Qualys VMDR Reviews

I used this solution for one of my clients and the primary use case was for the compliance mode and scanning. We are customers of Qualys and I am senior vice president information security.

I found the solution quite intuitive and easy going. I have worked with other similar tools and found this simple to use. 

I felt hindered sometimes within reports in that they were lacking somewhat on the customization side in terms of making use of the data. The cloud user interface could be a little more responsive. It was a click and then a wait. 

I used this solution recently for about five months. 

There were a couple of small bugs but the solution was stable. 

I would recommend this solution and rate it a nine out of 10. 

Our primary use case is to manage vulnerabilities, scan web applications, and report assets throughout the network. Also, we create reports based on this data. 

• Tracks workstations and servers.
• Monitors workstations and servers for vulnerabilities and creates reports.
• Performs automated, regular scans in the network.
• Detects new hosts along with vulnerabilities.

The Qualys Agent is most valuable for getting insight into what is happening on what device with all its metadata.

• Improve the API speed. 
• Make some minimal dashboard improvements.
• Improve the user interface.

The vulnerability scanning feature is valuable.

QualysGuard has provided us with a valuable insight into vulnerabilities across our environment. Before the use of this product, we had no way of identifying or tracking vulnerabilities.

The reporting capabilities are good but I would like to be able to make more customized reports. In addition, I would like to be able to assign a numerical asset value to critical hosts.

I've used it for six years.

No issues encountered, it went very smoothly.

No issues encountered.

No, as it's very easy to add additional hosts.

8/10.

8/10.

We didn't use a previous solution.

It was straightforward.

It was implemented in-house.

We also looked at Nessus.

Make sure you take advantage of authenticated scans and it is also very helpful if you have a complete server inventory.

I use Qualys to review the validity of legacy applications, infrastructure, and simple data operating systems.

The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement. 

The pricing is also expensive.

I have been using Qualys for four years. 

It's stable.

I haven't needed to use technical support. 

The initial setup was good. We didn't have any problems with it. 

I would rate Qualys VM a ten out of ten. 

The feature where the solutions to issues are mentioned in the reports.

It's easy to reach the current location and download/install the correct patch.

The feature where the solutions to issues are mentioned in the reports could be improved.

I've been using it for over three years.

No issues encountered.

No issues encountered.

No issues encountered.

7/10.

5/10,

No previous solution was used.

It was implemented by the vendor.

The top one for me is that the vulnerabilities are kept up to date.

It has reduced the cost of ownership for the engineers who can launch scans on the customers’ networks.

I’m convinced it could be possible to do a simpler interface.

I used it for about four years.

No issues encountered.

There is an issue with the web browser, but it's not an issue with the product itself.

No issues encountered.

9/10.

8/10.

I switched due to the cost.

It was simple because it's only used for external scans.

You have to find the best solution regarding functions and cost.

• Tripwire
• Nessus
• Accunetix
• OIpenvas

• Take your time
• Study all the functionalities of the product
• Try to set it up in a lab first before your production environment.

WAF integration is valuable.

We can now perform vulnerability scans with WAF integration. The WAF has improved the vulnerability identification and reports to the SOC and CSO.

The IT infrastructure, especially server administration, needs to be improved.

I've used it for two years.

There was only one related, and that need work on our technology. As the solution is cloud based, we needed to adapt our internal policies.

There were no issues.

This been done without a problem.

It's good.

It's good.

There was no previous solution, but I did execute several POCs.

It was a regular setup for the configuration, but the official training was necessary.

We also looked at Nessus and GFI Languard.

It's used for vulnerability assessments, assessment of IT equipment, PCs, servers. It's supposed to help prioritize which security patches need to be deployed on that equipment.

The prioritization feature is great. I think it has all of the advanced features that we need.

It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution. So far, we've been pretty happy about it. Nothing comes to mind that is negative.

Given that it's really new, we're really trying to use all of the features and get a good comfort level and gain more experience in it. For this reason, I can't speak negatively of it, yet.

We've been using Qualys for roughly six to seven years, but we've only been using Qualys VMDR for a few months.

Qualys VMDR is very stable.

Qualys VMDR is definitely scalable.

They provide a lot of free virtual training to really understand the technology and the solution. That's a plus for them.

I used to work with QualysGuard VM — an older version. The earlier version didn't have the detection response that we needed, that's why this time it has the detection response. VMDR is the evolution of the solution.

The initial setup was pretty straightforward. Deployment was quick.

We implemented this solution ourselves.

Overall, on a scale from one to ten, I would give this solution a rating of eight. For us, it's just more of gathering more experience. The more we learn, I think we'll appreciate it, and then maybe from that point, we'll be able to say it's a nine, or a ten. It's more on us versus the solution.