Qualys VM is used for vulnerability scans for the internet and applications using application exchange. There are many applications. We also use the solution for asset management per team, and the network scan to discover the devices on our network.
Security Expert at a insurance company with 10,001+ employees
The solution is efficient, with easy implementation, and simple to use
Pros and Cons
- "The most valuable feature of the solution is the external channel."
- "I would like to have CSPM, a continuous scan-like cloud added to the solution."
What is our primary use case?
How has it helped my organization?
We have an excellent relationship with the vendor, so we use the solution in our company and in two other companies. We have a communication program. Japanese people can't speak English, but most of the tools have only English support, Qualys VM offers support in other languages which are essential for our company.
What is most valuable?
The most valuable feature of the solution is the external channel. The cloud-based channel within the AWS, which we implement accordingly.
The vulnerability cycle feature of the solution is valuable.
What needs improvement?
I would like to have CSPM, a continuous scan-like cloud added to the solution.
Buyer's Guide
Qualys VMDR
December 2024
Learn what your peers think about Qualys VMDR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
For how long have I used the solution?
I have been using the solution for one year.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable.
We have 25,000 storage devices that are currently using the solution.
Which solution did I use previously and why did I switch?
We previously used an AWS scanner but switched to Qualys VM because of the Japanese support and the cost.
How was the initial setup?
The initial setup is straightforward.
Qualys environment is implemented very easily, within one or two months. However, setting up the standard devices, such as opening a firewall, and preparing the network can take up to four or five months. The entire deployment takes about six months.
What about the implementation team?
The implementation was completed in-house.
What other advice do I have?
I give the solution an eight out of ten.
The maintenance is not difficult and we don't have any problems or concerns.
Implementation of the solution is very easy, using the solution is very easy, and it is very efficient.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Consultant at Tata Consultancy
Great support, good training, and lots of great features
Pros and Cons
- "It's stable and quite reliable."
- "There needs to be better documentation."
What is our primary use case?
Qualys has many products. However, the prominent one is for scanning the vulnerabilities on endpoints, including servers and desktops. The other can be for using multiple other products, like taking the certificate, inventory, and software inventory of endpoints through scanning.
Additionally, we use the solution for web application scanning. When they have web applications, they can scan applications for various vulnerabilities and give recommendations.
What is most valuable?
Almost all of the features are great. We use Qualys for vulnerability scanning of servers and web application scanning. These are the two prominent features that we often use.
The initial setup is very straightforward.
It's stable and quite reliable.
The product can scale.
Technical support is helpful, and the product provides a good amount of training.
What needs improvement?
Qualys has evolved a lot. It is one of the services that has evolved a lot, and we do recommend Qualys to the specs tent.
However, their products are very modular, so for customers, they need to provide some roadmap on how the customer can utilize their products. For example, starting with vulnerability scanning, they need to show how they can extend their products for multiple other use cases. They need to do a better job of educating customer more.
There needs to be better documentation.
Maybe their price scheduler could be made simpler.
It's expensive.
For how long have I used the solution?
We've been using Qualys for a long time. I've used it for more than five years.
What do I think about the stability of the solution?
It is stable. It is reliable. The solution doesn't have any bugs or glitches, and it doesn't crash or freeze.
What do I think about the scalability of the solution?
It's scalable. It's easy to expand.
Many people use the solution. There are likely more than 10,000 users.
The usage is based on the business requirements. It all depends on the service offering.
How are customer service and support?
They do offer a lot of support in the form of training for users. They also offer labs. The technical teams are reachable. Technical support is quite good with them.
How would you rate customer service and support?
Positive
How was the initial setup?
This is an easy product to set up. It's not very complex to implement.
The deployment was very fast. We could do it in about a week's time. It can be done very quickly. There are just some configurations on the cloud, and you can handle the agent deployment using some deployment tools.
What's my experience with pricing, setup cost, and licensing?
We pay an annual licensing fee.
Prices do vary. If it is for a standard solution, they are the best. If a company goes for some advanced solutions, like web scanning, it does become pricey. However, the basic solution is good. It's just the advanced solutions that drive up the price.
What other advice do I have?
I am a consultant.
I'd recommend the solution to others.
