Qualys CyberSecurity Asset Management (CSAM) Reviews

Name: Qualys CyberSecurity Asset Management (CSAM)
Brand: Qualys
Rating: 4.6 (14 reviews)

4.6 out of 5

14 reviews
100% willing to recommend

What is Qualys CyberSecurity Asset Management (CSAM)?

Qualys CyberSecurity Asset Management (CSAM) provides industry-leading coverage of the internal and external attack surface (EASM), along with comprehensive cyber risk assessment, natively-integrated with Qualys Vulnerability Management, Detection, and Response (VMDR).

Get the Qualys CyberSecurity Asset Management (CSAM) Buyer's Guide and find out what your peers are saying about Qualys CyberSecurity Asset Management (CSAM), Armis, Axonius and more!

Qualys CyberSecurity Asset Management (CSAM) is the #4 ranked solution in top Cyber Asset Attack Surface Management (CAASM) solutions, #5 ranked solution in top Attack Surface Management (ASM) solutions, #7 ranked solution in top Software Supply Chain Security solutions, #9 ranked solution in top Patch Management solutions, and #14 ranked solution in top Vulnerability Management solutions. PeerSpot users give Qualys CyberSecurity Asset Management (CSAM) an average rating of 9.2 out of 10. Based on the analysis of the 14 most recent Qualys CyberSecurity Asset Management (CSAM) reviews, the overall sentiment is positive, with a sentiment score of 7.9. (Among the highest in the category). Qualys CyberSecurity Asset Management (CSAM) is most commonly compared to Armis: Qualys CyberSecurity Asset Management (CSAM) vs Armis. Qualys CyberSecurity Asset Management (CSAM) is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.

Buyer's Guide

Qualys CyberSecurity Asset Management (CSAM)

November 2024

Get the report

Helped 816,406 peers since 2012

Featured reviews

Brad Mathis

Employee-Owner, Senior Consultant, Information Security at Keller Schroeder

The external attack surface management identified unexpected assets, suggesting some exist outside our known inventory. While these may not be directly managed by us, the process has brought valuable awareness to the fact that our core servers are externally hosted, prompting a review of similar situations. An external attack surface management scan revealed several outsourced name services, along with one unexpected third-party-linked IP. It's unclear if this was due to past consulting work or a registration error, but since it wasn't relevant to our company, it was easily excluded from future scans. The benefits of Qualys CyberSecurity Asset Management are immediate. We already had the cloud agents installed. They were already on all the servers and workstations. Once we upgraded from the VMDR included GAV (Global AssetView) to CSAM, it was no time before I could see the end-of-life, end-of-service software, and hardware. In addition to vulnerabilities, CSAM provides a better view of other risk factors, but VMDR is very powerful. VMDR was already seeing our limitations in hardening our vulnerabilities. CSAM enhanced our view by adding more visibility and insight into what we have. TruRisk scoring goes beyond traditional vulnerability scoring like CVSS to prioritize both vulnerabilities and assets based on real-world exploitability and industry targeting. This provides a clearer picture of our actual risk by considering factors like published exploits and what attackers are currently focusing on, allowing us to quickly identify critical issues and avoid wasting time on vulnerabilities with a high theoretical risk but low real-world threat. Qualys Cloud Agents can now be configured as passive sensors to discover all devices on our network in real-time, eliminating the requirement for separate virtual or physical passive sensor appliances. These cloud agent sensors monitor network broadcasts instead of egress traffic, and they can even designate a secondary sensor to take over if the primary becomes unavailable, ensuring continuous asset discovery and populating our CSAM platform with managed and unmanaged devices.

