Qualys VMDR Reviews

It mainly scans the model against all of our online websites.

There are fewer false positives when using this solution. We are also cutting the need for news monitoring with this solution.

We find all of the features useful. 

One note for room for improvement is that all of the data is stored on the cloud. I think it would be better if they came up with a big box that could store the data and collect data from, it would be a huge improvement.

It is an extremely impressive and stable product. I would give it a 99% out of 100%. It is very close to being perfect.

I have had no issues with scalability. Initially, we had some issues with the dashboard, but eventually, it set and stabilized. There was an issue with the data dashing between the two models initially, but it was resolved.

The tech support is helpful. When we initially open a ticket, we get response within five minutes. Then, they open a case and we receive input from tech support within 24-48 hours with a Q-ID.

The first thing we like is the scanner, the device which checks vulnerability management.

They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability. If there is a new attack, we definitely know that it is happening, what is happening in our environment.

What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem.

It's stable. Every month we scan more than 5,000 IP addresses and we are able to detect vulnerabilities.

Our experience is that the problems we send them take too much time to resolve. For example, we opened a case for the problem I mentioned earlier, the vulnerabilities with Windows 7 and Server 2008 where it's trying the wrong patch. It took them a long time to even give us the correct explanation. So this is a problem.

The initial setup was very easy. We just needed to download the virtual machine. There is a key and we just needed to provide a proxy setting. That's it.

We did all the configuration as a one-time job where we defined our subnet and mapped. We needed to schedule the scan and the map and we needed to schedule a group of, say, Windows. It was just a one-time job where needed to configure the query and run it. It created a report and sent it to the administrators. After that one-time job, everything happens automatically.

We did it on our own.

I would recommend Qualys because it's very easy to use. It does not require many specific skills. We are always on the latest version because Qualys provides automatic updates.

We have a virtual appliance in each site and that sends the logs to the cloud. We have the consoles on the cloud which enable us to query and scan. All this happens through the cloud.

We only have one administrator for the solution who monitors and checks if there is anything to be aware of. It sends the reports to all the different administrators, such as network, Linux, and Windows administrators and they take it from there.

We also have Qualys configuration management module. If there are any particular issues in any servers or in any network, it gives us a report to suggest and rectify the issues. It tells us what changes are needed to on that device.

We are a system integrator. We implement Qualys for our customers for vulnerability management and policy compliance. We are not using Qualys as a product in our company. We have public, private, and hybrid cloud as well as on-premises deployments.

There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features.

Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching.

They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework. 

I have been using this solution for three years.

Qualys is a reliable, strong, and solid product. 

It is scalable. The main advantage of Qualys is that it is a cloud-based solution because of which you can scale it up or down according to your needs. It is very quick and flexible.

Because we are in the Middle East, we deal with the office in Dubai. You cannot imagine how supportive they are. They are amazing in their response.

The initial setup was easy. It has great hardware. Its deployment was easier than Rapid7, which is a bit complicated. Tenable is less complicated, but Qualys is faster and easier to deploy than Tenable. 

I deployed Qualys in two hours. It is easy to install, manage, and go through. There are multiple tabs, and everything is understandable.

Qualys is cheaper and more affordable than other solutions.

I would recommend Qualys because it is a reliable, affordable, and very safe product. It can have everything that you are looking for.

I would rate Qualys VM an eight out of ten.

From my point of view all the Qualys products are valuable. From the clients' perspective, I believe vulnerability management is the most valuable one and it’s a must in every organization. After the client realize the risks from outside, and that the vulnerabilities are real, a proper compliance policy implementation using Qualys Policy Compliance (I'm using v8.4), the second product needed in any infrastructure, can be done. If the organization has public websites, Web Application Scanning (I'm using v4.1) is the third valuable product needed in an organization.

After the first scan of the servers at all the POCs QualysGuard discovered many vulnerabilities that are grouped from low to high impact. The ability to use asset management to scan the grouped servers from the vulnerability management feature with the policy compliance engine helps the security officer to perform the daily/monthly tasks faster and make them more organized.

