Qualys Patch Management Reviews

We previously used native patch management tools like SCCM servers for Microsoft, Linux, and Mac OS. However, with the shift to remote work in 2020, we encountered issues pushing patches through these on-premise servers. To address this, we adopted Qualys Patch Management, leveraging their cloud agents that are already in place. This simplified patch deployment, allowing us to push patches directly from the Qualys cloud platform, eliminating the need for on-premise servers and VPN connections, which often caused bandwidth congestion and patch deployment failures. 

Qualys Patch Management only requires an internet connection, significantly improving our patching efficiency and overcoming previous challenges with large patch sizes and network limitations.

Qualys Patch Management employs a risk-based approach to automation, utilizing the TruRisk feature within the Qualys VMDR module. TruRisk assesses the security posture of infrastructure by considering asset criticality and assigning a Qualys detection score to each vulnerability. This combination generates a TruRisk score for each asset, enabling the identification of critical assets such as crown jewels or public-facing systems. By categorizing assets based on criticality, users can prioritize vulnerability remediation directly from the VMDR interface. This prioritization seamlessly integrates with Qualys Patch Management, allowing for efficient patch deployment by clicking the Patch Now option in VMDR.

Qualys Patch Management and VMDR are seamlessly integrated, enabling direct communication between them. Patch Management obtains necessary vulnerability and missing patch data directly from the VMDR interface. Both modules rely on the Qualys Cloud Agent to gather complete vulnerability information from VMDR. This integration allows for direct patch deployment through either VMDR or Patch Management.

The COVID-19 pandemic significantly increased cyberattacks on organizations due to the shift to remote work and the resulting expansion of vulnerable attack surfaces. Employees connecting to company networks from home created security gaps that cybercriminals exploited, particularly with ransomware. To mitigate this, organizations adopted proactive measures like using Qualys Patch Management to quickly deploy patches and updates, addressing vulnerabilities, and protecting against attacks without relying on scheduled downtime.

We use the TruRisk scoring mechanism, which ranges from zero to 1,000, to assess and prioritize vulnerabilities. This score is based on Qualys-defined ranges for severity levels, critical, high, medium, low, and our asset criticality scoring. We categorize assets by creating tags for groups belonging to different organizational entities and assign criticality scores to those tags. By combining the asset criticality score with the Qualys detection score provided on a QID basis for each vulnerability, we calculate the TruRisk score. This allows us to identify the number of assets with critical or high-severity vulnerabilities and prioritize remediation efforts.

We have used Qualys Patch Management for four years, but our organization has used Qualys for over 12 years. In that time, I've also used other leading scanning vendors like Tenable and Rapid7. Compared to those, Qualys more accurately detects vulnerabilities due to its cloud agent. This agent, installed on the end asset, reads complete metadata, including the registry and other areas, to identify vulnerable software versions. For example, if an application vulnerability is identified, we can check the asset's installed programs. Even if the software isn't found there, Qualys provides the path where the vulnerable version is detected, often revealing remnant files. These files, left behind even after uninstallation, can be exploited by attackers. Qualys detects these remnants, ensuring accurate vulnerability identification, even if the software appears to be absent from the endpoint.

Although Qualys may be more expensive than other vulnerability scanning tools, its accuracy and effectiveness justify the cost. While alternatives like Tenable Professional offer unlimited IP scanning at a lower price, Qualys provides superior vulnerability detection. This leads to a good return on investment by minimizing security breaches and associated costs, such as reputational damage and compromised client data. Ultimately, Qualys increases stakeholder confidence by providing a high level of protection against cyberattacks.

We previously used a native patch management solution, which resulted in consistently low patch compliance. Achieving even 80 percent compliance often took an entire month, by which time Microsoft would release new security patches. Despite the challenge of maintaining high patch compliance across our extensive infrastructure, with Qualys Patch Management, we now achieve 75 to 80 percent compliance within the first week and 90 to 95 percent within two weeks of patch release. Consequently, our monthly patch compliance consistently exceeds 95 percent.

