Getting a grip on security shortcomings is no easy task, but it's a key way for organizations to improve their security postures. One vendor providing an array of such tools is Qualys, which sells security scanning tools as well as products to help enterprises audit and protect their networks.

In a video interview with eSecurityPlanet, Qualys CTO, Wolfgang Kandek outlines his firm's current approaches to security and provides some direction on future innovations that are in the pipeline.

Qualys now has a Web application firewall (WAF) technology in the market that is based on the open-source IronBee project. Qualys security researcher Ivan Ristic started the IronBee effort back in 2011.

The Qualys WAF is currently only available as a virtual appliance that runs on VMware ESX or on Amazon's EC2. The plan is to have a physical appliance available by the end of the year.

"The WAF is our first protective product, Kandek said, noting that Qualys' other technologies are used to find security holes in systems.

Qualys is also widely used by security professionals who want to determine how secure SSL certificates are on a given site. Qualys runs the SSL Pulse free service, which provides a score on the relative security offered by an SSL implementation.

Kandek noted that Qualys now also has a Top 4 Security Controls scanning service that lets users easily scan their systems from known issues and provide a score.

"Scoring and comparing the score has been shown to be the most effective way to improve security," Kandek said.

Watch the full video interview with Wolfgang Kandek, CTO of Qualys, below:

Sean Michael Kerner is a senior editor at eSecurityPlanet and Follow him on Twitter @TechJournalist.