Qualys CyberSecurity Asset Management (CSAM) Reviews

Qualys CyberSecurity Asset Management serves multiple purposes. It provides comprehensive asset details, including serial numbers, UALs, UASs, and DTLSs, which are crucial for tracking updates and configurations. We can access detailed information like BIOS UI and installed software, enabling us to identify authorized, unauthorized, and missing applications. This comprehensive approach to asset management ensures that we have a clear understanding of our IT environment.

Qualys is a vulnerability management tool that utilizes agent scans to gather in-depth information about assets. This data includes details like installed software, their versions, and locations, which can be used for various purposes such as asset inventory, identifying end-of-life software, or tracking specific applications. By downloading this information in list format, Qualys helps address a range of asset management and security needs.

We use Qualys CyberSecurity Asset Management to manage our entire external attack surface. We've integrated our primary domain and all its subdomains into EASM, leveraging its full functionality. This integration allows us to gather crucial data. While we utilize existing features, we anticipate a new filter that will reduce noise from agent-based scans. This will help us identify vulnerabilities in any external-facing assets with public IPs and exposed ports. By pinpointing these vulnerabilities, we gain a clearer understanding of our infrastructure's security posture from an external perspective.

Some of the assets discovered by EASM include IP addresses, DNS lookups associated with those IPs, and the corresponding domain. EASM captures information based on the integrated ESAM profile. If an agent is already present, EASM merges the scan information with the agent data, and an ESAM symbol indicates this source. In addition to cloud-based assets, EASM also identifies on-premise assets with publicly exposed IPs.

Customers using Qualys CyberSecurity Asset Management for organizational purposes and formal reporting can submit requests to management, whether related to administrative or organizational perspectives. These requests are reviewed with consideration for their potential benefit to other Qualys customers. Therefore, any enhancements or requests made for our organization are also considered by the vendor providing the solution.

Qualys provides risk and threat intelligence monitoring with a built-in prioritization mechanism. This mechanism helps us prioritize exposed risk factors, such as vulnerabilities with varying levels of severity, low, ongoing, or emerging. The system monitors these vulnerabilities and allows for prioritized support. Additionally, the Qualys score increases based on the risk factor, ensuring that users are notified of critical vulnerabilities.

Qualys' TrueRisk scoring helps prioritize vulnerabilities in assets by considering multiple factors. These factors include asset criticality, which is determined by the asset's importance, e.g., critical server vs. UAT server and can be customized through tagging mechanisms. The scoring also incorporates Qualys' QDS code, vulnerability severity, and the presence of unpatched software. Additionally, factors like public IP exposure and the potential impact of even low-critical vulnerabilities are evaluated. By combining these elements, Qualys provides a comprehensive TrueRisk score that accurately reflects the overall risk posed by each asset.

Qualys Cybersecurity Asset Management utilizes deployed cloud agents as passive sensors, enabling real-time detection of network-connected assets. This functionality identified numerous devices sharing identical multicast or broadcast IP addresses and revealed asset details like hostname, IP address, MAC address, and operating system, contingent on protocol availability, e.g., DNS.

My favorite feature of Qualys CyberSecurity Asset Management is its ability to target missing software. Instead of applying the tool to all assets, we can tag specific groups of assets that require a certain application. This allows us to generate a QQL query to identify any assets missing from the software. By correlating this with QDS scores, we can accurately assess the risk level of high or low QDS scores associated with each asset and monitor them accordingly.

Qualys could improve by enhancing its dynamic tagging and role-based access control features, and by refining its user interface for a more intuitive and efficient user experience.

Qualys is currently not able to identify assets lacking DNS information. Collaboration with Qualys is underway to explore alternative protocols for hostname identification and enhance asset visibility.

I have been using Qualys CyberSecurity Asset Management for two years.

This platform demonstrates excellent stability with consistent 100 percent uptime and no glitches observed. Qualys CyberSecurity Asset Management is a reliable and stable choice.

I would rate the scalability of Qualys CyberSecurity Asset Management a nine point five out of ten.

We receive excellent technical support from Qualys, characterized by quick response times and the dedicated assistance of a Technical Account Manager who ensures the prompt resolution of critical issues.

Positive

The initial deployment of Qualys CyberSecurity Asset Management is straightforward.