We augmented our existing vulnerability management solution by adding Qualys Patch Management. Before 2020, we relied solely on Qualys VMDR and other modules. Subsequently, we transitioned to Qualys Patch Management for most patching tasks, although we still utilize Microsoft Intune and SCCM for Microsoft OS assets. Qualys Patch Management leverages vulnerability feeds from the VMDR module, allowing us to identify vulnerabilities missing Qualys patches. Using Qualys Query Language queries within the Qualys interface, we can pinpoint assets with missing patches by searching for Qualys missing patches. This capability enables us to prioritize vulnerability remediation through Patch Management, supplementing our broader vulnerability management strategy.

Installing patches on end assets requires a reboot to take effect, and without it, vulnerabilities remain. Qualys Patch Management offers a valuable feature that allows for deferred reboots, giving users control while still ensuring eventual patching. This feature provides flexibility and reduces disruption. Additionally, a forced reboot option can be implemented via script to ensure all assets are regularly updated, eliminating the need for user intervention. The interface provides a clear view of patch job statuses, including failures and their reasons. It also displays missing patches by QID, allowing for easy identification and one-click patching. This streamlines the patching process and improves overall efficiency.

Currently, there are limitations in downloading patch jobs to view all associated assets and patch statuses. This issue has been raised with Qualys, who may be working on a feature request to address it. While generally satisfied with the Qualys Patch Management interface, another challenge is that some third-party applications, like Oracle, require a license for redirection to their website and subsequent patch access. This authentication requirement blocks some patches from being pushed through Qualys, leaving them in a locked state. This issue, however, only affects a few applications, as most do not require a license for patch access.

I have used Qualys Patch Management since 2020.

I would rate the stability of Qualys Patch Management nine point five out of ten, with minimal latency or other issues. Any observed latencies typically stem from our internal network rather than the cloud platform.

I would rate the scalability of Qualys Patch Management ten out of ten.

The support is robust and available around the clock. We have been provided with clear escalation points of contact, ensuring timely responses and resolution for any issues.

Positive

Before 2020, Microsoft SCCM and Intune were our primary tools for patching Microsoft assets. However, to improve compliance rates and manage third-party application patches more effectively, we transitioned to Qualys Patch Management.

We easily deployed Qualys Patch Management. Previously, security concerns discouraged cloud-based data storage. However, with robust cloud security controls in place, we confidently utilize this cloud-based module.

Implementation involved our internal IT team, who manage the operations of pushing patches.

The return on investment from Qualys Patch Management is significant because a security breach can severely damage an organization's reputation and lead to loss of business. Therefore, we are completely satisfied with the ROI from our investment in the Qualys Patch Management module.

Pricing for Qualys Patch Management is moderate.

Other solutions evaluated include Tenable and Rapid7, but Qualys Patch Management stood out for its accuracy and detection capabilities.

I would rate Qualys Patch Management eight out of ten.

We investigated integrating Qualys Patch Management with our current configuration management database but found that integration is not supported due to a lack of API access. However, we plan to migrate to ServiceNow soon, allowing us to integrate our CMDB or asset management system with Qualys. This integration will improve visibility by enabling us to identify asset owners and remediate vulnerabilities quickly. We expect to complete this migration within the next few months.

Our clients utilize various off-site data centers with distinct networks, including DMZs and intranets, resulting in multiple operational areas. We possess many assets within these networks, exceeding 300,000, and we rely entirely on Qualys Patch Management for their maintenance. We have around 70 team members that utilize the solution.

Patch Management is entirely maintained by Qualys.

I would definitely recommend Qualys Patch Management. Detecting vulnerabilities alone isn't enough; a robust patch management tool is essential for securing an organization.

We use Qualys Patch Management for server deployment and workstation deployment. It is also used for vulnerability management, managing open ports, and remediating vulnerabilities.

The risk-based management involves process automation, identifying vulnerabilities through scheduled reports, and ongoing patch deployments.

Qualys Patch Management utilizes advanced algorithms within its management policies to effectively address vulnerabilities. It accurately identifies threats and provides the necessary solutions to remediate bugs in end-user systems.

