Qualys CyberSecurity Asset Management Reviews

Name: Qualys CyberSecurity Asset Management
Brand: Qualys
Rating: 4.6 (17 reviews)

4.6 out of 5

17 reviews
100% willing to recommend

What is Qualys CyberSecurity Asset Management?

Qualys CyberSecurity Asset Management provides advanced real-time asset visibility, dynamic tagging, and External Attack Surface Management. It streamlines asset discovery and management using cloud agents and IP-based scanning, enhancing risk management and software lifecycle tracking.

Get the Qualys CyberSecurity Asset Management Buyer's Guide and find out what your peers are saying about Qualys CyberSecurity Asset Management, Armis, Axonius and more!

Qualys CyberSecurity Asset Management is the #2 ranked solution in top Cyber Asset Attack Surface Management (CAASM) solutions, #4 ranked solution in top Attack Surface Management (ASM) solutions, #6 ranked solution in top Software Supply Chain Security solutions, #7 ranked solution in top Patch Management solutions, and #10 ranked solution in top Vulnerability Management solutions. PeerSpot users give Qualys CyberSecurity Asset Management an average rating of 9.2 out of 10. Qualys CyberSecurity Asset Management is most commonly compared to Armis: Qualys CyberSecurity Asset Management vs Armis. Qualys CyberSecurity Asset Management is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 24% of all views.

Buyer's Guide

Qualys CyberSecurity Asset Management

December 2024

Get the report

Helped 831,020 peers since 2012

Featured reviews

Revathi VeeraRaghavan

Senior Process Executive at Infosys

I like the EASM part because it provides visibility into unmanaged assets that are public-facing. Previously, we had to log in to Shodan and get the details. Instead of that, Qualys has an external scanner that scans the assets belonging to, for example, Infosys. We give the domain, subdomains, and any related subsidiaries in the configuration. Based on that, it scans the domain and gives correlated results with the public-facing IP and the internal IP used in Infosys for an asset. I can see both interfaces in EASM. I can see the software details for all the assets and any ports that are open on the assets.

Read full review

Scott Frederick

Director of Vulnerability Management at a insurance company with 1,001-5,000 employees

Our favorite features are the tagging and the ability to quickly find assets in the portal. Additionally, I do like the fact that Qualys CSAM is integrated with the rest of our vulnerability scanning utilities. We use the full suite from Qualys. The fact that it is integrated makes it very easy to understand. It shares tagging information with VMDR. That is very nice. Qualys CSAM has discovered assets not previously covered by our vulnerability management program. Primarily, if we have assets without vulnerabilities, they become less visible, but Qualys CSAM alerts us to them because they have IP addresses and are attached to our network. It could discover everything from printers to servers to endpoints. It could discover UPSs, network devices, and across all operating systems. It discovers our security badge readers and digital signage. We have to feed that the IP address ranges, but beyond that, it finds everything in our internal network. We were able to realize its benefits within the first quarter of installing it. We did have to take some time to learn it and understand how to operationally leverage what it was telling us, but it was very quick. In addition to vulnerabilities, Qualys CSAM helps identify other risk factors to a degree. For instance, we can see if servers or assets have incorrect naming standards. We have our network segmented into development model, test, and production, and we have server naming standards that identify which management they should be in. If a production server has the naming standard of a development model server, we can find that. That is one area we have used it for. We are not fully using TruRisk, but we are using the Qualys detection score that is central to our corporate risk prioritization approach. It has completely replaced our homegrown one.

Read full review

Curtis Nielson

Security Operations Manager at Solventum

Defense-in-depth is very important. There are many layers to a network. There are many layers to an operating system, and there are many layers to applications. It is essential to provide security, detection, and prevention at each one of those layers. To a colleague at another company who says they only need to add External Attack Surface Management to their vulnerability management detection/response program but they do not need the full depth of the CSAM offering, I would say that they are likely to get hacked. We do not use Qualys CSAM for the entire attack surface. We primarily use it for production deployments. Our entire attack surface, corporate-wise, is managed elsewhere. It is competitive. It is not the best that I have seen, but it is competitive. TruRisk Scoring helps prioritize vulnerabilities and assets, but we do not use it all that much. Our reporting requirements are tied to CVE rankings. While we sometimes take a look at it, we do not rely on it. We use the solution's CMDB Sync feature, but we use it more as a confirmation of an existing CMDB tool we have. I would rate Qualys CSAM an eight out of ten.