I would rate Qualys CyberSecurity Asset Management ten out of ten.

We have Qualys Cybersecurity Asset Management deployed in multiple locations on various operating systems in a large scale environment.

I recommend Qualys Cybersecurity Asset Management due to its superior asset information collection capabilities, including comprehensive hardware and software inventorying. CSAM is continuously updated to encompass new technologies like GPUs and provides increased stability with reduced network noise. These ongoing enhancements make CSAM the optimal choice for effective asset management.

I suggest going for a full package that includes both external attack surface management and CyberSecurity Asset Management. The combination offers comprehensive protection and asset management.

Qualys Cybersecurity Asset Management provides complete visibility of network assets, identifies vulnerable software, and helps prioritize them based on criticality. This facilitates effective patch management, offering valuable insights and reducing the attack surface.

To enhance network efficiency and minimize our vulnerability to cyberattacks, we have adopted Qualys Cybersecurity Asset Management.

The primary purpose of the external attack surface management is to provide clear insight into the data and infrastructure assets exposed to the internet. Qualys Cybersecurity Asset Management offers detailed information about these exposed assets, including websites, authentication methods, and MFA implementation. By considering all relevant risk factors, it provides a clear picture of vulnerabilities and prioritizes remediation efforts, enabling proactive risk mitigation. It also frequently scans our environment to re-evaluate the risk factors.

Qualys CyberSecurity Asset Management has helped to improve the organization's security posture significantly. It lets us confidently communicate with clients by showcasing a better security posture. We can evaluate and compare our security scores against vendor scores when onboarding vendors, enhancing understanding and transparency about our security landscape.

Qualys TruRisk scoring helps us prioritize vulnerabilities and identify the number of assets in our environment with a high-risk score.

Cybersecurity Asset Management's CMDB sync feature reduces our mean time to remediate from our three-day service level agreement to just 12 hours.

Qualys CyberSecurity Asset Management offers valuable features such as continuous vendor support, rapid response times, dedicated vendor partnerships, and advanced technical capabilities for risk identification. Moreover, it provides insightful suggestions for effective and efficient risk mitigation.

Further research and development are needed to enhance integration with other cloud agents and products, particularly improving communication with external products and vendors. Additionally, platform upgrades have presented challenges with slowness and other difficulties.

I have been using the solution for six years.

The stability rating for Qualys Cybersecurity Asset Management is six out of ten. This is mainly due to some disconnections and slowness issues, likely because we have integrated a large volume of machines.

The scalability of Qualys Cybersecurity Asset Management is rated nine out of ten.

The support is generally good, offering pre-communication for updates and providing training for analysts.

Neutral

The initial setup involved collaborating with the vendor on the proof of concept, configuration, and fine-tuning. This process presented some initial challenges, but once we gained a deeper understanding of the backend systems, it became straightforward.

The deployment spanned six to eight months.

Around ten people were involved in the deployment process.

Qualys CyberSecurity Asset Management has definitely saved time and resources, particularly from a security management perspective. By automating tasks, it significantly reduces the human resources required, leading to increased efficiency and productivity.

We have evaluated other products, including Trend Micro and Microsoft solutions. However, Qualys stands out in quickly identifying vulnerabilities and gaps within our network.

I would rate Qualys CyberSecurity Asset Management seven out of ten. To improve the rating, Qualys must address the issues of lagging and updating.

Our Qualys CyberSecurity Asset Management platform currently has three administrators and 12 end-users.

Qualys Cybersecurity Asset Management requires regular maintenance, including license renewals and software updates.

Qualys Cybersecurity Asset Management is centrally deployed and can be used in multiple locations.

The initial implementation of Qualys CyberSecurity Asset Management was protracted, taking two to three years to realize its benefits fully. This delay was attributed to the extensive time spent on the proof of concept, configuration, and subsequent fine-tuning to address the initial difficulties encountered.

We primarily use Qualys CyberSecurity Asset Management for zero-day vulnerabilities. Essentially, this is one of the critical aspects we maintain. The main point is that within Qualys, we receive solutions based on the criticality of the issue. Assuming it's a zero-day vulnerability, we have fixes that provide extensive information on addressing these issues.