TruRisk automation streamlines our vulnerability remediation process by automatically identifying and deploying necessary patches, eliminating the need for constant security team involvement. Previously, the security team would provide monthly scan profiles and assign them to us. We would then scan endpoints, identify vulnerabilities or partially/fully installed patches, and use Qualys reports to address any patching failures. TruRisk automates this entire workflow, increasing efficiency and reducing our reliance on manual intervention from the security team.

Qualys Patch Management offers a single source of truth to identify, prioritize, and address vulnerabilities across all assets. This ongoing monthly process consistently identifies vulnerabilities in our network, devices, and systems. Using a standardized remediation template, we scan for vulnerabilities and implement necessary fixes to ensure ongoing security.

It reduces costs through automated deployments, eliminating the need for manual monitoring and machine checks. By creating a job to identify machines with low disk space or those not requiring patches, we generate a report and exclude unnecessary machines from the patching schedule. This automation removes machines that don't need patches, ensuring only those requiring updates are involved, and reduces manual effort by approximately 50 percent through automated scheduling and issue identification.

I have been managing patches for the past two years. Previously, the tools available lacked automation and couldn't handle all tasks, including scheduling. Now, with Qualys Patch Management, we can schedule jobs, automatically identify and fix bugs, and significantly reduce the time spent on patching. For instance, tasks that once took ten hours can now be completed in three.

Our patch rate was 85 percent before implementing Qualys Patch Management, and now it is 98 percent.

We utilize Qualys Patch Management's ITSM tools for ticket management, which has proven highly beneficial for our operations. We are integrating Qualys Patch Management with ServiceNow and BMC Remedy. This integration automatically identifies and closes approximately 50 to 60 percent of tickets.

Adding Qualys Patch Management to our existing vulnerability management tools has provided us with an on-demand capability to patch our internal devices as needed.

Qualys Patch Management helped reduce our organization's risk by patching 98 percent of vulnerabilities.

Qualys Patch Management is an effective tool for vulnerability remediation. It identifies vulnerabilities, creates profiles, and recognizes vulnerabilities on the endpoint, all within a user-friendly environment.

The availability of Qualys Patch Management needs to be improved.

I have been using Qualys Patch Management for almost five years.

There are times when Qualys Patch Management is unavailable.

I would rate the scalability of Qualys Patch Management a nine out of ten.

Technical support is good, providing seamless efforts in their support.

Positive

We use multiple tools. On-demand, we use Qualys alongside other solutions like Tanium, Rapid7, and SCCM to manage machines both inside and outside the organization.

The initial deployment is straightforward. It does not take much time to deploy. Everything is completed within the four-hour schedule.

Compared to other tools, the price of Qualys Patch Management is reasonable.

I would rate Qualys Patch Management a nine out of ten.

Qualys Patch Management is deployed in multiple departments and locations. We have five members that administor the solution.

No maintenance is required from our end.

I recommend Qualys Patch Management because it is effective in past deployment and vulnerability management. It identifies necessary patches instead of scanning the entire machine.

We utilize Qualys Patch Management to patch our customers' virtual machine environments. This includes performing tasks and remediation actions in conjunction with Qualys Vulnerability Management, Detection, and Response.

We implemented Qualys Patch Management for the zero-touch patches.

Qualys Patch Management's risk-based approach simplifies the automation of risk mitigation.

The automatic inclusion of relevant patches in Qualys Patch Management based on Qualys VMDR findings streamlines remediation. This integration simplifies patching tasks by providing a direct solution from VMDR to Patch Management, making it easier to address vulnerabilities.

Qualys Patch Management is user-friendly. We used to have a different tool that did not provide good solutions or responses, so we tested Qualys Patch Management internally and with a few customers. As a result, the time to push patches, get updates, or push zero-day patches has significantly decreased compared to the previous tool. We realized the benefits of Qualys Patch Management within the first quarter.

Qualys' TruRisk automation improves our operational efficiency by enabling us to remediate vulnerabilities without requiring direct involvement from our security team.

