It was responsible for vulnerability scanning. It enforces vulnerability management websites.
Senior Cyber Security Specialist at a tech services company with 1,001-5,000 employees
The reporting and GUI need improvement but it's reliable
Pros and Cons
- "Qualys VM is very stable."
- "The reporting and the GUI need improvements."
What is our primary use case?
What needs improvement?
The reporting and the GUI need improvements. Tenable dominated in these two areas: reporting and graphical user interface.
For how long have I used the solution?
Qualys VM was used once for one of our customers.
We were using the latest version.
What do I think about the stability of the solution?
Qualys VM is very stable.
Buyer's Guide
Qualys VMDR
December 2024
Learn what your peers think about Qualys VMDR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the scalability of the solution?
I didn't have all of the necessary information regarding the scalability or how to scale this solution, but all vulnerability management solutions have the same idea.
I believe that it is easy to scale.
How are customer service and support?
I did not contact technical support.
Which solution did I use previously and why did I switch?
I have also used Rapid7, which is very similar to Qualys VM.
Scaling is more difficult with Rapid7. When it comes to scaling, Rapid7 is not my first choice.
How was the initial setup?
I did not implement this solution, I performed one scan for our client.
What other advice do I have?
We have regulations in place in Saudi Arabia and Egypt that require all vulnerability management solutions to be implemented on-premise.
I would recommend this solution to others but Tenable is my preferred option.
I would rate Qualys VM a five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Information Officer/Senior Vice President at a tech services company with 51-200 employees
Helps prioritize which security patches need to be deployed on specific equipment
Pros and Cons
- "The prioritization feature is great. I think it has all of the advanced features that we need."
- "It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution."
What is our primary use case?
It's used for vulnerability assessments, assessment of IT equipment, PCs, servers. It's supposed to help prioritize which security patches need to be deployed on that equipment.
What is most valuable?
The prioritization feature is great. I think it has all of the advanced features that we need.
What needs improvement?
It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution. So far, we've been pretty happy about it. Nothing comes to mind that is negative.
Given that it's really new, we're really trying to use all of the features and get a good comfort level and gain more experience in it. For this reason, I can't speak negatively of it, yet.
For how long have I used the solution?
We've been using Qualys for roughly six to seven years, but we've only been using Qualys VMDR for a few months.
What do I think about the stability of the solution?
Qualys VMDR is very stable.
What do I think about the scalability of the solution?
Qualys VMDR is definitely scalable.
How are customer service and technical support?
They provide a lot of free virtual training to really understand the technology and the solution. That's a plus for them.
Which solution did I use previously and why did I switch?
I used to work with QualysGuard VM — an older version. The earlier version didn't have the detection response that we needed, that's why this time it has the detection response. VMDR is the evolution of the solution.
How was the initial setup?
The initial setup was pretty straightforward. Deployment was quick.
What about the implementation team?
We implemented this solution ourselves.
What other advice do I have?
Overall, on a scale from one to ten, I would give this solution a rating of eight. For us, it's just more of gathering more experience. The more we learn, I think we'll appreciate it, and then maybe from that point, we'll be able to say it's a nine, or a ten. It's more on us versus the solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Qualys VMDR
December 2024
Learn what your peers think about Qualys VMDR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Senior Information Security Engineer at a financial services firm with 501-1,000 employees
It is a stable product. Tech support is quick to respond to any inquiries.
Pros and Cons
- "There are fewer false positives when using this solution."
- "Tech support is helpful."
- "I do not like that all of the data is stored on the cloud."
What is our primary use case?
It mainly scans the model against all of our online websites.
How has it helped my organization?
There are fewer false positives when using this solution. We are also cutting the need for news monitoring with this solution.
What is most valuable?
We find all of the features useful.
What needs improvement?
One note for room for improvement is that all of the data is stored on the cloud. I think it would be better if they came up with a big box that could store the data and collect data from, it would be a huge improvement.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
It is an extremely impressive and stable product. I would give it a 99% out of 100%. It is very close to being perfect.
What do I think about the scalability of the solution?
I have had no issues with scalability. Initially, we had some issues with the dashboard, but eventually, it set and stabilized. There was an issue with the data dashing between the two models initially, but it was resolved.
How is customer service and technical support?
The tech support is helpful. When we initially open a ticket, we get response within five minutes. Then, they open a case and we receive input from tech support within 24-48 hours with a Q-ID.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Officer at Zamil
Threat detection tells us which machines are infected with a vulnerability
Pros and Cons
- "They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability."
- "What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem."
What is most valuable?
The first thing we like is the scanner, the device which checks vulnerability management.
