand their use
`of our suite of solutions. Since the majority of our customers initially deploy only one of our solutions and in select parts of their IT
`infrastructures our existing customers serve as a strong source of new sales. In this regard, we have significantly expanded our sales
`execution and marketing functions to increase adoption of our newly developed solutions among our existing customers.
`
`Drive new customer growth. We are pursuing new customers by targeting key accounts and expanding our sales and marketing
`organization and network of channel partners. We will continue to seek to make significant investments to encourage organizations to
`replace their existing security products with our cloud solutions.
`
`Broaden our giobai reach. We intend to expand our relationships with key security consulting organizations, managed security service
`providers and value added resellers to accelerate the adoption of our cloud platform. We seek to strengthen existing relationships as well
`as establish new relationships to increase the distribution and market awareness of our cloud platform and target new geographic regions.
`
`Selectively pursue technoiogy acquisitions to boister our capabiiities and ieadership position. We may explore acquisitions that
`are complementary to and can expand the functionality of our cloud platform. We may also seek to acquire technology teams to
`supplement our own team and increase the breadth of our cloud security and compliance solutions.
`
`Our Platform
`
`Our QualysGuard Cloud Platform consists of a suite of IT security and compliance solutions that leverage our shared and extensible core
`services and our highly scalable multi-tenant cloud infrastructure.
`
`Our suite of solutions provides security intelligence by automating the life cycle of IT asset discovery. security assessment and compliance
`management. Our core services layer provides a set of advanced shared technologies that are leveraged by our suite of security and compliance
`solutions, which we refer to as our Core Services.
`
`Built on our cloud platform infrastructure, our Core Services provide an integrated framework with proprietary functionalities that act as
`building blocks to enable efficient and scalable delivery of our customer—facing cloud solutions. Our cloud platform‘s infrastructure includes
`integrated services that deliver a highly automated and scalable scanning inirastmcture capable of scanning IT systems and web applications.
`inside and outside corporate firewalls.
`
`The Core Services and infrastructure layers of our cloud platform deliver benefits to our entire suite of security and compliance solutions,
`including:
`
`.
`
`-
`
`Dynamic and interactive user interfaces with configurable report templates to present scan data with a wide range of presentation options
`to match a customer’s needs;
`
`Fast searching of several extensive QualysGuard data sets, including scan results. asset data. scan profiles, users and vulnerabilities:
`
`5
`
`QUALYSOOO30022
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 8 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 8 of 99
`
`[able gf antents
`
`. Asset management technology for hierarchical asset categorization 'via dynamic tagging and role-based customer access management;
`and
`
`.
`
`Distributed scanning platform for global cloud-based environments.
`
`We also provide open application program interfaces. or APIs. and other developer tools that allow third parties to embed our technology into
`their solutions and build applications on our cloud platform.
`
`QuaiysGuard Cloud Suite
`Our suite of solutions, which we refer to as the QualysGuard Cloud Suite. currently includes six solutions: Vulnerability Management. Web
`Application Scanning, Malware Detection Service. Policy Compliance. PCI Compliance and Qualys SECURE Seal. This integrated set of cloud
`solutions enables organizations to:
`
`.
`
`Discover and catalogue information assets inside the organization. on the perimeter, or in the cloud;
`-
`. Manage assets on an ongoing basis to establish a trusted repository for IT system configurations and to maintain hierarchical
`relationships between them:
`Design policies to establish a secure and compliant IT infrasthcture and automate ongoing security and compliance assessments of IT
`systems and applications in accordance with best practices;
`Proactively identify and help flit vulnerabilities to mitigate security risks and achieve compliance:
`.
`- Monitor and measure security and compliance through a unified user interface; and
`.
`Distribute security and compliance reports tailored to differing customer needs. including management personnel, auditors and security
`professionals.
`
`Our customers can subscribe to one or more of our security and compliance solutions based on their initial needs and expand their
`subscriptions over time to new areas within their organization or to additional QualysGuard solutions. We offer two editions of our QualysGuard
`Cloud Suite. the Enterprise edition for large and medium-sized enterprises and the Express edition for small and medium-sized businesses.
`QualysGuard Cloud Suite solutions are described below.
