Qualys VMDR Reviews

We use the solution for vulnerability management. It helps us identify potentially vulnerable assets. Thus, we can prioritize patching based on a risk score.

The solution is easy to use and has many essential features. I found the concept of tags the most valuable feature. It allows us to build assets from different views. We can categorize systems with tags, either automatically or manually.

The solution's cloud agent is available only for limited operating systems such as Windows and Linux. They should make it accessible for more systems like FreeBSD. Also, it would be helpful if they made it available for Cisco or Juniper routers. Additionally, its price and support could be better as well.

We have been using the solution for six years.

The solution is stable. However, it takes time to generate reports.

We have ten solution users in our organization.

The solution's technical support team replies with generic answers. The quality of the response could be better.

Neutral

The solution's initial setup process was straightforward. We just followed the documentation.

The solution is costly.

I recommend the solution to others and rate it as a eight.

We are using Qualys VM, as our scanner tool. We also use it for Application Security and Policy Compliance.

We use it for the identification of vulnerabilities for all of our devices on the network. This includes Windows workstations, servers, and Linux machines. We also use it for cloud, and external use as well.

The features that are most valuable are the identification, scan features, and the identification of vulnerabilities. Recently, the VMDR additions and the threat protection has been useful.

It's pretty user-friendly.

The Patch Identifications, which are supersedence identifications, need improvement.

I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities. These are things that are definitely needed.

I have been using Qualys VM for more than 15 years.

We are using the latest version.

VMDR was added in July with newer enhancements.

It's a stable solution.

It's very scalable for large networks. We have also used the agents and they work very well.

I have a team of five in our organization and external to it, there are approximately twenty-five.

We engage with technical support often. There could be some improvements made.

The initial setup is straightforward.

It is different for every company, but for us, it's every three years. I will know more about the pricing in September because we are going to be looking at our pricing again.

We get a large volume discount, which is good.

I would recommend this product to others who are interested in using it.

I would rate this solution an eight out of ten.

The primary use cases of this solution are as a scanner. We use it with Azure and AWS. For on-premises, we use physical scanners all over the globe. We have deployed our external scanners in approximately 70 regions.

What I like about Qualys VM is the dashboard presentation. It's very good.

The reporting capability and executive reporting are very good.

Customer support needs to be improved because it was not to our SLA standards.

Suddenly, the scan engine will go down. We don't know what the reason is, or how it goes down. Because of that, the business is impacted.

I had a look at the PCI reports  (policy compliance reports) and I have heard that most memberships have been taken by Azure, although I was not aware of that. I would like to see more documentation or awareness.

I have worked with Qualys VM for the last two years.

This solution is stable.

The scalability is good.

The customer support is very bad. When we submit a ticket, we do not get a response immediately.

Previously, I have used Rapid 7 Nexpose. They are similar solutions although what Qualys is providing, it provides well but requires less. Qualys reporting is better.

Nexpose has upgraded too, and now their reporting is also very good.

The initial setup was straightforward and we didn't have any issues with it.

If you are comparing Nexpose and Qualys, I would prefer Qualys. The UI is good and whatever reports you are getting, are very clear. If you present it to management, the reports are good. They require an executive report that highlights the vulnerability and how many servers are affected. You can customize it also.

Nexpose is coming out with new features, but Qualys has already implemented them.

I would rate this solution an eight out of ten.

My primary use case is for the web application scans of websites. I also made some new search profiles and other scanning profiles.

Before using Qualys, we had other security tools. And, the main purpose was to remove the granularity. We had so many attacks every day. Qualys really helped us manage the security for our operations.

The most valuable features are that it is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you. The reporting is fine, too. And, the knowledge base is pretty good, too.

The only improvement I can think of is on the implementation side, otherwise the operation is fine. At times it is a bit slow.

Qualys is really nice, but people only use Qualys for the VM and web scan. They just file the report, and send the report to the customer or client. They don't do anything with the reports. They will get the report, and there are usually 30 to 40 vulnerabilities, not in the web servers. And, of those 30 vulnerabilities, 10 or 15 were usually the first cases. In case of those vulnerabilities are around 50, in which around 50-60% of vulnerabilities are usually found worse. So, for those cases, was pretty low and in Qualys we have to look for them also. Whenever the report comes, we just send the report from the client. And that was one of the biggest issues. So, in this area, we only have to actually check the vulnerabilities in the report. You just have to catch a little bit of this, when we do the type or not. That was one of the issues we had with Qualys.

