Case Study: PhoneFactor, a phone-based authentication provider, achieves automated vulnerability management and stronger web application security with Qualys

PhoneFactor: Dials QualysGaurd for Automated Vulnerability Management

PhoneFactor, a Massachusetts-based provider of phone‑based two‑factor authentication (later acquired by Microsoft), faced growing complexity as its infrastructure expanded into hundreds of servers and multiple data centers. Manual, ad‑hoc vulnerability scans run by disparate teams could no longer provide a centralized, repeatable view of risk, and the company wanted automated assessments without opening risky firewall ports.

PhoneFactor deployed Qualys Vulnerability Management and Qualys Web Application Security to automate discovery, asset prioritization, vulnerability assessment, remediation tracking and web‑app scanning (OWASP Top Ten). The SaaS solution was easy to deploy, required no risky firewall changes, produced concise, actionable reports trusted by customers, and was integrated into QA—streamlining vulnerability management, strengthening its security posture, and exceeding expectations.

PhoneFactor

Chandra Sekhar Surapaneni

Director of Engineering