I would rate the product ten out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Qualys VMDR
December 2024
Learn what your peers think about Qualys VMDR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
IT Team Lead at a consultancy with 10,001+ employees
Efficient risk assessment with critical vulnerability prioritization and an easy setup
Pros and Cons
- "The most valuable feature is the QID part, especially of CentralList, which makes it easy to assess new critical vulnerabilities."
- "Support could be improved since the response can be slow."
What is our primary use case?
The primary use case for Qualys VMDR is for infrastructure vulnerability management. It assists devices, including all infrastructure devices like serverless network devices and development environments.
How has it helped my organization?
The solution has improved the organization significantly because it helps in assessing and prioritizing risk. Based on the results from Qualys, I can prioritize remediations with the remediation teams, thereby reducing the volume of vulnerabilities.
What is most valuable?
The most valuable feature is the QID part, especially of CentralList, which makes it easy to assess new critical vulnerabilities. It saves a lot in assessing and prioritizing risks to the organization.
What needs improvement?
Support could be improved since the response can be slow. There is always room for improvement to align with the latest content and technologies.
For how long have I used the solution?
I have used the solution for three years.
What do I think about the stability of the solution?
The solution is stable. Anytime there is downtime or maintenance, Qualys ensures that we are well-informed with priority communications.
What do I think about the scalability of the solution?
Scalability would be rated nine or nine point five out of ten. We have high satisfaction with this aspect.
How are customer service and support?
Technical support response can sometimes be slow, leading to a rating of eight or nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used a different tool. I switched to Qualys as it didn't have the same feature set.
How was the initial setup?
The initial setup was straightforward. Deployment took two to three days.
What about the implementation team?
The deployment was done by a different team, so I do not have specific details about the implementation team size.
Which other solutions did I evaluate?
I have used RapidSky before Qualys.
What other advice do I have?
I would recommend Qualys VMDR because it ensures comprehensive coverage, including aspects like vulnerability management and PCI, providing good inputs and improvements over time.
I'd rate the solution nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Oct 21, 2024
Flag as inappropriateWorks at a tech consulting company with 10,001+ employees
Offers asset management, tracks unused machine and ability to customize dashboards according to customer needs
Pros and Cons
- "It's also highly customizable, allowing us to tailor it to our needs."
- "In terms of improvement for the web application console, in the older version, things were more segregated and presented in a brief format."
What is our primary use case?
We have multiple modules, including Qualys VMDR solution and Qualys TotalCloud solution. We use them in our organization, like VMDR, for vulnerability management, detection, and response, as well as policy compliance to amend policies according to CIA benchmarks and other frameworks.
We also use the web application module and the Qualys Gateway module to ensure that scanner appliances are functioning properly. These modules allow us to check various scenarios and initiate scans, either on-demand or as per a scheduled plan.
My primary work is with VMDR module. In my previous organization, I worked with TotalCloud, but right now, I am focused only on VMDR and other modules.
How has it helped my organization?
Sometimes, we receive CVIDs from customers who require vulnerability scans, but they are not available in the Qualys knowledge base. This makes it complicated because we need to contact Qualys to add the required QID and CVID to their knowledge base and provide the corresponding vulnerability criteria. It affects our business since, without that information, we can't identify or notify our teams about the vulnerabilities.
What is most valuable?
Compared to other tools, VMDR provides a clearer view and is easy to understand. It's also highly customizable, allowing us to tailor it to our needs. I find it to be better than tools like Belwix, Rapid7, and Tenable.
For asset management, there's a feature that tracks unused machines and purging mechansim. It informs us if a machine hasn’t been used for 180 days, or if it’s been idle for 368 days, allowing us to segregate the data. This reduces our active vulnerability count, which improves tracking and helps us provide more accurate information to customers. It gives more active grip on the information.
With continuous monitoring, we can customize dashboards according to customer needs. Whether they require reports on a daily, weekly, or quarterly basis, we can set up the dashboard to display the relevant data. It's essential to understand their requirements and adjust the Qualys Query Language (QQL) accordingly. A solid grasp of QQL is a plus when working with Qualys.
What needs improvement?
Sometimes, it can take more time than other tools to resolve certain issues. For example, if there's a problem with policy compliance, you might not get an immediate solution from Qualys' technical team.