They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability. If there is a new attack, we definitely know that it is happening, what is happening in our environment.
What needs improvement?
What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem.
For how long have I used the solution?
This is the third year we are using Qualys. This year we included one more module, the patching module.
What do I think about the stability of the solution?
It's stable. Every month we scan more than 5,000 IP addresses and we are able to detect vulnerabilities.
How are customer service and technical support?
Our experience is that the problems we send them take too much time to resolve. For example, we opened a case for the problem I mentioned earlier, the vulnerabilities with Windows 7 and Server 2008 where it's trying the wrong patch. It took them a long time to even give us the correct explanation. So this is a problem.
How was the initial setup?
The initial setup was very easy. We just needed to download the virtual machine. There is a key and we just needed to provide a proxy setting. That's it.
We did all the configuration as a one-time job where we defined our subnet and mapped. We needed to schedule the scan and the map and we needed to schedule a group of, say, Windows. It was just a one-time job where needed to configure the query and run it. It created a report and sent it to the administrators. After that one-time job, everything happens automatically.
What about the implementation team?
We did it on our own.
What other advice do I have?
I would recommend Qualys because it's very easy to use. It does not require many specific skills. We are always on the latest version because Qualys provides automatic updates.
We have a virtual appliance in each site and that sends the logs to the cloud. We have the consoles on the cloud which enable us to query and scan. All this happens through the cloud.
We only have one administrator for the solution who monitors and checks if there is anything to be aware of. It sends the reports to all the different administrators, such as network, Linux, and Windows administrators and they take it from there.
We also have Qualys configuration management module. If there are any particular issues in any servers or in any network, it gives us a report to suggest and rectify the issues. It tells us what changes are needed to on that device.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network and security Pre-sales Engineer at a tech services company with 51-200 employees
A reliable, affordable, safe, scalable, and easy-to-use solution for vulnerability management and policy compliance
Pros and Cons
- "There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features."
- "Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching. They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework."
What is our primary use case?
We are a system integrator. We implement Qualys for our customers for vulnerability management and policy compliance. We are not using Qualys as a product in our company. We have public, private, and hybrid cloud as well as on-premises deployments.
What is most valuable?
There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features.
What needs improvement?
Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching.
They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework.
For how long have I used the solution?
I have been using this solution for three years.
What do I think about the stability of the solution?
Qualys is a reliable, strong, and solid product.
What do I think about the scalability of the solution?
It is scalable. The main advantage of Qualys is that it is a cloud-based solution because of which you can scale it up or down according to your needs. It is very quick and flexible.
How are customer service and technical support?
Because we are in the Middle East, we deal with the office in Dubai. You cannot imagine how supportive they are. They are amazing in their response.
How was the initial setup?
The initial setup was easy. It has great hardware. Its deployment was easier than Rapid7, which is a bit complicated. Tenable is less complicated, but Qualys is faster and easier to deploy than Tenable.
I deployed Qualys in two hours. It is easy to install, manage, and go through. There are multiple tabs, and everything is understandable.
What's my experience with pricing, setup cost, and licensing?
Qualys is cheaper and more affordable than other solutions.
What other advice do I have?
I would recommend Qualys because it is a reliable, affordable, and very safe product. It can have everything that you are looking for.
I would rate Qualys VM an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
ITSM & AntiFraud Consultant at a tech company with 51-200 employees
Vulnerability management is the most valuable feature but it would be good if they could provide an internal computing appliance.
Pros and Cons
- "Vulnerability management is the most valuable one and it’s a must in every organization."
- "One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud."
What is most valuable?
From my point of view all the Qualys products are valuable. From the clients' perspective, I believe vulnerability management is the most valuable one and it’s a must in every organization. After the client realize the risks from outside, and that the vulnerabilities are real, a proper compliance policy implementation using Qualys Policy Compliance (I'm using v8.4), the second product needed in any infrastructure, can be done. If the organization has public websites, Web Application Scanning (I'm using v4.1) is the third valuable product needed in an organization.
How has it helped my organization?
After the first scan of the servers at all the POCs QualysGuard discovered many vulnerabilities that are grouped from low to high impact. The ability to use asset management to scan the grouped servers from the vulnerability management feature with the policy compliance engine helps the security officer to perform the daily/monthly tasks faster and make them more organized.
What needs improvement?
One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud.
As last month ( this is when I found out) Qualys offers a On-Premise instalation for it's customers.
https://www.qualys.com/enterprises/qualysguard/pri...
The issue with the private cloud is that is costs very much for a small firm.
For how long have I used the solution?
