Try our new research platform with insights from 80,000+ expert users

Qualys Patch Management pros and cons

Vendor: Qualys

4.5 out of 5

33 reviews
96% willing to recommend

Pros & Cons summary

Qualys Patch Management automates patch scheduling and retrieval to enhance compliance and reduce risk, integrates with Qualys Gateway Scanner for efficient patch distribution, and excels in reporting to prioritize vulnerabilities. It supports a wide range of applications but lacks driver updates and comprehensive patch support. Improvements are needed in responding to zero-day vulnerabilities and reducing false positives. The platform benefits from responsive support but needs enhanced VMware capabilities and better Cloud Agent authorization.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Qualys Patch Management significantly reduces organizational risks, achieving a risk reduction of up to 99.9 percent.

The integration of Qualys Gateway Scanner minimizes bandwidth consumption by caching and distributing patches efficiently within the environment.

Qualys Patch Management's automated features streamline patch deployment, help ensure compliance, and support managing both first-party and third-party patching.

The ability to leverage the QID search feature facilitates the identification and remediation of vulnerabilities across all assets in a centralized manner.

Qualys Patch Management provides comprehensive reporting and dashboards, simplifying asset management and vulnerability tracking with real-time updates.

CONS

Qualys Patch Management has limitations in its ability to patch everything, whereas SCCM allows for any package to be deployed.

There is a need for more efficient patch deployment scheduling and better integration with downloadable patch job assets.

The response time for zero-day vulnerabilities, at 12 to 16 hours, needs improvement.

False positives are a major concern, notably with the Cloud Agent.

The pricing is considered high compared to other vendors, posing a challenge for affordability.

Qualys Patch Management Pros review quotes

reviewer2590236

Information Security Lead at Infosys

Oct 31, 2024

Qualys Patch Management offers a valuable feature that allows for deferred reboots, giving users control while still ensuring eventual patching.

Read full review

ShantanuChoubal

Project Lead at Persistent Systems

Dec 11, 2024

The most valuable features of Qualys Patch Management include its ability to automate patch deployment for hundreds or thousands of assets, reducing our reliance on the IT team to perform these tasks manually.

Read full review

RO

Cybersecurity Engineer at a manufacturing company with 51-200 employees

Oct 18, 2024

Patch Management, if configured correctly, works effectively without requiring further action.

Read full review

Qualys Patch Management

Free Report: Qualys Patch Management Reviews and More

Learn what your peers think about Qualys Patch Management. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.

848,716 professionals have used our research since 2012.

Employee-Owner, Senior Consultant, Information Security at Keller Schroeder

Jun 10, 2024

The most valuable feature in Patch Management is the Qualys query language for set-it-and-forget-it patching for our preapproved patches, and our preapproved schedules, That is extremely helpful compared to the old days of patching.

Read full review

Senior Security Consultant at CyberNxt Solutions LLP

Nov 5, 2024

The features I find most valuable in Qualys Patch Management include the ability to manage registry changes and run scripts both pre and post-patching. We have been able to apply workarounds for zero-day vulnerabilities efficiently.

Read full review

Yuvaraaj Adhithya

Cyber Security Analyst at WPP

Aug 20, 2024

For a few applications, you do not need to go and download the patches from the network or somewhere else. They have the patches or the latest updates in the directory. You can just select a patch and deploy it to a server. You can create a patch job and select the patch. Everything is within the interface. You do not need to go out of it.

Read full review

reviewer2589096

Senior Information Security Engineer at Infosys

Oct 30, 2024

Qualys Patch Management has significantly reduced our organizational risks.

Read full review

Revathi VeeraRaghavan

Information Security - Manager at Infosys

Dec 5, 2024

Qualys Patch Management offers numerous valuable features, including automatic patching for Google browsers, which allows for scheduled updates immediately upon vendor release.

Read full review

System Architect at a leisure / travel company with 10,001+ employees

Oct 17, 2024

Patch Management gave my side and the security side a single pane of glass and the ability to better coordinate the delivery of patches.

Read full review

reviewer2584884

Foundation Services Director at a leisure / travel company with 10,001+ employees

Oct 14, 2024

The most valuable features are the ease of managing both first-party and third-party patching, the generation of dashboards, and the provision of real-time information.

