Try our new research platform with insights from 80,000+ expert users
Qualys Policy Compliance Logo

Qualys Policy Compliance Reviews

Vendor: Qualys
4.2 out of 5
181 followers
Start review

What is Qualys Policy Compliance?

Qualys Policy Compliance (PC) automates the collection of technical controls from information assets within the enterprise, and maps this information to policies to fix and document compliance with regulations and business mandates. It provides compliance reporting by leveraging a comprehensive knowledge-base that is mapped to prevalent security regulations, industry standards and compliance frameworks.
Get the IT Governance Buyer's Guide and find out what your peers are saying about Qualys Policy Compliance and more!
Buyer's Guide
IT Governance
March 2025
Get the category report
Helped 842,672 peers since 2012

Featured Qualys Policy Compliance reviews

Read more reviews

Qualys Policy Compliance mindshare

As of March 2025, the mindshare of Qualys Policy Compliance in the IT Governance category stands at 2.5%, up from 1.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.
IT Governance
 
 
Key learnings from peers

Valuable Features

  • "The solution's interface looks good, which enhances asset scanning and ensures automatic patching."
  • "The reporting and security checks are valuable."
  • "The platform allows multiple features that are very useful. The first one is being able to define the enterprise policy. The second one is to be able to automatically check the compliance level based on that policy, and the third one is that it allows us to generate reports and dashboards to see the compliance level easily."

Room for Improvement

  • "Some sort of education or knowledge base about the product would be beneficial for beginners."
  • "The policy creation aspect needs improvement."
  • "There is no clear mapping for the CIS controls in terms of how they should be implemented into Qualys, so the implementation stage might be a little bit challenging for the customer. That means that the customer will end up opening support cases, which will overload their support team to explain those. If they are somehow published somewhere, it would save time and effort for both sides."

Pricing

  • "The prices might be a little bit high. I cannot compare it with another product because we did not try any other product, but this is my impression when comparing different modules."
  • "The solution's pricing is in the mid-range, where it is neither expensive nor very cheap."
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our IT Governance Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Financial Services Firm
24%
Healthcare Company
18%
Government
10%
Educational Organization
8%
Computer Software Company
8%
Insurance Company
6%
Comms Service Provider
4%
Consumer Goods Company
4%
Manufacturing Company
4%
Performing Arts
4%
Outsourcing Company
2%
Legal Firm
2%
Real Estate/Law Firm
2%
Logistics Company
2%
Retailer
2%

Qualys Policy Compliance customers

PDX, Cigna

Related questions

  • 51
What is your recommended automated audit software for internal and external audit?
  • 7
SailPoint IdentityIQ vs. CA Identity Governance
  • 6
What aspect does Symantec Control Compliance Solution cover in IT Governance, Risk and Compliance?
  • 12
Why is Identity Governance and Administration (IGA) important?
  • 1
How many ISO norms do we have in the entire ISO27k security family standards?

Product Categories

Product Categories
IT Governance
 

Qualys Policy Compliance reviews

Sort by:
BS
Application Security Manager at IDB BAnk
Verified user of Qualys Policy Compliance
Aug 15, 2024
A unified platform that saves time, effort, and money

Pros

"The platform allows multiple features that are very useful. The first one is being able to define the enterprise policy. The second one is to be able to automatically check the compliance level based on that policy, and the third one is that it allows us to generate reports and dashboards to see the compliance level easily."

Cons

"There is no clear mapping for the CIS controls in terms of how they should be implemented into Qualys, so the implementation stage might be a little bit challenging for the customer. That means that the customer will end up opening support cases, which will overload their support team to explain those. If they are somehow published somewhere, it would save time and effort for both sides."

What is our primary use case?

Qualys Policy Compliance is used to define hardening policies for different technology platforms, such as Windows member servers, Windows domain controllers, Linux flavors, and networking appliances. This is what it is used for.

How has it helped my organization?

In one platform, we can see the compliance level.

It takes time to realize its benefits, but that is not because of the platform. It is related to the enterprise. It depends on how long it takes for the infrastructure team to deploy and maintain the policy for existing assets and new assets and to maintain the Qualys agents and get them up and running. It is also based on the enterprise-wise agreement on how often compliance should be validated. After all these parameters are clear and defined by the enterprise, the platform is straightforward. It allows validation and follow-up for the status.

*Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Read full review (1161 words)
PeerSpot user
Information Security Engineer at a university with 1,001-5,000 employees
Verified user of Qualys Policy Compliance
Feb 12, 2025
Automation and integration have improved asset compliance monitoring and reporting effectiveness

Pros

"The solution's interface looks good, which enhances asset scanning and ensures automatic patching. "

Cons

"Some sort of education or knowledge base about the product would be beneficial for beginners."