Read full review

Qualys CyberSecurity Asset Management mindshare

Product category:

As of January 2025, the mindshare of Qualys CyberSecurity Asset Management in the Cyber Asset Attack Surface Management (CAASM) category stands at 5.8%, up from 1.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Cyber Asset Attack Surface Management (CAASM)

PeerAnalyst reports

Type	Title	Date
Category	Cyber Asset Attack Surface Management (CAASM)	Jan 17, 2025	Download
Product	Reviews, tips, and advice from real users	Jan 17, 2025	Download
Comparison	Qualys CyberSecurity Asset Management vs Axonius	Jan 17, 2025	Download
Comparison	Qualys CyberSecurity Asset Management vs Armis	Jan 17, 2025	Download
Comparison	Qualys CyberSecurity Asset Management vs JumpCloud	Jan 17, 2025	Download

Title	Rating	Mindshare	Recommending
Armis	4.1	25.2%	85%	7 interviews Add to research
Axonius	4.3	37.3%	100%	6 interviews Add to research

Valuable Features

Qualys CyberSecurity Asset Management excels in real-time visibility, asset discovery, and end-of-life insights. It handles inventory management, dynamic tagging, asset purge rules, and integrates seamlessly with vulnerability tools. External attack surface management and IoT discovery provide comprehensive view of assets. Automated vulnerability scanning enhances security posture by identifying risks. Users benefit from tagging features, unauthorized software management, and efficient risk mitigation, leveraging cloud agents and passive sensors for continuous monitoring across networks.

"I would rate the Qualys CSAM a ten out of ten for its overall performance."
"The most valuable features of Qualys CSAM include the ability to manage authorized and unauthorized applications efficiently. This feature helps in validating applications and maintaining a secure environment."
"I would rate Qualys CSAM a ten out of ten."

Room for Improvement

Qualys CyberSecurity Asset Management needs improvement in CMDB integration, cost-effectiveness, and report customization. Users find the interface complex and the scanning function limited. Enhancements are required for asset tagging, role-based access control, and integration capabilities. Users report high CPU usage and difficulties with cloud auto-scaling. Software composition analysis and learning resources should be expanded. Improvements in EASM scan frequency, dynamic tagging, and vulnerability context are also needed for better functionality and user experience.

"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management."
"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."
"They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword."

ROI

Qualys CyberSecurity Asset Management improved efficiency by saving time and resources, reducing tagging efforts, and automating tasks. It achieved a 95% return on investment by cutting costs by 35%, decreasing labor expenses by $109,000 annually, and supporting business growth of 150%. Enhanced security infrastructure provided comprehensive visibility, minimized security incidents, and built client trust, resulting in $99,000 from new contracts. Reductions in development, configuration, and maintenance streamlined management, allowing fewer personnel to oversee the system.

Pricing

Qualys CyberSecurity Asset Management's pricing is perceived as fair and transparent, offering good value, particularly for large organizations with over 4,000 assets. The cost can be high for smaller companies, leading some to seek lower entry points or tailored packages. Bundling with VMDR enhances its attractiveness. Users appreciate its flexible pricing model, though it remains an investment-heavy solution. Subscriptions start at approximately $1,000 annually or $72 monthly, depending on the package and features.

"The pricing for Qualys CSAM is nominal."
"The pricing is market-competitive."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."

Popular Use Cases

Organizations utilize Qualys CyberSecurity Asset Management to manage technical debt and enhance visibility into IT assets. It identifies end-of-life software, tracks hardware and software assets, categorizes them, and manages zero-day vulnerabilities. By offering comprehensive asset details, it aids in vulnerability management and policy compliance while safeguarding development environments against potential threats. Users benefit from enhanced asset tracking, real-time insights, automated security patches, and detailed reports for improved security posture and compliance.