I have been using QualysGuard since 2012, and I have followed the certification from Qualys in class. After that, I implemented it for one of our clients, and did some POCs using Qualys. In the last month I had another PoC with Qualys and the client looks interested.
What was my experience with deployment of the solution?
need support from sysadmin to deploy the ovf file.
What do I think about the stability of the solution?
Qualys appliances are based on Linux OS, and they are very stable. I didn’t encounter any stability issues.
What do I think about the scalability of the solution?
The big advantage of using the virtual appliances is that you can increase the allocated hardware if you need more resources.
How are customer service and technical support?
Customer Service:
The customer service level is very high. All the requests made to the reseller were fulfilled in a very short time.
Technical Support:We didn’t need to use Qualys technical support as the product was very stable, and our knowledge of the product was enough to fulfil all the clients needs.
Which solution did I use previously and why did I switch?
I have used both Nessus and Rapid 7 Nexpose. I am working as a security consultant and I need to know the big players so I could present to my clients the pluses and minuses of the products they might choose.
How was the initial setup?
Qualys initial setup is straightforward and if you follow the manual you don’t have any problems. You receive the credentials, login to the Qualys website, download the virtual appliance, configure the IP, and, after defining the credentials and the assets, you can start scanning your environment. For the hardware appliance you have to connect it to the network and after the configuration you can start the scanning.
What about the implementation team?
I was part of the consultant team that implemented this solution to the client. We didn't have any complaints from him, and he used us to implement the rest of Qualys' components.
What's my experience with pricing, setup cost, and licensing?
Usually every implementation is different and the quote is in function of number of assets.
Which other solutions did I evaluate?
The clients are usually evaluating the top three vendors from Gartner. From my clients side, the vendors used in evaluation were Nexpose, McAfee Vulnerability Manager and Nessus. Also I have tried the open source VM OpenVAS
What other advice do I have?
Follow the vendor provided steps, and you will not have any problems during the initial implementation. If you don’t have experience with server policies, use a consultant that will be able to identify your business needs.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a QualysGuard partner
Network and Lotus Notes Administrator at a insurance company with 1,001-5,000 employees
It updates quickly and works without its presence being felt, but the problem-solving documentation needs improvement.
What is most valuable?
It gets up to date very fast.
How has it helped my organization?
Users do not feel any QualysGuard presence.
What needs improvement?
Solution for fixing problems need to be better documented, such as in a step by step way.
For how long have I used the solution?
I've used it for three years.
What was my experience with deployment of the solution?
No issues encountered.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and technical support?
Customer Service:
8/10.
Technical Support:7/10.
Which solution did I use previously and why did I switch?
No previous solution was used.
What other advice do I have?
I strongly recommend that you use this solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Consultant at a tech services company with 11-50 employees
Connects threat intelligence information with identified vulnerabilities, so you can prioritize vulnerabilities according to actual attacks
Pros and Cons
- "The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks."
- "Some of the older features could be polished instead of focusing on releasing new features."
What is our primary use case?
I primarily use Qualys VM for vulnerability management, security configuration, and management and asset inventory.
What is most valuable?
The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks.
What needs improvement?
Some of the older features could be polished instead of focusing on releasing new features.
For how long have I used the solution?
I've been using Qualys VM for around eighteen years.
What do I think about the stability of the solution?
We've had no problems with stability.
What do I think about the scalability of the solution?
Qualys VM is quite easy to scale, and you can cover a large number of instances.
How are customer service and support?
The technical support is pretty good, though sometimes the response time could be better.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is quite simple.
What's my experience with pricing, setup cost, and licensing?
Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers. With the SaaS version, you're buying a license for use per asset, so the price can differ, and there are additional fees for features like patch management and EDR policy compliance.
Which other solutions did I evaluate?
We also tested Tenable and Rapid7.
What other advice do I have?
I would rate Qualys VM as nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Qualys VMDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Vulnerability Management IT Asset Management Configuration Management Databases Container Security Risk-Based Vulnerability ManagementPopular Comparisons
Tenable Nessus
Tenable Security Center
Tanium
Tenable Vulnerability Management
SentinelOne Singularity Cloud Security
Orca Security
Pentera
Acunetix
JFrog Xray
Lacework FortiCNAPP
Skybox Security Suite
Check Point CloudGuard CNAPP
Trend Vision One - Cloud Security
Microsoft Defender Vulnerability Management
Buyer's Guide
Download our free Qualys VMDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Qualys VM vs Tenable Nessus: Comparison
- How does Tenable Nessus compare with Qualys VM?
- How does Pentera compare with Qualys VMDR?
- What are the main differences between Qualys VMDR and Tenable Nessus?
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- Which is the best vulnerability scanner tool?
Thanks 4 share