Read full review

Show 10 more reviews (out of 33)

Qualys Patch Management Cons review quotes

reviewer2590236

Information Security Lead at Infosys

Oct 31, 2024

Currently, there are limitations in downloading patch jobs to view all associated assets and patch statuses.

Read full review

ShantanuChoubal

Project Lead at Persistent Systems

Dec 11, 2024

It works with Windows and Linux, but Mac patch support is not yet available.

Read full review

RO

Cybersecurity Engineer at a manufacturing company with 51-200 employees

Oct 18, 2024

Qualys can do regular check-ins to go over not only all the vulnerabilities but also the overall process to see if there is anything where we might need improvement.

Read full review

Qualys Patch Management

Free Report: Qualys Patch Management Reviews and More

Learn what your peers think about Qualys Patch Management. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.

848,716 professionals have used our research since 2012.

Employee-Owner, Senior Consultant, Information Security at Keller Schroeder

Jun 10, 2024

A common area for improvement in Patch Management, both within our environment and others I've encountered, is the lack of built-in driver updates.

Read full review

Senior Security Consultant at CyberNxt Solutions LLP

Nov 5, 2024

They need to improve the user-friendliness of identifying how many devices are affected by a particular patch. It is not intuitive, and there should be clearer indicators or buttons to access this information easily.

Read full review

Yuvaraaj Adhithya

Cyber Security Analyst at WPP

Aug 20, 2024

One of the challenges that we have faced with the Patch Management tool is that you cannot patch all the things. There are some limitations, whereas, in SCCM, we can create a package and just deploy that through it. Anything is deployable through SCCM, whereas Patch Management is very selective.

Read full review

reviewer2589096

Senior Information Security Engineer at Infosys

Oct 30, 2024

Qualys could improve its randomized download feature and provide more detailed information about patch failures, including the reason for failure.

Read full review

Revathi VeeraRaghavan

Information Security - Manager at Infosys

Dec 5, 2024

Reporting needs enhancement, particularly with group-based compliance percentages and clearer, VMDR-like reporting in the Patch Management module.

Read full review

System Architect at a leisure / travel company with 10,001+ employees

Oct 17, 2024

A patch contract is a bundle of patches that we are going to roll out. I would like to reference those patches from separate jobs. They explained at a conference that it cannot be done, but that is my main complaint. I wish that the whole schema was a little bit clearer because there is a little bit of cloudiness around it.

Read full review

reviewer2584884

Foundation Services Director at a leisure / travel company with 10,001+ employees

Oct 14, 2024

There is room for improvement in the detection logic. It sometimes detects open vulnerabilities that are not truly there, such as orphan files that are not really exploitable. It would be helpful if they were classified as information-only rather than Sev 4 or Sev 5.

Read full review

Show 10 more reviews (out of 33)

Product Categories

Product Categories

Patch Management

Popular Comparisons

Popular Comparisons

Microsoft Configuration Manager vs Qualys Patch Management

BigFix vs Qualys Patch Management

NinjaOne vs Qualys Patch Management

Kaseya VSA vs Qualys Patch Management

Microsoft Windows Server Update Services vs Qualys Patch Management

Automox vs Qualys Patch Management

ManageEngine Patch Manager Plus vs Qualys Patch Management

Vicarius vRx vs Qualys Patch Management

Ivanti Security Controls vs Qualys Patch Management

Patch My PC vs Qualys Patch Management

See all alternatives

Product Categories

Product Categories

Patch Management

Popular Comparisons

Popular Comparisons

Microsoft Configuration Manager vs Qualys Patch Management

BigFix vs Qualys Patch Management

NinjaOne vs Qualys Patch Management

Kaseya VSA vs Qualys Patch Management

Microsoft Windows Server Update Services vs Qualys Patch Management

Automox vs Qualys Patch Management

ManageEngine Patch Manager Plus vs Qualys Patch Management

Vicarius vRx vs Qualys Patch Management

Ivanti Security Controls vs Qualys Patch Management

Patch My PC vs Qualys Patch Management

See all alternatives

Related questions

50

Why is patch management important for cybersecurity?

12

When evaluating Patch Management, what aspect do you think is the most important to look for?

32

What patch management solution do you recommend?

48

What solution should we use for upgrading and patching OS to remediate vulnerabilities?

47

Why is Patch Management important for companies?

26

What are Pros and Cons of Cloud-based Patch Management?