Occasionally, customers ask for RCA (Root Cause Analysis), and if Qualys doesn't provide it, we can't give a clear answer. This can be frustrating, but it doesn't happen in every case.
In terms of improvement for the web application console, in the older version, things were more segregated and presented in a brief format. However, in the latest version, you have to write a query to retrieve the kind of data you want. Sometimes, if you write the wrong query, you don't get the proper count or the right data, such as how many days a scan has been failing. This can be an issue if you're not familiar with the query language. So, they should offer an optional feature where, if someone isn't familiar with the query language, they can use tab buttons or other features to enable or disable options and get the correct data and information on time.
Qualys VMDR should enhance the EDR (Endpoint Detection and Response) part because there's a lack of information and features in Qualys EDR. Sometimes, organizations have to buy different EDR tools, like Carbon Black and others, to cover the gap.
From a learning perspective, Qualys VMDR needs to improve. Right now, they only provide information, but they don't offer any library or testing environment. Often, customers don't allow changes to be made in the live environment, and I don’t think it’s a good idea to make any changes directly there. It would be great if they could provide a lab environment for testing. That would be really useful.
Qualys is updating certain product modules. Sometimes, they need to provide clearer deadlines. Customers aren't always informed when Qualys updates a module from the backend, which can disrupt our work. For example, they recently updated the "Asset View" module and converted it to "Cybersecurity Asset Management." Customers weren’t aware of this change beforehand.
In situations like this, they need to ensure that they provide proper information, SOPs, or documents so we can share them with customers. Customers also have access to the tool, so they can use the SOPs to learn how the updates work. This would improve productivity because we wouldn't need to spend extra time learning how to use the updated tool.
For how long have I used the solution?
I have been using it for around four years.
What do I think about the stability of the solution?
It’s very stable. Qualys provides advisories faster than other tools when it comes to exploitable vulnerabilities. This helps ensure we can secure the environment promptly.
But, last year we did encounter an issue with the Qualys Gateway Console, where the gateway went down and it took around six hours to set up a new one. After that, we implemented two gateways to ensure we could switch to a secondary one if the primary failed.
What do I think about the scalability of the solution?
Around 300 users work with Qualys, with different permission levels—leaders, managers, and regular users. We have over 50,000 hardware devices in total.
How are customer service and support?
We have a dedicated person for support. She’s always available to help, or if she's on leave, she ensures someone else is aligned to handle our cases, so we don’t breach any timelines. I'd give the support a high rating.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
In other tools, like Rapid7 and InsightVM, everything is done within a single module. In Qualys, we have separated modules with distinct functionalities. You can choose to purchase only the modules and licenses you need, which makes it cost-effective. You don’t have to pay for features you're not using, unlike other tools where everything is bundled.
How was the initial setup?
It's not an issue with Qualys itself. We encountered some problems when migrating from physical scanners to virtual ones, but that was more on our network team’s side. Qualys provided excellent support in that scenario, which helped us identify and resolve the issue on time, and we provided the solution to our customer.
I work with the on-premises version. We updated from physical scanners to virtual scanners.
In my previous organization, I worked on deploying the solution. There, I customized the Windows OS image so that when you install the image on any machine, it prompts for a key that’s already embedded. Once the steps are completed, it automatically installs the Cloud Agent module on every machine. The agent syncs data every four hours, providing vulnerability data and security insights for each machine.
It’s not a one-person task. We had to coordinate with several teams, such as the network and system teams, for deployment. In total, we worked with about six teams during the process.
For about 1,400 machines, it took around three months to complete the deployment and resolve any issues. For example, sometimes policies weren't pushed properly from Ivanti or other tools, or users didn’t turn on their machines, which stopped Qualys services. We had to address these issues for each user, so it took some time. But we completed the deployment in about three months.
Maintenance isn't difficult, especially when working with the Cloud Agent. You just need to set up rules, like purging machines that haven’t connected to the network in three months. You write policies to manage this, which simplifies the decommissioning process and other tasks.
What was our ROI?
Qualys provides good value for the investment. Before using Qualys, we weren’t clear on how many assets needed purging or how many open vulnerabilities we had. Qualys gave us a clearer picture, so from a cost perspective, it’s been valuable.
What other advice do I have?