`
`OualysGuard Vulnerability Management
`QualysGuard Vulnerability Management. or QualysGuand ‘thr is an industry leading and award-winning solution that automates network
`auditing and vulnerability management across an organization. including network discovery and mapping, asset management. vulnerability
`reporting. and remediation tracking. Driven by our comprehensive KnowledgeBase of known vulnerabilities. QualysGuard VM enables cost-
`efiective protection against vulnerabilities without substantial resource deployment.
`
`QuaiysGuard Policy Compliance
`
`QualysGuard Policy Compliance. or Qualys Guard PC. allows customers to analyze and collect configuration and access control information
`from their networked devices and web applications and automatically maps this information to intemal policies and external regulations in order to
`document compliance. QualysGuard PC is fully automated and helps reduce custorners' cost of compliance without requiring the use of software
`agents.
`
`OualysGuard PCI Compliance
`QualysGuard PCI Compliance. or OualysGuard PCI. provides organizations that store cardholder data a cost-effective and highly automated
`solution to verify and document compliance with PCI DSS. QuaiysGuard PCI allows merchants to complete the annual PCI Self-Assessment
`Questionnaire or SAQ. to perform vulnerability scanning for quarteny PCI audits and to meet the demands of PCI for web application security.
`
`QuelysGuard Web Application Scanning
`QualysGuard Web Application Scanning, or QualysGuard WAS. uses the scalability of our cloud platform to allow customers to discover.
`catalog and scan a large number of web applications. QualysGuard WAS scans and analyzes custom web applications and identifies
`vulnerabilities that threaten underlying databases or bypass access controls. These web applications are often the main attack vectors for cyber
`attackers.
`
`
`
`QUALYSOOO30023
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 9 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 9 of 99
`
`[able of antents
`
`QuaiysGuard Maiware Detection Service
`
`QualysGuard Malware Detection Service, or QualysGuard MDS, provides organizations with the ability to scan. identify and remove malware
`infections from their websites. QualysGuard MDS utilizes behavioral and static analysis to provide malware detection to organizations. It provides
`periodic scanning to monitor websites and delivers email alerts to notify customers of infections.
`
`Oueiys Guard Web Application Firewaii
`
`OualysGuard Web Application Firewall, or QualysGuard WAF, currently in beta testing, delivers enterprise~grade web application security
`without the costs, footprint, and complexity associated with appliancebased web application firewall solutions. It is designed to protect web
`applications from attack vectors by enhancing default web application configurations and virtual patching. QualysGuard WAF can improve website
`performance by reducing page load times and optimizing bandwidth.
`
`Quaiys SECURE Searr
`
`OualysGuard SECURE Seal helps organizations demonstrate to their onllne customers that they maintain a proactive security program. This
`solution includes scanning for the presence of malware, network and web application vulnerabilities and for SSL certificate validation. Websites
`that regularly perfon'n these security scans with no critical security issues detected can display a QualysG-uard SECURE Seal on their website to
`demonstrate to visitors that they are proactively securing their websites.
`
`QuaiysGuard Core Services
`
`-
`
`.
`
`-
`
`Our Core Services enable integrated workflows. management and real—time analysis and reporting across all of our IT security and
`compliance solutions. Our Core Services include:
`- Asset Tagging and Management.
`Enables customers to easily identify, categorize and manage large numbers of assets in highly
`dynamic IT environments and automates the process of inventory management and hierarchical organization of IT assets.
`Reporting and Dashboards.
`A highly configurable reporting engine that provides customers with reports and dashboards based on their
`roles and access privileges.
`A configurable workflow engine that enables customers to easily build questionnaires and capture
`Questionnaires and Collaboration.
`existing business processes and workflows to evaluate controls and gather evidence to validate and document compliance.
`Remediation end Worilrflow.
`An integrated workfiow engine that allowe customers to automatically generate helpdesir tickets for
`remediation and to manage compliance exceptions based on customer-defined policies enabling subsequent review, commentary.
`tracking and escalation. This engine automatically distributes remediation tasks to IT administrators upon scan completion. tracks
`remediation progress and closes cpen tickets once patches are applied and remediation is verified in subsequent scans.
`Big Date Correlation and Aneiytics Engine.
`Provides capabilities for indexing, searching and correlating large amounts of security and
`compliance date with other security incidents and third-party security intelligence data. Embedded worirzflows enable customers to quickly
`assess risk and access information for remediation. incident analysis and forensic investigations.
`Aierts and Notifications. Creates email notifications to alert customers of new vulnerabilities, malware infections. scan completion. open
`trouble tickets and system updates.
