Qualys VMDR Reviews

• Vulnerability assessment
• Asset management
• WAS

Since this is a SaaS based solution, the vulnerability scan with the external scanners as well as the reporting has improved a lot. The reporting is very granular and you can please higher management with your reports.

None, as the product is great.

I've used it for four years.

Stability of the product is very high, I have never seen it unavailable.

The support needs to improve a lot, their response is absolutely slow. I have had terrible experience with support over the years.

I would rate it great because of its improvement since I have had terrible experiences in the past.

We used McAfee Vulnerability Manager/Foundstone and had to switch because this is a SaaS based solution and has more features/capabilities.

The initial setup is very simple in terms of configuring the appliance.

We installed it ourselves,

I would definitely recommmend using this product, as this is very simple and yet an effective way to do vulnerability assessment.

.

I used this solution for one of my clients and the primary use case was for the compliance mode and scanning. We are customers of Qualys and I am senior vice president information security.

I found the solution quite intuitive and easy going. I have worked with other similar tools and found this simple to use. 

I felt hindered sometimes within reports in that they were lacking somewhat on the customization side in terms of making use of the data. The cloud user interface could be a little more responsive. It was a click and then a wait. 

I used this solution recently for about five months. 

There were a couple of small bugs but the solution was stable. 

I would recommend this solution and rate it a nine out of 10. 

Our primary use case is to manage vulnerabilities, scan web applications, and report assets throughout the network. Also, we create reports based on this data. 

• Tracks workstations and servers.
• Monitors workstations and servers for vulnerabilities and creates reports.
• Performs automated, regular scans in the network.
• Detects new hosts along with vulnerabilities.

The Qualys Agent is most valuable for getting insight into what is happening on what device with all its metadata.

• Improve the API speed. 
• Make some minimal dashboard improvements.
• Improve the user interface.

The vulnerability scanning feature is valuable.

QualysGuard has provided us with a valuable insight into vulnerabilities across our environment. Before the use of this product, we had no way of identifying or tracking vulnerabilities.

The reporting capabilities are good but I would like to be able to make more customized reports. In addition, I would like to be able to assign a numerical asset value to critical hosts.

I've used it for six years.

No issues encountered, it went very smoothly.

No issues encountered.

No, as it's very easy to add additional hosts.

8/10.

8/10.

We didn't use a previous solution.

It was straightforward.

It was implemented in-house.

We also looked at Nessus.

Make sure you take advantage of authenticated scans and it is also very helpful if you have a complete server inventory.

I use Qualys to review the validity of legacy applications, infrastructure, and simple data operating systems.

The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement. 

The pricing is also expensive.

I have been using Qualys for four years. 

It's stable.

I haven't needed to use technical support. 

The initial setup was good. We didn't have any problems with it. 

I would rate Qualys VM a ten out of ten. 

The feature where the solutions to issues are mentioned in the reports.

It's easy to reach the current location and download/install the correct patch.

The feature where the solutions to issues are mentioned in the reports could be improved.

I've been using it for over three years.

No issues encountered.

No issues encountered.

No issues encountered.

7/10.

5/10,

No previous solution was used.

It was implemented by the vendor.

The top one for me is that the vulnerabilities are kept up to date.

It has reduced the cost of ownership for the engineers who can launch scans on the customers’ networks.

I’m convinced it could be possible to do a simpler interface.

I used it for about four years.

No issues encountered.

There is an issue with the web browser, but it's not an issue with the product itself.

No issues encountered.

9/10.

8/10.

I switched due to the cost.

It was simple because it's only used for external scans.

You have to find the best solution regarding functions and cost.

• Tripwire
• Nessus
• Accunetix
• OIpenvas

• Take your time
• Study all the functionalities of the product
• Try to set it up in a lab first before your production environment.

WAF integration is valuable.

We can now perform vulnerability scans with WAF integration. The WAF has improved the vulnerability identification and reports to the SOC and CSO.

The IT infrastructure, especially server administration, needs to be improved.

I've used it for two years.

There was only one related, and that need work on our technology. As the solution is cloud based, we needed to adapt our internal policies.

There were no issues.

This been done without a problem.

It's good.

It's good.

There was no previous solution, but I did execute several POCs.

It was a regular setup for the configuration, but the official training was necessary.

We also looked at Nessus and GFI Languard.