I would recommend it. For enterprises, I’d suggest understanding how the tool works and which modules meet your needs. It’s important to coordinate with the customer team or Qualys technical team to figure out how many licenses you need and which modules will benefit your organization. Proper calculation and understanding are key before purchasing.
Overall, I would rate it a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: MSP
Last updated: Sep 18, 2024
Flag as inappropriateSenior Manager -Cloud Security at Capgemini
Continuous endpoint monitoring and amazing dashboards
Pros and Cons
- "Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported."
- "Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time."
What is most valuable?
Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported. Plus, the dashboards are amazing. There are so many dashboards and things in the console that you can explore, which I think other solutions, Tenable.io for example, are still working on.
What needs improvement?
They have everything covered as far as features are concerned, but Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time.
For how long have I used the solution?
I've been working with this solution for one to two years.
What do I think about the stability of the solution?
This solution is definitely stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
I am not happy with the technical support because I had a very bad experience with them. On a scale of one to five, I would give Qualys tech support a two.
How would you rate customer service and support?
Neutral
How was the initial setup?
There were a few challenges. I had an integration issue with Qualys where they had to enable the data privacy from the back end because I couldn't integrate it with the SIEM.
What was our ROI?
The ROI is definitely good for this solution.
What's my experience with pricing, setup cost, and licensing?
Qualys is a pay-as-you-go model, so there's flexibility to the pricing.
What other advice do I have?
Everything is well-documented by Qualys. Their white paper is published and they have much visibility across the globe and on different platforms. If you look into their educational YouTube channel, you get a lot of information. There are a lot of seminars and talks on Qualys VMDR features.
The advantage with Qualys is that you get a lot of features because it has been a market leader for quite a long time. The solution has an agent-based approach and I think it is highly evolved when compared to Tenable, for example. However, Qualys is a bit highly priced so if you're looking strictly at pricing, I think you will get a better value with Tenable.
I would rate this solution as a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Global IT Security Specialist at a manufacturing company with 1,001-5,000 employees
Real-time vulnerability detection with essential patch management, Cloud & SaaS security features make it an ideal tool for VM
Pros and Cons
- "The most valuable features of Qualys VMDR include patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors where we cannot manage them ourselves."
- "One area for improvement is the simplification of the process to ignore certain vulnerabilities on specific devices."
What is our primary use case?
The primary focus of this solution is to identify and detect vulnerabilities in real time and use that information to patch them using Qualys VMDR task management module. We have a variety of devices within our network, including network devices, firewalls, vCenters, VMs, web applications, and endpoints. We deploy cloud agents on workstations and servers where possible, and we scan network devices using a virtual scanner where we cannot deploy the cloud agent. Additionally, we perform web application scanning for our web apps. We also use the tool to manage our cloud security and container security.
How has it helped my organization?
With the help of Qualys VMDR, we were able to get real-time knowledge base updates from Qualys and perform scans on all devices to identify vulnerable devices. This allowed us to plan the next course of action for mitigating vulnerabilities. For example, during the zero-day events, such as the Log4j vulnerability, we received critical real-time information from Qualys, enabling us to identify and plan for mitigation while the rest of the world was still struggling. This capability has tremendously helped us maintain the cybersecurity posture within our organization.
What is most valuable?
The most valuable features of Qualys VMDR include CSAM, Qualys Gateway Service, Web Application Scanning, patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors.
The ability to run a map scan and identify all assets within our network is extremely beneficial for medium to large organizations. Real-time asset discovery and patch management have also been vital features for us.
What needs improvement?
One area for improvement is the simplification of the process to ignore certain vulnerabilities on specific devices. Currently, the process is quite long, requiring the creation of separate knowledge bases and lists. Simplifying this to one or two clicks would be beneficial. Additionally, enhancing patch management to support third-party tools and simplifying the creation of patch jobs would greatly improve usability. Improving the interconnection between multiple modules would also be helpful, making navigation and operations more straightforward.
For how long have I used the solution?
I have been using Qualys VMDR for more than two - three years now.
What do I think about the stability of the solution?
I would rate the stability of Qualys VMDR as eight. It is a stable solution with minimal issues.
What do I think about the scalability of the solution?
The scalability of Qualys VMDR is good. If we add additional resources, the tool can scale efficiently, ingesting new data seamlessly. Qualys has auto-scaling enabled for their cloud platform, which ensures performance remains high, even with increased resources.