`
`'
`
`-
`
`QuaiysGuard Cloud infrastrucurre
`Our infrastructure layer, which we refer to as our lniras'tructure, includes the data, data processing capabilities. software and hardware
`infrastructure and infrastructure management capabilities that provide the foundation for our cloud platform and allow us to automatically scale our
`lnirastmcture and Core Services to scan millions of lF's. Each Infrastmcture service is described below:
`
`-
`
`Scaiabie Capacity. We have designed a modular and scalable infrastructure that leverages virtualization and cloud technologies. This
`allows our operations team to dynamically allocate additional capacity on-demand across our entire QualysGuarcl Cloud Platform to
`address the growth and scalability of our solutions.
`
`QUALYSOOO30024
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 10 of 99
`Case 4:18-cv-07229—YGR Document 100-4 Filed 09/04/20 Page 10 of 99
`
`[able gi‘ antents
`
`-
`
`°
`
`Built on top of our secure data storage model. this engine indexes petabytes of data and uses this
`Big Data Indexing and Storage.
`information in real~time to execute tags or rules to dynamically update IT assets‘ properties. which are used in various workfiows for
`scanning, reporting and remediation.
`OuaiysGuard Knowledge-Base. QualysGuard relies on our comprehensive repository. which we refer to as our KnowledgeBase. of known
`vulnerabilities and compliance controls for a wide range of devices. technologies and applications that powers our security and compliance
`scanning technology. We update our KnowledgeBase daily with signatures for new vulnerabilities. control checks. validated fixes and
`improvements.
`
`- Managed Scanner Appir’ances. As part of our cloud platform. we host and operate a large number of globally distributed physical scanner
`appliances that our customers use to scan their externally facing systems and web applications. To scan intemal IT assets. customers
`can also deploy our scanners. which are available on a subscription basis as physical appliances or downloadable virtual images, within
`their internal networks. Our scanner appliances self-update daily in a transparent manner using our automated and proprietary scan
`management technology. These scanner appliances allow us to scale our cloud platform to scan netvvorked devices and web applications
`across organizations networks around the world.
`
`Our Customers
`
`We market and sell our solutions to enterprises . govemment entities and to small and medium size businesses across a broad range of
`industries. including education, financial services, government. healthoare. insurance, manufacturing. media, retail. technology and utilities. As of
`December 31. 2012. we had over 6.150 customers in more than 100 countries, including a majority of each or" the Forbes Global 100 and Fortune
`100. In each of 2012. 2011 and 2010. no one customer accounted for more than 10% of our revenues. In 2012. 2011 and 2010. approximately
`68%. 67% and 67%. respectively. of our revenues were derived from customers in the United States. We sell our solutions to enterprises and
`government entities primarily through our field sales force and to small and medium-sized businesses through our inside sales force. We generate
`a significant portion of sales through our channel partners. including managed service providers. value-added resellers and consulting firms in the
`United States and intemationally.
`
`Sales and Marketing
`Sate-s
`
`We market and sell our IT security and compliance solutions to customers directly through our sales teams as well as indirectly through our
`network of channel partners.
`
`Our global sales force is organized into a field sales team. which focuses on enterprises. generally including organizations with more than
`4,000 employees. and an inside sales team. which focuses on small to medium businesses. which generally include organizations with less than
`4,000 employees. Both our field and inside sales teams are divided into three geographic regions. including the Americas: Europe, Middle East
`and Africa; and Asia-Pacific. We also further segment each of our sales teams into groups that focus on adding new customers or expanding
`relationships with existing customem.
`
`Our channel partners maintain relationships with their customers throughout the territories in which they operate and provide their customers
`with services and third«party solutions to help meet those customers‘ evolving security and compliance requirements. As such. these partners
`offer our IT security and compliance solutions in conjunction with one or more of their own products or services and act as a conduit through which
`we can connect with these prospective customers to offer our solutions. Our channel partners include security consulting organizations. managed
`service providers and resellers. such as Computacenter UK Ltd. Dell Inc.. FishNet Security. Inc. Insight Technologies. Inc.. Symantec
`Corporation and Verizon Communications Inc.
`
`QUALYSOOO3OOZ5
`
`

`

`Case 4:18-cv-07229-YGR Document 100-4 Filed 09/04/20 Page 11 of 99
`Case