Qualys Patch Management streamlines our vulnerability management process by providing a single source of truth to assess, prioritize, and remediate vulnerabilities across all assets. This consolidated approach has significantly reduced our workload, enabling us to meet all compliance standards and accelerate remediation from weeks to days.

We have significantly improved our patch rates using Qualys Patch Management, though the exact improvement varies depending on the vulnerabilities. For critical issues, typically those with a CVSS score of four or five or higher, we contact the customer and, upon their approval, immediately patch the relevant item. This includes application software, configurations, Microsoft Patch Tuesday updates, and zero-day vulnerabilities.

We augmented our vulnerability solution with Qualys Patch Management to address patching deficiencies within our customer base. Many clients operate in silos with disparate IT teams, hindering comprehensive patching efforts. Our adoption of Qualys Patch Management enables us to centrally manage and execute patching through its VMDR capabilities, resulting in higher success rates compared to decentralized client-managed patching.

We have seen a significant reduction in our customer's risk, around 70 to 80 percent.

Qualys Patch Management excels with its automated patch scheduling and retrieval. The system efficiently executes jobs, provides clear messaging, and simplifies the management of installations and residual file removal.

Qualys's current response time for releasing solutions to zero-day vulnerabilities, which takes approximately 12 to 16 hours, needs improvement. The goal is to reduce this timeframe to under 12 hours. Additionally, their platform requires enhanced support for multi-tenancy.

I have been using Patch Management for the last two years.

I would rate the stability of Qualys Patch Management nine out of ten.

Qualys Patch Management's scalability is eight out of ten because it does not provide good support for multi-tenancy.

Qualys' technical support is good.

Positive

We previously used patching solutions like Kaseya VSA, but now prefer Qualys Patch Management due to its integration with VMDR. This single-solution approach reduces remediation time significantly.

The initial deployment is straightforward. It involves installing agents and scanner appliances, which automatically manage everything. The deployment can be completed within a few days.

The pricing is reasonable and less expensive than the previous tool.

I would rate Qualys Patch Management eight out of ten.

Our customers who use Qualys Patch Management are small and medium-sized businesses.

Qualys Patch Management does not require any maintenance.

I would recommend Qualys Patch Management to other users because of its advantages over other tools. This tool is good compared to others.

I am a cybersecurity engineer focused on vulnerability assessment and penetration testing. We use Qualys Patch Management to scan our client infrastructure and external-facing applications. We collect asset details from clients and perform activities using Qualys VMDR to prepare and submit reports. If vulnerabilities are detected, we conduct patch management.

We implemented Qualys Patch Management to simplify patching processes and maintain a comprehensive record of all assets, both those already patched and those requiring patching.

Qualys Patch Management's risk-based approach to automation is effective in addressing vulnerabilities. By configuring policies, patches are applied automatically, eliminating concerns about oversight and ensuring comprehensive mitigation.

The integration of Patch Management and VMDR is critical for medium and large organizations because it automatically includes relevant patches and configuration changes to remediate detected vulnerabilities. This allows organizations to gain clear visibility into device vulnerabilities and take immediate action to mitigate risks.

Qualys Patch Management keeps our clients informed of all security aspects. It keeps the quality up to date, with vulnerability databases and new CVEs based on the CVSS score. Clients are pleased with the insights on their security posture and any security gaps.

We use TruRisk automation and the Qualys knowledge base, with its batch management and information-sharing features, to remediate vulnerabilities without involving the security team.

Qualys Patch Management provides a centralized platform to identify, prioritize, and address vulnerabilities across all assets. This allows us to tailor vulnerability assessments and patching strategies for clients with critical assets, such as servers hosting public-facing web applications, by leveraging asset criticality tags to create dedicated sections within the platform.

Qualys Patch Management has helped improve our patch rate by 35 percent.

Qualys Patch Management helps reduce our client's organizational risk by 50 percent.

Qualys Patch Management allows us to structure all the patches together and schedule patch management sessions. If we do not need a particular patch, it can push it automatically. It provides insight into the organization's security posture and keeps databases updated with new CVEs.

