Qualys VMDR Reviews

It mainly scans the model against all of our online websites.

There are fewer false positives when using this solution. We are also cutting the need for news monitoring with this solution.

We find all of the features useful. 

One note for room for improvement is that all of the data is stored on the cloud. I think it would be better if they came up with a big box that could store the data and collect data from, it would be a huge improvement.

It is an extremely impressive and stable product. I would give it a 99% out of 100%. It is very close to being perfect.

I have had no issues with scalability. Initially, we had some issues with the dashboard, but eventually, it set and stabilized. There was an issue with the data dashing between the two models initially, but it was resolved.

The tech support is helpful. When we initially open a ticket, we get response within five minutes. Then, they open a case and we receive input from tech support within 24-48 hours with a Q-ID.

Qualys VM's best feature is vulnerability management.

Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap. Their reporting could also be more user-friendly. In the next release, I would like Qualys to include basic policy and compliance checks in the basic licensing. 

I've been using Qualys VM for almost two years.

Qualys VM is quite stable - we've had no problems with it.

Qualys VM's scalability depends on the license that you use.

Previously we used Nessus, but only Qualys does intrusive scanning.

We used an in-house team.

An annual license for a single scanner costs around $3,000.

Qualys VM is a really good tool for vulnerability scanning, and it has different sets of profiles that can be utilized for your own requirements. I would rate Qualys VM as seven out of ten.

From my point of view all the Qualys products are valuable. From the clients' perspective, I believe vulnerability management is the most valuable one and it’s a must in every organization. After the client realize the risks from outside, and that the vulnerabilities are real, a proper compliance policy implementation using Qualys Policy Compliance (I'm using v8.4), the second product needed in any infrastructure, can be done. If the organization has public websites, Web Application Scanning (I'm using v4.1) is the third valuable product needed in an organization.

After the first scan of the servers at all the POCs QualysGuard discovered many vulnerabilities that are grouped from low to high impact. The ability to use asset management to scan the grouped servers from the vulnerability management feature with the policy compliance engine helps the security officer to perform the daily/monthly tasks faster and make them more organized.

One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud.

As last month ( this is when I found out) Qualys offers a On-Premise instalation for it's customers.

https://www.qualys.com/enterprises/qualysguard/pri...

The issue with the private cloud is that is costs very much for a small firm.

I have been using QualysGuard since 2012, and I have followed the certification from Qualys in class. After that, I implemented it for one of our clients, and did some POCs using Qualys. In the last month I had another PoC with Qualys and the client looks interested.

need support from sysadmin to deploy the ovf file.

Qualys appliances are based on Linux OS, and they are very stable. I didn’t encounter any stability issues.

The big advantage of using the virtual appliances is that you can increase the allocated hardware if you need more resources.

The customer service level is very high. All the requests made to the reseller were fulfilled in a very short time.

We didn’t need to use Qualys technical support as the product was very stable, and our knowledge of the product was enough to fulfil all the clients needs.

I have used both Nessus and Rapid 7 Nexpose. I am working as a security consultant and I need to know the big players so I could present to my clients the pluses and minuses of the products they might choose.

Qualys initial setup is straightforward and if you follow the manual you don’t have any problems. You receive the credentials, login to the Qualys website, download the virtual appliance, configure the IP, and, after defining the credentials and the assets, you can start scanning your environment. For the hardware appliance you have to connect it to the network and after the configuration you can start the scanning.

I was part of the consultant team that implemented this solution to the client. We didn't have any complaints from him, and he used us to implement the rest of Qualys' components.

Usually every implementation is different and the quote is in function of number of assets.

The clients are usually evaluating the top three vendors from Gartner. From my clients side, the vendors used in evaluation were Nexpose, McAfee Vulnerability Manager and Nessus. Also I have tried the open source VM OpenVAS

Follow the vendor provided steps, and you will not have any problems during the initial implementation. If you don’t have experience with server policies, use a consultant that will be able to identify your business needs.