How are customer service and support?
Technical support from Qualys needs some improvement. There are instances where Level 2 support is not able to assist, requiring escalation, which can take time. Overall, basic troubleshooting and issue resolution are straightforward.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have worked with other vulnerability management solutions prior to Qualys. In my current organization, we selected Qualys after a POC. Other tools have not evolved well as Qualys has over the years, making Qualys the preferred solution.
How was the initial setup?
The initial setup of Qualys VMDR is straightforward. The setup's complexity depends on the organization’s size and collaboration with various teams. For organizations with a clear device inventory, the deployment can be completed within a month.
What about the implementation team?
In-house
Which other solutions did I evaluate?
We evaluated other tools available in the market during our POC process yet found Qualys to be the best solution.
What other advice do I have?
I would recommend Qualys VMDR to other users if they want a comprehensive solution for real-time vulnerability detection and mitigation. The tool is easy to implement, backed by a reliable knowledge base, and offers quick updates during zero-day events. While there are areas for improvement, such as simplifications in handling certain features, the overall solution is robust and effective.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Sep 18, 2024
Flag as inappropriateHead of IT at a manufacturing company with 10,001+ employees
Has an effective tagging system and authentication mechanism compared to other tools
Pros and Cons
- "The process of defining and discovering scans is organized efficiently."
- "Qualys could improve the inbuilt dashboards."
What is our primary use case?
We use the product for enterprise network infrastructure scanning.
What is most valuable?
The product has multiple valuable areas. The process of defining and discovering scans is organized efficiently. It has an effective tagging system and authentication mechanism compared to other tools. Its integration with AD helps us a lot. Additionally, I like the report generation feature.
What needs improvement?
Qualys could improve the inbuilt dashboards. They could be advanced compared to competitors like Rapid7 and Tenable. They should include a faster reverse integration process. They could enhance its integration with ServiceNow CMDB to ensure that mapping IP addresses, domains, and net bias names is consistent and accurate.
For how long have I used the solution?
We have been using Qualys VMDR for nearly two and a half years.
What do I think about the stability of the solution?
I rate the product's stability a nine out of ten. I have rarely seen any stability issues with Qualys.
What do I think about the scalability of the solution?
I rate the product's scalability an eight out of ten. We only recommend some people use Qualys in our organization. It is a limited audience. It is used by the vulnerability management team and a few critical resources from different parts of the cybersecurity department. We have 50 users in total. They should provide role-based access for managers, reviewers, and scanners.
How was the initial setup?
The initial setup process is simple as I have prior experience working on two full-time projects with it. I find it simple as I have enough background knowledge of it.
What's my experience with pricing, setup cost, and licensing?
The product is more expensive than that of any other vendor.
Which other solutions did I evaluate?
I did work on Tenable's POC and some other vendors. It has some limitations in detecting different types of vulnerabilities or false positives. Qualys is on the higher side when compared to the other tools.
What other advice do I have?
I rate the product an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Manager at a outsourcing company with 51-200 employees
Accurate and effective with good reporting
Pros and Cons
- "The reporting functionality is great."
- "They're still evolving their platform in terms of reporting capabilities."
What is our primary use case?
We do vulnerability management mostly with the agents and sometimes with the scanner.
We use it to install for around 20 or 30 clients right now so that we can remotely monitor their vulnerability status and help them improve their patch management processes. When certain critical things come up, we help clients with the Log4J, identifying where they need to remediate some of the super trendy critical things that come out and identifying end-of-life operating systems and software that need to be updated.
What is most valuable?
The reporting functionality is great. The most prominent feature that made us move from Nessus Professional was the scanner-based scanning to the Qualys agent-based scanning to move to work from home and remote.
If somebody's not connected to the network, you're not going to catch them with an appliance-based scan. However, if you have the agent on, as long as they're on the network, they're constantly checking in and constantly scanning.
It's more accurate and effective to get a picture of what the vulnerabilities are in a more distributed workforce.
The reporting capabilities that are available in Qualys are a work in progress. I know they're still evolving, and it's not always perfect. However, we only have so much flexibility to pinpoint a specific thing that we want to follow or monitor across all of our clients. We can set it up in a dashboard or report and do it quickly.