Read full review

Kakarla Saikrishna

Senior Cyber Security Analyst at a financial services firm with 10,001+ employees

Qualys CSAM improves my organization's asset posture by providing visibility on cybersecurity assets and streamlining asset management and inventory. It can detect every asset in our network. It is able to detect network devices such as switches, printers, and servers. However, it may provide information that is not useful, and sometimes, tagging might also be incorrect. We were able to realize its benefits within six months. It took us around two to three months to get a good understanding of it. We spent some time fine-tuning it based on our needs and understanding false positives. Overall, in about six months, we could properly see its benefits. Qualys CSAM helps me prioritize vulnerabilities through Qualys Vulnerability Score (QVS), which combines various threat and impact factors. It enables me to prioritize vulnerabilities based on the criticality and risk posed to my organization. This is beneficial for efficiently managing vulnerabilities. Qualys TruRisk Scoring helps prioritize vulnerabilities and assets. It helps understand what could be prioritized for further remediation and what could be kept on hold for some time based on the manpower availability and the needs of the business.

Read full review

Scott Frederick

Director of Vulnerability Management at a insurance company with 1,001-5,000 employees

Our favorite features are the tagging and the ability to quickly find assets in the portal. Additionally, I do like the fact that Qualys CSAM is integrated with the rest of our vulnerability scanning utilities. We use the full suite from Qualys. The fact that it is integrated makes it very easy to understand. It shares tagging information with VMDR. That is very nice. Qualys CSAM has discovered assets not previously covered by our vulnerability management program. Primarily, if we have assets without vulnerabilities, they become less visible, but Qualys CSAM alerts us to them because they have IP addresses and are attached to our network. It could discover everything from printers to servers to endpoints. It could discover UPSs, network devices, and across all operating systems. It discovers our security badge readers and digital signage. We have to feed that the IP address ranges, but beyond that, it finds everything in our internal network. We were able to realize its benefits within the first quarter of installing it. We did have to take some time to learn it and understand how to operationally leverage what it was telling us, but it was very quick. In addition to vulnerabilities, Qualys CSAM helps identify other risk factors to a degree. For instance, we can see if servers or assets have incorrect naming standards. We have our network segmented into development model, test, and production, and we have server naming standards that identify which management they should be in. If a production server has the naming standard of a development model server, we can find that. That is one area we have used it for. We are not fully using TruRisk, but we are using the Qualys detection score that is central to our corporate risk prioritization approach. It has completely replaced our homegrown one.

Read full review

Qualys CyberSecurity Asset Management (CSAM) mindshare

Product category:

As of November 2024, the mindshare of Qualys CyberSecurity Asset Management (CSAM) in the Cyber Asset Attack Surface Management (CAASM) category stands at 4.9%, up from 0.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Cyber Asset Attack Surface Management (CAASM)

Key learnings from peers

Last updated Nov 18, 2024

Valuable Features

Qualys CyberSecurity Asset Management offers valuable features such as real-time visibility into assets, end-of-life software insights, dynamic tagging, inventory management through cloud agents, and external attack surface management. It excels in asset discovery, vulnerability identification, and policy enforcement while providing integration with CMDB. Its management capabilities include discovering unmanaged assets and purging outdated servers. Users appreciate Qualys CSAM for its automated risk identification and efficient remediation capabilities, providing a comprehensive overview of cybersecurity posture.

"I would rate Qualys CyberSecurity Asset Management ten out of ten."
"We have had zero attacks since we enabled all the features in Qualys CSAM."
"The most valuable feature is the Management sensor, which helps identify gaps in policy agent availability, thereby improving agent utilization."

Room for Improvement

Qualys CSAM requires improvements in pricing, CMDB integration beyond ServiceNow, scan frequency configuration, report customization, efficient resource usage, and integration with other platforms. Users desire a simplified interface, enhanced asset tagging, and more intuitive customization. Reporting and export functionality need flexibility, while the system should manage cloud asset updates better. Dynamic tagging, comprehensive software mapping, and expanded learning resources are needed. Additionally, faster response times and improved vulnerability context would benefit users significantly.

"The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents."
"The scanning function could be improved."
"The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents."