Service and Support

Qualys CyberSecurity Asset Management receives high marks for customer service and support. Users praise the team's responsiveness, providing prompt assistance, thorough documentation, and access to community forums. A Technical Account Manager often ensures resolution efficiency. Although complex issues may experience minor delays, most users find the team knowledgeable and helpful. Feedback channels and governance calls enhance support quality, leading to consistent satisfaction. Instances of multiple redirections are occasionally noted but generally manageable.

Deployment

Qualys CyberSecurity Asset Management's initial deployment is mostly straightforward, especially for those already using VMDR, with swift activation upon acquiring a license. Experienced teams find it efficient, although network complexities require the right personnel. Cloud-based setups offer quick integrations and limited ongoing maintenance. Some users highlight initial challenges like tagging but appreciate support. Deployments occur swiftly, often within days, thanks to cloud agents and Qualys support.

Scalability

Qualys CyberSecurity Asset Management demonstrates effective scaling across various environments, from small to large with tens of thousands of devices. Users commend its ability to integrate seamlessly, manage significant asset volumes, and operate efficiently across multiple geographical locations. While some mention the necessity for proper sizing, the service is praised for its adaptability and robust handling of a wide range of data, earning it high ratings in scalability.

Stability

Qualys CyberSecurity Asset Management exhibits high stability, with most users rating it between 7.5 to 10 out of 10. Occasional issues include syncing after updates, query crashes, and network slowness. Users appreciate its reliability, noting 100% uptime and no major problems. Some cases require support intervention or updates, but generally, the system handles data effectively and functions smoothly. Notifications and release additions continue to impress, making it a stable cybersecurity choice.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Qualys CyberSecurity Asset Management Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

24%

Financial Services Firm

14%

Government

10%

Retailer

Insurance Company

Manufacturing Company

Non Profit

Real Estate/Law Firm

Comms Service Provider

Healthcare Company

Educational Organization

Wholesaler/Distributor

Construction Company

Media Company

Pharma/Biotech Company

University

Energy/Utilities Company

Performing Arts

Photography Company

Mining And Metals Company

Legal Firm

Hospitality Company

Leisure / Travel Company

Logistics Company

Marketing Services Firm

Outsourcing Company

Compare Qualys CyberSecurity Asset Management with alternative products

Learn more about Qualys CyberSecurity Asset Management

Qualys CyberSecurity Asset Management offers a comprehensive solution for managing asset inventories and tracking software lifecycle states. It facilitates network visibility and supports zero-day vulnerability solutions, enhancing security posture through efficient monitoring. Users benefit from its cloud-based interface, which provides in-depth asset configurations and insights. Key features include automated vulnerability scanning and unauthorized software management, reducing manual efforts. The platform also emphasizes the importance of timely remediation and ongoing risk mitigation across multiple environments. Despite its strengths, users note the need for enhanced integration with additional CMDBs beyond ServiceNow, as well as cost efficiency improvements. Requests also include better report customization, more scan control, and a simplified UI.

What are the key features of Qualys CyberSecurity Asset Management?

Real-time Visibility: Offers continuous insight into asset status and condition.
Dynamic Tagging: Allows for flexible organization and assessment of assets.
External Attack Surface Management: Identifies potential threats from external sources.
Automated Vulnerability Scanning: Reduces manual scanning efforts and identifies vulnerabilities instantly.
Unauthorized Software Management: Detects and manages software not approved for use.
Asset Purge Rule: Automates the removal of obsolete assets from the inventory.

What benefits should users look for in reviews?

Enhanced Security Posture: Gains stronger defense through effective asset monitoring.
Efficient Risk Management: Identifies threats quickly, enabling timely resolutions.
Improved Compliance: Assists in meeting industry standards and regulations.
Reduced Manual Effort: Automates repetitive tasks, saving time and resources.
Comprehensive Insight: Provides detailed data for informed decision making.

In industries like finance, healthcare, and manufacturing, Qualys CyberSecurity Asset Management enhances asset control by offering visibility into hardware and software configurations. It aids in maintaining security compliance and identifying unauthorized software, crucial for sectors with strict regulatory requirements.