Qualys VMDR Reviews

We use Qualys VMDR for vulnerability management and operations, such as scanning assets to identify vulnerabilities and updating the reports for different teams.

We identified and resolved many vulnerabilities by using Qualys VMDR. It has been helpful in detecting externally facing asset vulnerabilities and coordinating patching or remediation with different teams.

I find the scans portion of VMDR to be valuable. Authenticated scans provide different options, including those using or not using the FactSet and adding option profiles. Another good feature is the Knowledge Base, which provides detailed information on vulnerabilities, period scores, solutions, issues, and mitigation.

I'd suggest improvements in asset management. It would be helpful to have features for better tracking, including options for adding relevant owners or supporting groups for each asset.

I have been using Qualys VMDR for about three years.

The solution is stable. I would rate it eight out of ten.

Scalability is rated at 7.5 out of ten.

When you raise a report, it will be generated in VMDR and shared with the respective team. Depending on client requests, reports can be in PDF or Excel format.

Positive

I did not use any previous vulnerability solutions; I started directly with Qualys.

The setup for Qualys VMDR is easy since it's a cloud tool. Access is provided through different inboxes, and deployment is straightforward.

I am not aware of the actual cost or pricing as it is managed by the client.

Compared to other solutions like Nexus, Qualys provides more options and is a better tool.

I recommend using Qualys as it offers many valuable features and options. It is better compared to solutions like Nexus.

I'd rate the solution nine out of ten.

The primary use cases of this solution are as a scanner. We use it with Azure and AWS. For on-premises, we use physical scanners all over the globe. We have deployed our external scanners in approximately 70 regions.

What I like about Qualys VM is the dashboard presentation. It's very good.

The reporting capability and executive reporting are very good.

Customer support needs to be improved because it was not to our SLA standards.

Suddenly, the scan engine will go down. We don't know what the reason is, or how it goes down. Because of that, the business is impacted.

I had a look at the PCI reports  (policy compliance reports) and I have heard that most memberships have been taken by Azure, although I was not aware of that. I would like to see more documentation or awareness.

I have worked with Qualys VM for the last two years.

This solution is stable.

The scalability is good.

The customer support is very bad. When we submit a ticket, we do not get a response immediately.

Previously, I have used Rapid 7 Nexpose. They are similar solutions although what Qualys is providing, it provides well but requires less. Qualys reporting is better.

Nexpose has upgraded too, and now their reporting is also very good.

The initial setup was straightforward and we didn't have any issues with it.

If you are comparing Nexpose and Qualys, I would prefer Qualys. The UI is good and whatever reports you are getting, are very clear. If you present it to management, the reports are good. They require an executive report that highlights the vulnerability and how many servers are affected. You can customize it also.

Nexpose is coming out with new features, but Qualys has already implemented them.

I would rate this solution an eight out of ten.

It improves the continuous monitoring of the systems on-premises.

If any anomalies are there, we can easily detect with our agent based solutions, and we can isolate them quickly, and response time or any incident is much quicker than previous. Before we were taking eight hours, now we're taking around 30 minutes to respond to any incident, security and such.

I find the most valuable features are the continuous monitoring.  Even on premises, there is constant monitoring.

When tested on Zero day, there were errors.

In addition, they have integrated with other third parties, but it is still not viable. They are using their own Q id's. This sometimes leads to a false positive. And, even the updating of signatures into Qualys is not that much quicker. Maybe for Windows and Linux, it is a little quicker or networks and other devices. The signature updating is not quicker.

I have not experienced issues with stability of the solution. There were a few bugs, but we reported it.

I did not have any issues of scalability.

The tech support acted quickly and responded quickly to our tickets. There was a good response time.

I also have previous experience with Tennable Nessus, and I find Qualys is better than Nessus, which is slow in the security center and lags a bit.

It's good. Yes, it's competitive. We got the best price.

We mostly use Qualys VMDR for vulnerability management and compliance practices. Every week, my team and I run automated scans that are scheduled, and we share whatever vulnerabilities are found with the infrastructure team to remediate them.

Qualys VMDR provides a real-time response and reporting feature, which is excellent. It allows us to see real-time graphs and reports for every asset, server, and more, which is very user-friendly. 

Our clients have given good feedback, and they are satisfied with the tool. We use it daily to fix vulnerabilities by connecting with infrastructure to remediate. The feedback from the client side is very good.

Regarding improvement, compliance features haven't been utilized much. I anticipate more benefits in this area in the future. Integrating other teams, such as GRV, with Qualys would be very beneficial. 

Additionally, if AI features were integrated, it could enhance the capabilities significantly.

I have been using Qualys VMDR for about six months. I started working in vulnerability management with my company in the SOC.

I haven't experienced any downtime during my working hours. However, there might be times when it could go down. I would rate stability around 8.5 or nine out of ten.

Qualys VMDR can handle scalability, although increasing the inventory can raise the licensing costs. However, it can escalate and adapt to many needs if required.

Customer support is satisfactory. When reaching out via email, they reply quickly. I would rate their customer support eight out of ten.

Positive

I have used another vendor for a different client, which is Rapid7. However, I found Rapid7 not as user-friendly as Qualys. The console is less user-friendly, and running sample templates or scans is more complex compared to Qualys.