ROI

Organizations experienced a substantial ROI from Qualys CSAM, observing approximately 95% returns. Labor costs reduced by $109,000 annually and it saved around 45% of time. Costs decreased by 35% and new contracts added $99,000. Security incidents reduced, improving business growth by 150%. Qualys CSAM provided clarity on security infrastructure, improved efficiency in vulnerability management, and decreased resource needs through automation.

Pricing

Qualys CyberSecurity Asset Management is perceived as both costly and competitively priced, depending on the organization size and needs. While some view it as expensive, especially as an add-on to VMDR, others appreciate its transparency and fair value. Larger enterprises with over 4,000 assets find the pricing suitable, whereas smaller organizations might find it less so. Flexible pricing options offer good value, with annual and monthly subscriptions available. Bundling with other services enhances its appeal.

"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."

Popular Use Cases

Organizations utilize Qualys CyberSecurity Asset Management for managing technical debt, improving asset tracking, and ensuring security posture. It identifies end-of-life software, zero-day vulnerabilities, and unauthorized software while providing detailed asset information. CSAM enhances visibility across endpoints, supports license management, and ensures compliance. By offering insights into network assets and vulnerabilities, it helps optimize patch management, reduces security risks, and enhances cyber defenses, thereby safeguarding digital assets and maintaining compliance with industry standards.

Service and Support

Qualys CyberSecurity Asset Management's support is praised for promptness and efficiency, especially with complex issues. Their technical team displays expertise and a willingness to help. Users benefit from quick responses, effective resolutions, and access to forums and documentation. While some experience delays due to multiple team redirections, technical account managers are commended for their responsiveness. Feedback mechanisms enhance interactions, contributing to an overall positive service experience with support rated highly by users.

Deployment

Users found Qualys CyberSecurity Asset Management's initial setup straightforward, especially when transitioning from VMDR. Existing VMDR users experienced minimal delays, while new implementations depended on team expertise. The process involved cloud agents and network teams, with Qualys handling maintenance. Documentation was crucial in addressing queries. Some experienced challenges with asset representation, but they appreciated the ease of installation and integration with VMDR. The transition to cloud was generally smooth, aided by timely support and informative resources.

Scalability

Qualys CyberSecurity Asset Management efficiently handles scalability, catering to environments from hundreds to thousands of endpoints. Users report successful deployment in various countries with different infrastructure sizes, ranging from multiple locations to vast asset management globally. It is highly rated for its capacity to manage extensive data and integrate seamlessly as businesses expand. Users consistently rate its scalability as exceptional, emphasizing its adaptability across diverse organizations.

Stability

Qualys CyberSecurity Asset Management is praised for its reliability with occasional synchronization hiccups after updates and infrequent query crashes. Many assign stability ratings between seven and nine out of ten, noting smooth operations even under large data loads. A few report slowness or disconnections, possibly due to network factors. Numerous users find the platform's consistent performance noteworthy, often receiving timely updates and notifications about enhancements and any potential downtimes.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Qualys CyberSecurity Asset Management (CSAM) Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

24%

Financial Services Firm

12%

Government

Retailer

Insurance Company

Non Profit

Manufacturing Company

Comms Service Provider

Real Estate/Law Firm

Healthcare Company

Educational Organization

Wholesaler/Distributor

Construction Company

Media Company

Pharma/Biotech Company

Energy/Utilities Company

Performing Arts

Leisure / Travel Company

Photography Company

Logistics Company

Legal Firm

Hospitality Company

Marketing Services Firm

Outsourcing Company

Compare Qualys CyberSecurity Asset Management (CSAM) with alternative products

Learn more about Qualys CyberSecurity Asset Management (CSAM)

CSAM solidifies attack surface coverage and turbocharges vulnerability management with:

Comprehensive discovery of IT, IoT/OT, and rogue assets, internet-facing assets from mergers and subsidiaries, and business context from third-party connectors
Risk factors such as EoL/EoS software, missing security controls, unsanctioned ports, and expired SSL certs to show the TruRisk of every asset
Bi-directional CMDB sync to push cyber risk context to IT’s source of truth and pull business context into your security program