The pricing of the solution is slightly high compared to other tools in our field. It’s manageable for clients, but as a service provider, it can be challenging due to the lower cost of vulnerability assessments and penetration testing.

I have been using Qualys Patch Management for the past two years.

Qualys Patch Management is a stable solution. I would rate its stability as a ten out of ten.

Scalability could be improved, as not everyone can afford it, and some may not fully understand how to use Qualys.

During the license purchase process, there was some delay in technical communication from Qualys. 

Positive

The deployment involved a team of six people and took about half a year.

Qualys Patch Management has saved time and resources by reducing the need for human resources. Clients are satisfied with the insights and reduced vulnerabilities over time.

While the cost of Qualys Patch Management is slightly high compared to alternative tools, it is not excessively expensive. I would rate the pricing as a seven or eight out of ten for expense.

I would rate Qualys Patch Management ten out of ten.

Our clients who use Qualys Patch Management are medium to enterprise-level businesses.

Qualys handles the maintenance for Patch Management.

I recommend Qualys Patch Management to others due to its ability to enhance organizational and client security posture while reducing time and costs associated with vulnerability assessment and auditing.

We use Qualys Patch Management to patch our servers, which run on both Linux and Windows operating systems.

We implemented Qualys Patch Management to identify and address operating system vulnerabilities.

A risk-based approach to automation prioritizes addressing vulnerabilities according to their criticality, ensuring that the most significant risks are mitigated first.

The integration of Qualys Patch Management and VMDR is crucial because it automates the process of identifying and deploying necessary patches and configuration changes to address vulnerabilities. This automation minimizes manual intervention, streamlining both patching and vulnerability scanning. The integrated system automatically generates reports that include vulnerability details and their corresponding Software Development Lifecycle phase, along with patching status and the number of systems patched across production, DMZ, and VOD environments.

We used to do manual patching, which took more time to complete. With Qualys Patch Management, we have reduced the time it takes to patch. We can now perform patching with a single click and obtain a report of the patch application. We saw the benefits of Qualys Patch Management within seven months.

Qualys Patch Management excels with its user-friendly interface and comprehensive reporting features. Additionally, it offers robust vulnerability scanning for both network devices and operating systems, ensuring thorough and effective security assessments.

The TruRisk automation has significantly reduced the time it takes for risk management and reporting.

Qualys Patch Management gives us a single source of truth for assets and vulnerabilities that need to be assessed, prioritized, and remediated.

Qualys Patch Management enabled us to increase our patching frequency. Previously, limited staffing necessitated quarterly patching, but with Qualys, we can now patch monthly as releases become available. This proactive approach minimizes risk to our infrastructure.

We have integrated Qualys Patch Management with our SIEM solution, enabling us to build a single dashboard that displays vulnerability reports from both systems. This allows both the infrastructure and security teams to simultaneously access and utilize the Qualys Patch Management reports within the SIEM dashboard.

The organization's risk score has significantly improved since integrating with Qualys Patch Management. Previously at 60 percent, the score is now down to 39 percent, with the potential for even further reduction.

There are certain integration parts that could be improved. Sometimes, legacy operating systems are not supported by Qualys Patch Management, which is an issue. There should be a document readily available with Qualys that lists unsupported operating systems and provides solutions on how to achieve patching in other ways.

I have been using Qualys Patch Management for the last three years.

We have used Qualys Patch Management for the past three years without issue and would rate its stability a ten out of ten.

Qualys Patch Management is a globally scalable product, easily handling increasing workloads and users. Its scalability gets a ten out of ten rating.

We have not faced any challenges with customer service. Whenever we raised a case with Qualys for troubleshooting or any assistance, we received support as required.

Positive

Earlier, we were using Nessus. There were some challenges with Nessus, such as the reporting part not being customizable as per our requirements, and some management pricing issues. We conducted a POC and switched to Qualys Patch Management.

The initial setup was straightforward, with servers deployed in two days using a broadcasting tool for installation. This allowed for the successful deployment of Qualys Patch Management within one week.