I am not aware of the exact pricing, as it comes as an MSP model from the client. However, I have a notion that Qualys might be more expensive than Rapid7.

I have evaluated Rapid7 along with Qualys. In a rating out of five, I would give Qualys four and Rapid7 two, as Rapid7 is more complex and not as user-friendly.

I would recommend Qualys VMDR to others comparing it with other VM tools, due to its valuable features, including real-time responses and detailed reporting. 

Overall, I would rate Qualys eight out of ten. With potential improvements and AI integration, it could offer even more.

We use the solution for vulnerability management. It helps us identify potentially vulnerable assets. Thus, we can prioritize patching based on a risk score.

The solution is easy to use and has many essential features. I found the concept of tags the most valuable feature. It allows us to build assets from different views. We can categorize systems with tags, either automatically or manually.

The solution's cloud agent is available only for limited operating systems such as Windows and Linux. They should make it accessible for more systems like FreeBSD. Also, it would be helpful if they made it available for Cisco or Juniper routers. Additionally, its price and support could be better as well.

We have been using the solution for six years.

The solution is stable. However, it takes time to generate reports.

We have ten solution users in our organization.

The solution's technical support team replies with generic answers. The quality of the response could be better.

Neutral

The solution's initial setup process was straightforward. We just followed the documentation.

The solution is costly.

I recommend the solution to others and rate it as a eight.

I mainly use Qualys VM for vulnerability management to carry out vulnerability scans on IT assets to find out which are vulnerable and what is needed to patch them. We also use it for policy compliance scans and in tablet for web application scans.

Qualys VM has greatly helped us to improve and maintain our posture of security.

The most valuable features are vulnerability scanning, policy compliance scanning, and tablet for web application scanning.

Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once. I think cloud-based solutions like Qualys VM should be prepared to throw more resources in to ensure they don't get overwhelmed like this.

I've been using Qualys VM for about six years.

The stability and performance have been fine.

Qualys VM is very easy to scale - that's one of the benefits of cloud-based solutions.

Qualys' technical support is very responsive.

Qualys VM is straightforward to set up.

The deployment was done in-house.

I would advise anybody looking into using Qualys to go online to also check on Gartner and Forrester. From a planning perspective, you need to look at your estate to determine what kind of tool you need. I would rate Qualys VM eight out of ten.

We are using Qualys VM, as our scanner tool. We also use it for Application Security and Policy Compliance.

We use it for the identification of vulnerabilities for all of our devices on the network. This includes Windows workstations, servers, and Linux machines. We also use it for cloud, and external use as well.

The features that are most valuable are the identification, scan features, and the identification of vulnerabilities. Recently, the VMDR additions and the threat protection has been useful.

It's pretty user-friendly.

The Patch Identifications, which are supersedence identifications, need improvement.

I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities. These are things that are definitely needed.

I have been using Qualys VM for more than 15 years.

We are using the latest version.

VMDR was added in July with newer enhancements.

It's a stable solution.

It's very scalable for large networks. We have also used the agents and they work very well.

I have a team of five in our organization and external to it, there are approximately twenty-five.

We engage with technical support often. There could be some improvements made.

The initial setup is straightforward.

It is different for every company, but for us, it's every three years. I will know more about the pricing in September because we are going to be looking at our pricing again.

We get a large volume discount, which is good.

I would recommend this product to others who are interested in using it.

I would rate this solution an eight out of ten.

The interface is pretty good, as all the instructions are clear enough. The way you can create groups or scheduling scans and reports is a very good feature, and the CSV reports have very good information.

In this case, my last employer was a Qualys partner and the consultancy was extra. But, the reports and the way the information is, helped a lot. Also, with this information concise presentations were sent to the CIO every month.

I think the only area to improve it is the way the scores are calculated. That was the only problem I had and because of that, all scores had to be rectified manually.

I was using both Multimedios Redes (Enterprise version) and Lamosa for three years. I also used PC, PCI, and WAS.

No issues were encountered.

Maybe one or two times, but they were caused by scheduled windows, but these problems were fixed very quickly.

No issues were encountered.

Very good! I think I would give them 10/10 because in Latin America the service was excellent.

Again, I would give them 10/10, as the documentation is so good and all is clear, but if you have a doubt, technical support was always concise and had a quick answer. Also the community helps a lot.

I did not personally, but the technical contacts that worked for my customers tried another solutions, and they chose Qualys for the easy way it manages the processes.

The initial setup was very easy, with no complications found when the instructions were followed. Also, this activity was done with a physical and virtual appliance, and both ways were very easy to follow.

I was the vendor team, but I can give you the answer from the actual companies I worked for. The administrators, before Qualys, did not care so much about security, patching, etc.; but, after Qualys they changed their minds. Security took a very important role and of course they reduced, a lot, the chances of being hacked or attacked. It also helped, at this point, to be verified by auditors.

It's worth it, really, when you see the complete picture and see all the factors. It is a very good investment. Qualys is a very good tool and very easy to use and it is also better to have an annual subscription rather than paying for a scan.

My customers evaluated Foundstone and Rapid7, and possibly others.