I would rate Qualys ability to cover the entire attack surface a nine out of ten.

Previously, we used Tenable as our preferred tool but switched to Qualys for the cost-effectiveness. However, upon switching to Qualys, our primary concern was ensuring the seamless deployment of agents across our infrastructure. Fortunately, Qualys agents proved to be remarkably lightweight. Additionally, Qualys excels in network security, allowing us to identify vulnerabilities, track SSL and TSL certificates, and monitor their expiration dates. Qualys also offers robust password management capabilities, surpassing Tenable in this regard. Moreover, Qualys' reporting functionality is unparalleled, outperforming competitors like Tenable and other tools in the market.

Qualys identifies all risk factors for our assets. For example, assigning a globally traceable computer name or using easily compromised passwords can create vulnerabilities. Qualys provides immediate alerts if any compromise occurs in our environment, highlighting specific loopholes. Consider a scenario where a programmer in a testing environment uses a simple password instead of a complex one. Hackers can easily exploit this, and Qualys will immediately identify the issue, generate a report pinpointing the responsible individual, and notify us. This real-time identification and reporting capability surpasses traditional PAM solutions, allowing for swift remediation of potentially exploitable changes.

We use the risk scoring to prioritize the issues by criticality.

We use Qualys to convert deployed cloud agents into passive sensors for VM ESX. Whenever new servers or network devices are added, Qualys immediately detects them and flags them as unregistered assets on the network. Based on this information, other teams often reach out to us to onboard or install an agent for enhanced visibility and management within Qualys.

The most valuable aspect we receive from Qualys is the remediation. It provides detailed solutions in a user-friendly manner that our IT team finds easy to understand.

After exporting the reports, we used to receive them in CSV format. The most important aspect of these reports is their customization. While the reports are already good, they have the potential to be even better, which is what I expect. Additionally, the agent's processing speed and CPU utilization should be improved significantly. Currently, whenever the agent is running, it consumes over ten percent of my CPU, indicating that CPU consumption is another area Qualys needs to address.

The cost aspect of Qualys is an area of improvement.

I have been using Qualys CyberSecurity Asset Management for almost seven years.

I would rate Qualys' stability a seven and a half out of ten. Occasionally, there's slowness from an agent or potentially a network issue on our end when pushing data to the core server. This can cause slight delays, depending on the environment.

I would rate the scalability of Qualys ten out of ten.

The technical support is a major advantage of using Qualys. Whenever we encountered any difficulties with generating or scanning, they were quick to assist us.

Positive

We previously used Tenable but switched to Qualys primarily because of CPU utilization. Qualys also offers solutions that are much easier to use compared to Tenable, which simplifies our workflow. Although I'm unsure how Qualys delivers their solutions, it significantly improves our experience. This ease of use was the main factor in our decision to switch from Tenable to Qualys. Even though Tenable's results were very accurate, Qualys provided easier remediation solutions. Additionally, Qualys' security and detection timing were also favorable factors in our decision.

I strongly prefer Qualys over Tenable. I'm a huge fan of Qualys, and I believe people should recognize its capabilities.

The deployment in our environment was straightforward. The deployment took one week for over 4,000 servers. One person was enough for the deployment.

In a testing environment without the usual deployment setup, we might deploy hundreds of servers for testing. At that time, we lacked other tools and had to individually dump data and run scripts due to credentials and other factors. Domain-based environments linked through Azure are easier, but workgroups that don't communicate with public or private networks are more challenging. Fortunately, most of our machines were domain-related, simplifying Qualys deployment.

The cost for Qualys CyberSecurity Asset Management is high.

I would rate Qualys CyberSecurity Asset Management nine out of ten.

No maintenance is required from our end other than managing our database.

I recommend running Qualys in a test environment first before deploying it to production. This process is simpler in an agentless environment.

I use Qualys CSAM to gain better visibility into all my endpoints. It is easier to find devices through Qualys CSAM rather than using our other asset inventories, as it gives me access to a single pane of glass.

Qualys CSAM helps manage external attack surfaces. I get daily emails about our external endpoints and potential vulnerabilities or ports that can be used for attacks. We work on securing them or hardening their configurations.