With Qualys, we can save around 70 percent of time and between 30 to 40 percent of money.

The pricing is fair and within our budget. With the capabilities Qualys offers, we believe we are getting good value for the price.

I would rate Qualys Patch Management nine out of ten.

We use a ticket submission tool to assign IT service tickets. Once the IT team completes a ticket, they close it.

We have around 1,500 users that are located evenly between the office and home environments.

Qualys Patch Management typically requires maintenance only for agents that encounter operating system issues preventing automatic updates.

I recommend using Qualys due to its ease of deployment, automation capabilities that reduce human intervention, and cost-saving benefits. As a highly effective product, Qualys Patch Management may eliminate the need to consider alternative solutions.

By implementing this solution, we wanted to fix vulnerabilities as soon as possible in both software and operating systems. Qualys Patch Management gives us the power to solve vulnerabilities quickly and keep our environment safe.

We have not yet seen many benefits because we are still deploying patch policies. We are doing that first with a test group. We have not done 100% patch management. By next month, we will have 100% management through Qualys Patch Management. We expect to see about 99.9% of assets updated all the time. We have great expectations.

We can create rules based on risk. We do not make it 100% automatic for servers because there is a higher chance of issues, but for PCs, we can do 100% automation. Based on the risk for an operation, we can create some sort of policies.

We are deploying both Qualys Vulnerability Management and Qualys Patch Management. Qualys Vulnerability Management was deployed one month ago. For the last month, we have been working to deploy Qualys Patch Management. They are being deployed side by side. The benefit of this is that Qualys Patch Management can solve all the vulnerabilities found by Qualys Vulnerability Management. One part of the tool detects the vulnerabilities and then the other part fixes them. They work together.

Patch Management will help reduce our organization's risk, but it is hard to say how much it will reduce the risks.

Policy enforcement requires less time for my team because users cannot avoid applying updates. The user can skip two or three times or for a maximum of eight hours. After that, there is no way to avoid it. It helps us keep the environment safe.

Its implementation is too recent to make any judgments about areas needing improvement. In terms of pricing, of course, it is not free. Cheaper is always better. If possible in the future, it would be good if it is cheaper.

It has been deployed very recently and we are still in the process of deploying it throughout our organization.

So far, stability has been good with no issues.

I know that as a cloud solution, it would be easy to scale, but I do not have any experience with it. We just deployed it, so there is no need to scale at this time.

I have not had to contact support, so I cannot comment on customer service.

Neutral

We previously used Microsoft WSUS. However, it did not offer the same level of management and enforcement as Qualys Patch Management.

Qualys Patch Management gives me all kinds of management options. I have good visibility into vulnerabilities on each asset. Microsoft WSUS does not give me this sort of management level. We also could not meet the expectation of a 99.9% patch rate with Microsoft WSUS.

It is too early to determine the return on investment.

The licensing cost is more than 2,000 for the whole Americas region.

We have not integrated Qualys Patch Management with CMDB or ITSM tools for ticket management. This Qualys Patch Management deployment is done at the Americas region level, and the ITSM that we have in place is only in South America. Companies in the Americas region do not have ITSM, so there is no integration yet.

I would rate Qualys Patch Management an eight out of ten.

We use Qualys Patch Management to fix patch vulnerabilities in our environment. We're dealing with machines that have pending updates, and we need to configure our console.

In Qualys, we configure Tanium, and Qualys acts as a collaborator with Tanium in our environment. We address machine details, compare with SSCM tools, and manage assets and hardware. Qualys allows us to automate and fix patches through the tool, achieving a compliance rate of over 95%.

In our environment, the application sometimes crashes, requiring improvement. Additionally, the user interface could be made easier to use, especially for system administrators.

I have been using Qualys for about one year.

We have sometimes escalated questions due to application crashes, which need improvement.

Positive

We previously worked with Microsoft Endpoint Configuration Manager (SSCM) for about two and a half years, yet faced issues with achieving target compliance.

I was not involved in the initial setup of the Qualys solution.