What is our primary use case?

The solution is used for sorting out vulnerabilities that have implications on security auditing and ensuring all assets added to compliance have no vulnerabilities, at least not critical ones. I use it mainly for monitoring these assets and the vulnerabilities affecting compliance.

What is most valuable?

The solution's interface looks good, which enhances asset scanning and ensures automatic patching. Automation is excellent. The reporting feature is comprehensive and mandates security solutions. I submit evidences from Qualys to auditor partners, which shows the quality of reporting. 

Scalability is a trending feature, with the ability to relate platforms to PCs and cloud instances, including hybrid clouds. Integration with ticketing tools such as Confluence, Jira, and ServiceNow is also a valuable feature.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Read full review (387 words)
Buyer's Guide
IT Governance
Download free report
Find out what your peers are saying about IT Governance. Updated March 2025
842,672 professionals have used our research since 2012.
AT
Cyber Security Analyst at a tech vendor with 10,001+ employees
Verified user of Qualys Policy Compliance
Oct 15, 2024
Enhancing security management with detailed issue investigation and skill development

Pros

"The reporting and security checks are valuable. "

Cons

"The policy creation aspect needs improvement."

What is our primary use case?

Before deploying any servers, they need to fulfill their compliance requirements. Each server needs to undergo compliance checks. Once all the compliance checks are completed, we can deploy them. Qualys Policy Compliance helps complete these compliance checks, which are necessary before deployment.

How has it helped my organization?

Qualys Policy Compliance has been helpful in my organization. Initially, I was not familiar with Qualys and related tools like ServiceNow and Jira, yet with Qualys, I've learned how to handle tasks confidently on these platforms. The solution has improved my capabilities in handling reporting and other tasks related to security management.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Read full review (471 words)
VJ
CEO at Foresight Cyber Ltd
Verified user of Qualys Policy Compliance
Aug 26, 2022
Easy to use, fast, and reliable

Pros

"It's a simple product."

Cons

"The reporting needs improvement. "

What is our primary use case?

Policy Compliance pretty much has just one use case, and that is to compare or assess the security hardening of a typical operating system or platform or, in some cases, an application against predefined or customized security best practices. For example, if we are running Windows PCs and servers, an organization could say we are going to follow Microsoft's best practices for security configuration, including how to harden Windows computers. We would basically load the Qualys policy compliance module with those best practices and agree on the list with the customer. Then Qualys simply does the rest. It basically verifies for each individual check if it is actually in place or not. 

What is most valuable?

It's a simple product. It's basically binary decisions based on the policy. You first define the policy, and then the tool compares the policy against the actual state of, for example, a Windows computer.

The policy compliance really is the most valuable aspect of the solution. You can actually create your own configuration controls. Even if it's not part of the preexisting library of controls we can handle it. For example, we had a client that had their own specific hardening requirements what kind of, let's say, registry entries or permissions on the file system or specific files being or not being on the file system. We were able to create these policies. 

It's really customizable. It can be customized pretty much to meet any need and any policy that customers can throw at us.

*Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Read full review (1000 words)
Bhupendra Nayak - PeerSpot user
Cyber Security Consultant at Confidential
Verified user of Qualys Policy Compliance
Nov 22, 2023
A VMDR solution that can be used to detect, block, and mitigate vulnerabilities

Pros

"The most valuable feature of QualysGuard Policy Compliance is the automation that can detect real-time threats and decrease risks."

Cons

"It would be good if the solution’s technical support could be faster."

What is our primary use case?

We use QualysGuard Policy Compliance for VMDR (Vulnerability Management, Detection and Response). We can use the solution to detect, block, and mitigate vulnerabilities.

What is most valuable?

The most valuable feature of QualysGuard Policy Compliance is the automation that can detect real-time threats and decrease risks. QualysGuard Policy Compliance is integrated with the SIEM tool. VMDR tools work on asset management, vulnerability management, threat detection, and response.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (259 words)
PeerSpot user
Head of Information Security Department at a financial services firm with 201-500 employees
Verified user of Qualys Policy Compliance
Apr 16, 2018
Gives us very good compliance reports, helping tighten our infrastructure

What is our primary use case?

We are using it for hardening of the servers, according to the policies that we have as benchmarks here in the bank.

It has performed quite well, very well. We are satisfied with the product.

How has it helped my organization?

We have tightened our infrastructure using the solution and it's a safer environment from cyber crime and cyber attacks.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (323 words)