What needs improvement?
They're still evolving their platform in terms of reporting capabilities. Every time they make a change, it's not always super smooth, and it's a little quirky with bugs sometimes. That said, they've been really responsive at helping resolve issues that we find. We've got a pretty close relationship with them and our account managers there. We’re working on it.
For how long have I used the solution?
We've been using it as a service provider for about a year or so.
What do I think about the stability of the solution?
The solution can sometimes be buggy.
The agent itself is stable. The reporting platform seems to go through quite a bit of change that they're trying to make it more robust and developing more things, and so we'll make customizations, and they make it update, and the customizations wipe out. I wouldn't say the reporting platform is super stable at the moment. However, it more than meets our needs far beyond what we had with Nessus Professional. The ability to monitor has been stable.
What do I think about the scalability of the solution?
It's incredibly scalable. We've got it across 20 or 30 clients, and so we're pretty happy with how scalable it is from that aspect of a multi-client platform as an MSTP of that type of service.
However, the reporting doesn't seem to be as scalable. The more clients we add to it, the slower it runs with the reporting and dashboards.
Most of our clients are small and medium-sized businesses, so each of those clients has maybe anywhere from 30 to 1,000 agents.
We do plan to increase usage. We're only a year in. We touch a couple of hundred clients a year, so we're just learning the capabilities of it and growing with Qualys as we go. We're definitely all in with Qualys at this point.
How are customer service and support?
I maybe had one meeting trying to understand how to build the dashboards, however, my colleague is the one that was selected to handle the solution and works closely with technical support. From what I heard, they've been great.
Which solution did I use previously and why did I switch?
We previously used Nessus Professional. We switched when we could no longer go use our paid scanner on a client environment due to COVID and not actually going to client offices and nobody being there. Therefore, at that time, it wouldn't have been an effective vulnerability scan, and we had to look at other options. While one of our larger clients does have Nessus iOS through the city government, and it's a great tool, the pricing model was just cost prohibitive for our users across so many clients, and so that's why we were looking at other tools.
How was the initial setup?
It's straightforward as long as the clients have any technical know-how or central management of their devices.
The agents update themselves. There isn’t maintenance necessary once it is deployed.
What's my experience with pricing, setup cost, and licensing?
I’m not clear on the pricing. We don't use it as an in-house tool, and we use it more as a managed service provider. We provide information security consulting services for many companies. When they don't have vulnerability management, we'll offer to support Qualys for them. We've got the MSP platform, and so it's not the typical pricing structure or platform. Therefore, I can’t speak to the exact pricing or typical licensing.
What other advice do I have?
We pay for the Qualys platform, and we will maintain the vulnerability management for our clients until they get their own vulnerability management solution.
I’d recommend the solution to others.
In a world of the hybrid workforce and work from home, if you're looking for a more effective vulnerability management tool, you have to go to the agent-based vulnerability management tools that are out there, and we've been extremely happy with Qualys. We were also delighted with Nessus in terms of their ability to identify things. However, an agent-based scanner is above an appliance base for known devices. Ideally, you have both of them together so you can scan your network for devices that might have an agent on it. However, for known devices, we definitely have been switching and really appreciate the switch to agent-based in Qualys.
I’d rate the solution eight out of ten. The only downside is that reporting can be slow, knowing that we're dealing with trying to load dashboards with 20,000 to 30,000 agents.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Qualys VMDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Vulnerability Management IT Asset Management Configuration Management Databases Container Security Risk-Based Vulnerability ManagementPopular Comparisons
Tenable Nessus
Tenable Security Center
Tanium
Tenable Vulnerability Management
SentinelOne Singularity Cloud Security
Orca Security
Pentera
Acunetix
JFrog Xray
Lacework FortiCNAPP
Skybox Security Suite
Check Point CloudGuard CNAPP
Trend Vision One - Cloud Security
Microsoft Defender Vulnerability Management
Buyer's Guide
Download our free Qualys VMDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Qualys VM vs Tenable Nessus: Comparison
- How does Tenable Nessus compare with Qualys VM?
- How does Pentera compare with Qualys VMDR?
- What are the main differences between Qualys VMDR and Tenable Nessus?
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- Which is the best vulnerability scanner tool?