I am not able to give a proper answer regarding the return on investment.

I am not familiar with the pricing or setup cost of the Qualys solution.

Compared to other tools, Qualys is better due to its automation capabilities, which allow us to achieve high compliance rates. 

I rate Qualys Patch Management a ten out of ten.

We use Qualys Patch Management to mitigate and remediate all critical vulnerabilities present within our infrastructure.

We implemented Patch Management to address critical vulnerabilities in our infrastructure. This proactive measure mitigates the risk of compromise that could arise from unpatched vulnerabilities.

Patch Management has tremendously increased our security posture. Previously, we used to manage patching manually and remotely, which did not provide accurate data. With Qualys, all the details are readily available on the dashboard, aiding us in submitting details to management. It has significantly helped in providing management with up-to-date data, leading to improved satisfaction. We saw the benefits of implementing Qualys Patch Management within the first quarter.

Qualys Patch Management gives us a single source of truth for assets and vulnerabilities that must be assessed, prioritized, and remediated. This has drastically affected our operations because the features present on Qualys are amazing, and it's user-friendly compared to other tools.

We've observed an improvement in our patch rates by up to 50 percent. Utilizing the Patch Management tool allows us to download comprehensive compliance reports detailing the number of patches applied to each server, which is significantly beneficial.

Qualys Patch Management's risk reduction recommendation report offers comprehensive and customizable details, including in-depth vulnerability information with plugin output not found in other tools. This makes Qualys a superior solution for managing and understanding security risks. Qualys Patch Management's risk reduction recommendation report provides a helpful scoring system, the QDS, which can be mapped to our asset classification system, allowing us to prioritize and address vulnerabilities according to their risk level.

The risk reduction recommendation report has identified vulnerabilities that, if addressed, would yield the most significant risk reduction. Prioritizing these vulnerabilities based on their severity allows us to focus on the most critical risks to our organization and take appropriate remediation action.

We have created widgets with the assistance of the Qualys support team to add them to our existing vulnerability management solution, which has been instrumental in helping us track vulnerabilities related to our infrastructure.

Qualys Patch Management has significantly reduced our organizational risk by up to 70 percent by identifying vulnerabilities in our infrastructure and prioritizing remediation efforts. This has allowed us to reduce vulnerabilities and strengthen our overall security posture effectively.

Qualys Patch Management offers valuable features like scheduling and on-demand patching, allowing us to conveniently push patches to our servers at designated times.

The GUI has areas that need improvement, particularly in the accuracy of results when adding dashboards and running queries.

I have been using Qualys Patch Management for the last two years.

The stability of Qualys Patch Management is impeccable. I would rate it ten out of ten.

Qualys consistently upgrades itself with major changes and new technologies. They introduce new modules as needed, making Patch Management highly scalable.

Qualys support is exceptional. Whenever we need custom reports, we log a ticket with Qualys.

Positive

We transitioned from Nessus Security Center to Qualys due to challenges with Nessus's automatic patch deployments, which resulted in unplanned downtime on critical systems. A proof of concept and vendor support confirmed Qualys as a more suitable solution for our needs.

The initial setup was straightforward. Before deciding to implement it, we conducted a month-long POC to ensure all requirements were met. The deployment took over 25 days.

I would rate Qualys Patch Management ten out of ten. 

We are conducting testing in a UAT environment. Our risk mitigation approach involves deploying a patch only after thorough testing in the UAT environment confirms the absence of issues.

We use an internal ticketing system called TUSOM. While previous discussions with our Qualys TAM indicated that integration with TUSOM was not possible, we have recently re-engaged with them, and they are now working on a solution to enable integration.

Approximately 13 individuals have administrative access to Qualys Patch Management, while the remainder have read-only access for viewing reports.

Maintenance is required before we can implement the policy. As a result, we are conducting preliminary testing in the UAT environment. Additionally, Qualys will notify us of any planned maintenance.

I recommend starting with a proof of concept to ensure Qualys Patch Management meets your requirements. In my experience, it is highly user-friendly and has excellent support, making it superior to other products.