We do not have a lot of external-facing assets, but it gives us everything that we need to know. We have a developers team that works on the web pages on our new domain. Recently, they entered a new subdomain. Qualys CSAM found that and reported it as vulnerable because of the certificates. I reported that to upper management, and it is now taken care of.

Qualys CSAM's risk tools prioritize risks. Qualys CSAM in conjunction with patch management and vulnerability management helps to mitigate those vulnerabilities.

There is a good logic behind TruRisk. When we add things, we can rely on it. That is what is going to be important.

We have a network passive sensor. Some of our endpoints are work-from-home stations, and some of them are in the office. The network passive sensor finds everything that is connected to the office, and then it merges with the cloud agent.

Qualys CSAM is valuable for providing end-of-life and end-of-sale information. It gives me visibility into the number of products or hardware items that are end-of-life. This is a beneficial feature. I like that about it. That is a very good thing.

Qualys CSAM is not super responsive, and there can be delays sometimes, especially with the network passive sensor. You might see duplicate objects which eventually disappear but it takes time. If that can be done faster, it will be great.

I have been using Qualys CSAM for approximately one and a half years.

Qualys CSAM appears to be scalable. We do not have a lot of endpoints, but I know of a company with 60,000 endpoints. They seem to be doing fine. We have 500 to 600 endpoints, and it is working well.

Most of the time, they are fast. We submitted some bugs, and they seem to have been resolved.

Positive

I used Manage Engine before. It is not very similar, but it can give you some details about the endpoints, such as if they are end-of-life. They also pull the database from somewhere to compare our hardware or software, but Qualys CSAM gives a lot more information than that product. Qualys CSAM does a lot more.

Its deployment is modular. Everything that we have is in the cloud. The cloud agent is installed on the endpoint, and there we have everything. The cloud agent collects all the information, drops it into the cloud, and syncs it in the database. Patch management and vulnerability management all do their work together.

The initial setup was seamless. It is at their back end. We paid for it, and they just turned it on. We saw results immediately once the module was turned on. Things in the cloud are done faster than on-prem, and this is not an on-prem solution. It is a cloud solution.

Its maintenance is taken care of by Qualys. We get the product 100% working and operational. We only have to work on the information in it. If we see something wrong, we try to do something. If it is easily fixable, we do it. If it is not, we get support.

When I went to a Qualys conference, I understood the value of it, and I asked our management to get hold of it and purchase it. We were able to realize its benefits immediately.

To a colleague at another company who says they only need to add External Attack Surface Management to their vulnerability management detection/response program but they don’t need the full depth of the CSAM offering, I would recommend going for the whole CSAM. Only the external attack service management will not be enough. If they have visibility into their external stuff, they should also have visibility into their internal stuff. Otherwise, they will only see the external stuff. They will not see how it links to internal stuff in terms of hardware, IP, and port.

New users need to spend a lot of time in order to understand it well. My advice would be to try searching, finding assets, and uploading tags to get accustomed to it.

I would rate Qualys CSAM a ten out of ten. It is a great product.

Our primary tool for asset inventory is Qualys CyberSecurity Asset Management, which our software asset management team also utilizes to check our software library.

We deploy Qualys Cloud agents as passive sensors to gain comprehensive asset visibility and identify gaps in policy agent coverage. Additionally, we are collaborating with our cyber defense center team to enhance external service management.

Our cyber defense center team effectively utilizes Qualys CSAM, an external service management tool, to cover the entire attack surface.

The external service management tool has helped discover over 6,000 assets that were previously discovered.

We immediately saw the benefits of Qualys CyberSecurity Asset Management. As platform owners, we collaborate with the validation and cyber defense center teams to ensure asset availability and address any discrepancies.

Qualys CyberSecurity Asset Management helps identify all risk factors using the TruRisk score.

TruRisk Insights assists in identifying vulnerabilities and prioritizing them from highest to lowest risk.

We have begun utilizing Qualys Cloud agents as passive sensors and are currently investigating the necessary protocols to maximize the effectiveness of this feature. 

Our cybersecurity, IT, and cloud software teams effectively use Qualys to gain comprehensive visibility into our software environment, aided by excellent support. This visibility enables us to integrate Qualys into various facets of our operations, including our internal tools, allowing us to efficiently share updates with both the IT team and end-users, thus streamlining our workflow.