No, we have not experienced any issues with stability of the product at all.

I have not encountered issues with scalability of the solution. I had scanned 77 servers at a time, and found no issues with scalability while doing so.

I have not had a need to deal with Qualys tech support.

I have previous experience with Tenable Nessus. I like Qualys better because there are so many nice features, it builds better.

I am not personally involved with the pricing or licensing of the solution for our organization.

I have prior experience with Alert Logic CloudDefender, RSA, Odyssey and Forcepoint Websense (formerly Raytheon Websense). 

A really nice feature of Qualys is the asset management. Some of the end users were using that function, and paid for that particular function. It is helpful to get a bit of history of all types of supports of scanning of particular servers.

We use the solution for vulnerability and policy scan. 

The product has helped us understand cybersecurity controls. 

I am impressed with the VMDR feature. 

The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases. 

I have been using the product for three years. 

I would rate the product's stability a nine out of ten. 

I would rate the tool's scalability an eight out of ten. My company has 10 IT specialists using the product. 

The product's support is not very helpful. They suggest things that we already know. 

Neutral

I would rate the product's setup an eight out of ten. The tool's deployment took one to two days to complete. 

We deployed the solution in-house. 

The tool's pricing is expensive and I would rate the pricing a seven out of ten. 

I would rate the product an eight out of ten. You need to complete the training before using the product. 

Qualys VM is used for vulnerability scanning.

It's really beneficial for scanning and interacting with the agent. 

The disadvantage of working with Qualys is that the graphical interface is quite outdated.

If you want to choose a scan result, or maybe configure an IP range or something similar, it opens up a lot of processes, or steps, which is somewhat bothersome. Because it opens several phases, it is not a single-window program. 

We are testing it, as well as Rapid 7 InsightVM.

We have been testing Qualys VM for approximately five weeks.

Qualys VM is a stable solution.

Qualys VM is a scalable product.

It works with ten assets. It works with 100 assets. It has worked with 3,000 assets. It's quite scalable.

In our organization, we have two dedicated people, and five others are only dedicated to gaining insights. 

It actually depends on how you remediate all of the vulnerabilities in Qualys since you can also set up it such that product owners, that is, the owners of the apps that are deployed on all systems, can access reports and everything. But that's not how we do things.

The security and infrastructure departments are using this solution in our organization.

We have a dedicated Qualys team of two persons assisting us with the implementation.

We are currently doing a proof of concept with both Qualys VM and Rapid 7 InsightVM.

Qualys is a fully SaaS solution.

It is dependent on the configuration. When you work with the agent, you are primarily concerned with deploying the agents to all assets. However, if you want to scan based on IP, you'll run into some problems.

If you wish to scan on an IP basis, for example, you should deploy a virtual appliance. You may set up several appliances for different domains. Otherwise, you must have your network rules properly configured so that the appliance can reach every asset.

It's relatively simple to set up the basics, but if you want to scan, it really depends on how many networks and domains you have.

In a couple of weeks, you can set it up.

It's very expensive, especially if you want to use multiple modules of Qualys.

I think mainly decide how you want to scan: based on IP or based on an agent.

Then work with the interface and then explore how it works.

I would rate Qualys VM an eight out of ten.

I primarily use Qualys VM to manage vulnerability tickets.

Qualys VM's most valuable feature is automatic detection.

Qualys VM should improve its methodology.

I've been working with Qualys VM for six months.

Qualys VM is stable but slow.

Qualys' technical support is quite good.

Positive

The initial setup was quite straightforward.

I would rate Qualys VM as seven out of ten.

I mainly use Qualys VM for vulnerability management to carry out vulnerability scans on IT assets to find out which are vulnerable and what is needed to patch them. We also use it for policy compliance scans and in tablet for web application scans.

Qualys VM has greatly helped us to improve and maintain our posture of security.

The most valuable features are vulnerability scanning, policy compliance scanning, and tablet for web application scanning.

Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once. I think cloud-based solutions like Qualys VM should be prepared to throw more resources in to ensure they don't get overwhelmed like this.

I've been using Qualys VM for about six years.

The stability and performance have been fine.

Qualys VM is very easy to scale - that's one of the benefits of cloud-based solutions.

Qualys' technical support is very responsive.

Qualys VM is straightforward to set up.

The deployment was done in-house.

I would advise anybody looking into using Qualys to go online to also check on Gartner and Forrester. From a planning perspective, you need to look at your estate to determine what kind of tool you need. I would rate Qualys VM eight out of ten.