One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud.

As last month ( this is when I found out) Qualys offers a On-Premise instalation for it's customers.

https://www.qualys.com/enterprises/qualysguard/pri...

The issue with the private cloud is that is costs very much for a small firm.

I have been using QualysGuard since 2012, and I have followed the certification from Qualys in class. After that, I implemented it for one of our clients, and did some POCs using Qualys. In the last month I had another PoC with Qualys and the client looks interested.

need support from sysadmin to deploy the ovf file.

Qualys appliances are based on Linux OS, and they are very stable. I didn’t encounter any stability issues.

The big advantage of using the virtual appliances is that you can increase the allocated hardware if you need more resources.

The customer service level is very high. All the requests made to the reseller were fulfilled in a very short time.

We didn’t need to use Qualys technical support as the product was very stable, and our knowledge of the product was enough to fulfil all the clients needs.

I have used both Nessus and Rapid 7 Nexpose. I am working as a security consultant and I need to know the big players so I could present to my clients the pluses and minuses of the products they might choose.

Qualys initial setup is straightforward and if you follow the manual you don’t have any problems. You receive the credentials, login to the Qualys website, download the virtual appliance, configure the IP, and, after defining the credentials and the assets, you can start scanning your environment. For the hardware appliance you have to connect it to the network and after the configuration you can start the scanning.

I was part of the consultant team that implemented this solution to the client. We didn't have any complaints from him, and he used us to implement the rest of Qualys' components.

Usually every implementation is different and the quote is in function of number of assets.

The clients are usually evaluating the top three vendors from Gartner. From my clients side, the vendors used in evaluation were Nexpose, McAfee Vulnerability Manager and Nessus. Also I have tried the open source VM OpenVAS

Follow the vendor provided steps, and you will not have any problems during the initial implementation. If you don’t have experience with server policies, use a consultant that will be able to identify your business needs.

It gets up to date very fast.

Users do not feel any QualysGuard presence.

Solution for fixing problems need to be better documented, such as in a step by step way.

I've used it for three years.

No issues encountered.

No issues encountered.

No issues encountered.

8/10.

7/10.

No previous solution was used.

I strongly recommend that you use this solution.

I primarily use Qualys VM for vulnerability management, security configuration, and management and asset inventory.

The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks.

Some of the older features could be polished instead of focusing on releasing new features.

I've been using Qualys VM for around eighteen years.

We've had no problems with stability.

Qualys VM is quite easy to scale, and you can cover a large number of instances.

The technical support is pretty good, though sometimes the response time could be better.

Positive

The initial setup is quite simple.

Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers. With the SaaS version, you're buying a license for use per asset, so the price can differ, and there are additional fees for features like patch management and EDR policy compliance.

We also tested Tenable and Rapid7.

I would rate Qualys VM as nine out of ten.

We use Qualys to check the status of our security posture.

Qualys help identifies the weakness in our critical infrastructure and provides guidelines how to address them.

maybe compliance monitoring.

Reporting can be improved more. It should generate much more stuff like field reports. Though the reports generally meet our need we hope we can customize it better.

2 years

very satisfactory

Its scalability is a four or five out of five. 

We haven't had problems up until this point that required technical support. The solution can run by itself and generate reports. We didn't have any issues that would need us to call technical support.

None

Simple and straightforward

in-house.

acceptable.

I would give the pricing three out of five.

No.

I would like for Qualys to have the ability to scan OT operation technology assets as well. 

If it can I would rate it 8 out of 10. 

I have mostly used vulnerability management so I would recommend it for the same.

Most of my clients uses it for the vulnerability scanning of their internal & external network devices. Using the vulnerability management module you can track the list of vulnerabilities and can take action to remediate them. You can also see the list of vulnerability by severities and various other stuff.

I can't say as I have worked mostly on its vulnerability management module.

I've used it for two years.

I didn't work on the deployment.

No issues encountered.

No issues encountered.

I didn't use a previous solution, but the vulnerability management helped me to find out about it.

I have seen other products like Nessus, Nmap, iDefense and so on but I found this one much better.