• Totally vendor-managed appliance
• Highly scalable and deployable portal interface
• Ability to easily distribute administration functions based on access roles

It provides fully automated internal and external vulnerability management.

Streamline PCI integration and attestation.

I have used it for five years.

I have not encountered any scalability issues.

Technical staff are excellent.

We previously used Rapid 7. The product was not staying current with shifting trends, sales staff were pushy and management were arrogant.

Initial setup was simple.

Negotiate for the pricing model that fits your budget. The vendor is willing to customize pricing.

Before choosing this product, we evaluated Rapid 7, Nessus.

Take your time and have each vendor set up an actual proof of concept, rather than just relying on a demo. Get your network and support staff engaged in the process early on because they will be instrumental in deployment and support. Know what you’re trying to accomplish.

The vulnerability scanning feature is valuable.

QualysGuard has provided us with a valuable insight into vulnerabilities across our environment. Before the use of this product, we had no way of identifying or tracking vulnerabilities.

The reporting capabilities are good but I would like to be able to make more customized reports. In addition, I would like to be able to assign a numerical asset value to critical hosts.

I've used it for six years.

No issues encountered, it went very smoothly.

No issues encountered.

No, as it's very easy to add additional hosts.

8/10.

8/10.

We didn't use a previous solution.

It was straightforward.

It was implemented in-house.

We also looked at Nessus.

Make sure you take advantage of authenticated scans and it is also very helpful if you have a complete server inventory.

The reporting and vulnerability analysis features.

Vulnerability scans are easily managed and maintained using Qualys. What used to be a manual process is now automatic. When we have an issue, I can easily see what production systems are affected and I can easily pinpoint a solution to mitigate the issue.

The reporting is lacking a little, and it would be nice to have reports sent via email. Often times we have to manually generate the reports after a vulnerability is fixed and a scan has to be re-run.

I've used it for three years.

We did not.

Our Qualys box is hardware and it's very easy to set up and maintain. It's very little maintenance, and the most time consuming part is setting up everything initially, such as what subnets you want to scan, what reports you want to run, etc.

We have over 15,000 devices and had no issues with scaling up our Qualys infrastructure.

I have never had to interact with them. I get most of the information on the forums, and even there the responses are lighting fast. As far as actually talking to someone, I personally have never had to speak to Qualys support.

It's great. The users on the forums are very knowledgeable and eager to help. If I need a quick answer I will always get one from the support forum.

We used Nessus before. It was a manual process and very time consuming. I like Nessus, but it was very tedious to get it to function automatically.

There are always complexities to every setup. I think the biggest issue was the learning curve. Having to learn all the new pieces and how they fit into our environment was probably the single biggest hurdle we had to face.

We did it in-house.

We looked at Metasploit Expose but the price was too much for what we needed.

Do your research and see how this product would best fit into your environment.

We use this product for vulnerability management.

I like Qualys because it is a very complete product, more so than Tenable. It has vast capabilities.

We have been working with Qualys VM for a very short time, perhaps six months.

This is a stable solution.

Scalability-wise, this is a good product.

The technical support is very good and they have it both in Spanish and English.

We are also working with Tenable SC. Qualys is both more complete and for us, better in terms of pricing.

For a beginning, the initial setup is complex. You have to have some knowledge for setting it up and using it.

The price of Qualys for us is better than Tenable, although that is only because we are partners. The retail price of Qualys is higher than that of tenable. The pricing and licensing for Qualys could be improved.

Overall, this is a good product and I recommend it, mainly because of the capabilities and the management using a single console. I can even create a calendar for activities from the main screen.

I would rate this solution a nine out of ten.

The feature where the solutions to issues are mentioned in the reports.

It's easy to reach the current location and download/install the correct patch.

The feature where the solutions to issues are mentioned in the reports could be improved.

I've been using it for over three years.

No issues encountered.

No issues encountered.

No issues encountered.

7/10.

5/10,

No previous solution was used.

It was implemented by the vendor.