The most valuable feature is the Management sensor, which helps identify gaps in policy agent availability, thereby improving agent utilization. Additionally, the tool's code aids in risk identification and mitigation.

The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents. Enhanced functionality in these areas would increase the service's effectiveness and efficiency. We anticipate updates that will address these issues and optimize our use of the service.

We have been using CSAM for more than two years. 

We have not encountered significant stability issues with Qualys CyberSecurity Asset Management. The design appears robust, and we have not experienced any latency problems.

Qualys Cybersecurity Asset Management has proven to be a highly scalable solution for us over the past couple of years, seamlessly integrating new features as we have expanded from a few licenses to a much larger deployment.

We receive excellent support from Qualys. Our Technical Account Manager is very responsive and helpful in addressing any concerns that arise.

Positive

The initial deployment was straightforward. We integrate CSAM with other Qualys modules including VMDR.

The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage.

I would rate Qualys CyberSecurity Asset Management ten out of ten.

Qualys CyberSecurity Asset Management does not require maintenance on our end.

To gain comprehensive visibility and reporting within the policy, new users should deploy the agent. This action provides a complete overview of vulnerabilities and support statuses, offering valuable insights for both IT management and cybersecurity purposes.

We use it to gain complete visibility into our assets and monitor our security posture.

Our overall experience has been very good. It gives us a 360-degree view of our assets. It gives us the complete data such as the types of services running or applications installed. If an asset or software is end-of-life or end-of-support, it provides the status related to that. Apart from that, we get to know the ports and services that are running.

Previously, I did not have visibility over the complete inventory. Qualys CSAM gives me the complete inventory with the number of assets connected to the network. Based on the cloud agents that were deployed and remote scans, we can see the whole inventory in a single module. The CSAM module allows us to track the end-of-life or end-of-support status of the software on our assets. We get to know in advance that particular software is going to be end-of-life or end-of-support. Such a feature helps us to take action proactively.

It gives visibility into the domains or subdomains managed by my organization. I can track those very effectively. I can even perform lightweight scans which are completely managed or controlled by Qualys, unlike remote scans that are performed by the end user. It gives visibility into the vulnerabilities related to applications or assets on a real-time basis because these scans are performed once a day on a daily basis. With one click, the EASM module provides the domain names related to my organization. Qualys directly performs the scan and if any applications or assets are not in my CMDB because I missed updating the details, it highlights them, so I have complete visibility over my publicly exposed assets or applications.

It is able to discover different kinds of assets, such as web servers, DB servers, or application servers. It can identify network devices. I even have visibility over the devices managed by ISPs, and I am able to take action appropriately.

Asset tagging is one of the main features of the CSAM module. While creating asset tags or after creating asset tags, we can set the asset criticality. Based on the vulnerabilities identified in the assets, Qualys provides a detection or TruRisk scoring.

TruRisk scoring helps prioritize vulnerabilities and assets. This prioritization is very helpful for me. In an infrastructure with 300,000 assets, we might see millions of vulnerabilities in the assets. We need to prioritize vulnerability remediation because we cannot focus on remediating all the vulnerabilities at the same time. We can start with the assets that are critical in our organization. TruRisk scoring helps with that.

It makes us more secure and also helps us with our KPIs or KRI. We have had zero attacks since we enabled all the features in Qualys CSAM.

It fetches the asset details based on remote scans or the cloud agents that are deployed. With passive sensors, I am able to see the rogue assets that are passing through a particular switch wherever passive sensors are deployed. I can see what other assets are connected to the network. One of my goals is to identify the assets that are missing with the cloud agents so that I can get the cloud agents deployed and get them added to my asset inventory. Network devices obviously cannot be installed with the cloud agents, but at least I have visibility that these are the network devices, or these are the endpoints, or these are the servers, whereas rogue assets are a threat to the organization. They may even compromise other assets in the network, so with these passive sensors, I am getting complete visibility.

Even IoT devices can be scanned through these passive sensors. The passive sensors can read the configuration of the devices passing through a particular switch. Previously, I used to perform remote scans on IoT devices. This effort of performing the remote scan is minimized because these passive sensors are able to find the vulnerabilities related to any of the IoT devices by reading their configuration. This is another feature that is helping me as part of our operations.

The External Attack Surface Management (EASM) module, available within CSAM, is valuable. It helps track all the domains and subdomains related to our organization. It performs the discovery scans and provides the results of the domains or subdomains related to my organization. It also performs scans to identify any vulnerabilities, which helps to take proactive measures before those vulnerabilities are identified by any attacker.

The IoT or OT asset discovery feature is valuable. We can analyze the traffic that is passing through at the L2 switch level with the passive sensors. It provides information about any rogue asset connected to a switch or a network. We can see all the unmanaged or managed assets.

The ability to define a list of unauthorized software and create a rule to define software authorization is helpful. We have a diverse organization with a robust infrastructure of more than 300,000 assets. By creating unauthorized lists and rules in the Qualys CSAM module, I can block certain software from being used in the organization. When I create such a rule, I can see all the assets having unauthorized software installed. I can then immediately take action by blocking that asset or remotely uninstalling that particular software. Such actions can be taken directly from its interface when I have unauthorized software rules in place. This is an important and helpful feature for my organization.

The scanning function could be improved. Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous. Publicly exposed assets are very critical. If a remediation action is taken by the end-user or the auditor working on a vulnerability management program, that person must be given access to run the scan as and when required. This way they can immediately check whether that particular vulnerability is present or not.

Also, allowing more comprehensive scan configurations could be beneficial. The lightweight scan that it does is only based on the ports or services that are identified through the Discovery Scan. It would be helpful for the auditors to be able to run a more comprehensive scan.

Additionally, while downloadable asset information is available in the CSAM module, it lacks mapping of software to assets in a consolidated report format. For instance, if I want to download information about 100,000 assets along with the software mapped to those assets, this option is currently not available. If I download the SH details, it will have only the BIOS information, the serial number of the device, the hostname, the MAC address, and the IP address. Only these details are available. It does not give information about the software installed on those assets. The software mapping with assets is not given in a consolidated report. Enhancing this capability would elevate its usefulness.

I have been using the CSAM module for about four to five years. It was previously known as AssetView. We used AssetView for over 12 years and then shifted to using CSAM when it was introduced four to five years ago.

The platform is quite stable as it is able to handle data from various sources, such as cloud agents or the VMDR module. It has the EASM capability. It is pretty stable even though it holds a lot of data related to our assets or applications. I would rate it a ten out of ten for stability.

Scalability is impressive, supporting a myriad of features and substantial data from diverse modules. It offers a comprehensive view of asset management and is equipped to handle an extensive array of data efficiently.

Our organization has its presence in different geographical locations. We have about 300,000 assets installed with agents worldwide.

There are 50 to 60 people from the IT team and the information security team working with Qualys CSAM.

I am satisfied with their support. I would rate their customer support a ten out of ten.

Positive

I was using the AssetView module before migrating to Qualys CSAM. AssetView has very basic features. Other than the asset tagging feature, AssetView does not have other features available in Qualys CSAM, such as EOL detection and software version detection. 

Knowing the software version is very useful for me when any zero-day vulnerability is published. I can check the version of the software that is vulnerable to a zero-day CVE, and then with the Qualys CSAM module, I can see the assets that are using that particular vulnerable version. Without even performing the active scan, I can get visibility over the assets having vulnerable versions. I can then take the remediation action. This is the most important feature in the CSAM module as compared to AssetView. 

The initial setup was straightforward. Although I was not a part of the implementation team, I understand it did not take much time due to an efficient cloud agent deployment and network connectivity setup.

It does not require any maintenance from our side. There is almost zero-touch maintenance because it is a SaaS platform managed by Qualys itself. We might have to modify or create asset tags or dashboards. These are operational tasks that we might have to do on a regular basis. Other than that, no maintenance is required from our side.

The implementation involved a small team of about five to six members who collaborated with the Qualys vendor.

Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers.

I would highly recommend this solution to other users looking to enhance their asset inventory visibility. Asset inventory is the primary source of truth for any IT team or information security team. Qualys CSAM provides that visibility. With the integration of CMDB, you get even better visibility over the asset inventory. You also get EOL information about the assets and applications. These are the main reasons for recommending it. I am pretty happy with it.

I would rate Qualys CSAM a ten out of ten.