Qualys VMDR Reviews

The primary use cases of this solution are as a scanner. We use it with Azure and AWS. For on-premises, we use physical scanners all over the globe. We have deployed our external scanners in approximately 70 regions.

What I like about Qualys VM is the dashboard presentation. It's very good.

The reporting capability and executive reporting are very good.

Customer support needs to be improved because it was not to our SLA standards.

Suddenly, the scan engine will go down. We don't know what the reason is, or how it goes down. Because of that, the business is impacted.

I had a look at the PCI reports  (policy compliance reports) and I have heard that most memberships have been taken by Azure, although I was not aware of that. I would like to see more documentation or awareness.

I have worked with Qualys VM for the last two years.

This solution is stable.

The scalability is good.

The customer support is very bad. When we submit a ticket, we do not get a response immediately.

Previously, I have used Rapid 7 Nexpose. They are similar solutions although what Qualys is providing, it provides well but requires less. Qualys reporting is better.

Nexpose has upgraded too, and now their reporting is also very good.

The initial setup was straightforward and we didn't have any issues with it.

If you are comparing Nexpose and Qualys, I would prefer Qualys. The UI is good and whatever reports you are getting, are very clear. If you present it to management, the reports are good. They require an executive report that highlights the vulnerability and how many servers are affected. You can customize it also.

Nexpose is coming out with new features, but Qualys has already implemented them.

I would rate this solution an eight out of ten.

It improves the continuous monitoring of the systems on-premises.

If any anomalies are there, we can easily detect with our agent based solutions, and we can isolate them quickly, and response time or any incident is much quicker than previous. Before we were taking eight hours, now we're taking around 30 minutes to respond to any incident, security and such.

I find the most valuable features are the continuous monitoring.  Even on premises, there is constant monitoring.

When tested on Zero day, there were errors.

In addition, they have integrated with other third parties, but it is still not viable. They are using their own Q id's. This sometimes leads to a false positive. And, even the updating of signatures into Qualys is not that much quicker. Maybe for Windows and Linux, it is a little quicker or networks and other devices. The signature updating is not quicker.

I have not experienced issues with stability of the solution. There were a few bugs, but we reported it.

I did not have any issues of scalability.

The tech support acted quickly and responded quickly to our tickets. There was a good response time.

I also have previous experience with Tennable Nessus, and I find Qualys is better than Nessus, which is slow in the security center and lags a bit.

It's good. Yes, it's competitive. We got the best price.

We use the solution for vulnerability management. It helps us identify potentially vulnerable assets. Thus, we can prioritize patching based on a risk score.

The solution is easy to use and has many essential features. I found the concept of tags the most valuable feature. It allows us to build assets from different views. We can categorize systems with tags, either automatically or manually.

The solution's cloud agent is available only for limited operating systems such as Windows and Linux. They should make it accessible for more systems like FreeBSD. Also, it would be helpful if they made it available for Cisco or Juniper routers. Additionally, its price and support could be better as well.

We have been using the solution for six years.

The solution is stable. However, it takes time to generate reports.

We have ten solution users in our organization.

The solution's technical support team replies with generic answers. The quality of the response could be better.

Neutral

The solution's initial setup process was straightforward. We just followed the documentation.

The solution is costly.

I recommend the solution to others and rate it as a eight.

I mainly use Qualys VM for vulnerability management to carry out vulnerability scans on IT assets to find out which are vulnerable and what is needed to patch them. We also use it for policy compliance scans and in tablet for web application scans.

Qualys VM has greatly helped us to improve and maintain our posture of security.

The most valuable features are vulnerability scanning, policy compliance scanning, and tablet for web application scanning.

Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once. I think cloud-based solutions like Qualys VM should be prepared to throw more resources in to ensure they don't get overwhelmed like this.

I've been using Qualys VM for about six years.

The stability and performance have been fine.

Qualys VM is very easy to scale - that's one of the benefits of cloud-based solutions.

Qualys' technical support is very responsive.

Qualys VM is straightforward to set up.

The deployment was done in-house.

I would advise anybody looking into using Qualys to go online to also check on Gartner and Forrester. From a planning perspective, you need to look at your estate to determine what kind of tool you need. I would rate Qualys VM eight out of ten.

We are using Qualys VM, as our scanner tool. We also use it for Application Security and Policy Compliance.

We use it for the identification of vulnerabilities for all of our devices on the network. This includes Windows workstations, servers, and Linux machines. We also use it for cloud, and external use as well.

The features that are most valuable are the identification, scan features, and the identification of vulnerabilities. Recently, the VMDR additions and the threat protection has been useful.

It's pretty user-friendly.

The Patch Identifications, which are supersedence identifications, need improvement.

I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities. These are things that are definitely needed.

I have been using Qualys VM for more than 15 years.

We are using the latest version.

VMDR was added in July with newer enhancements.

It's a stable solution.

It's very scalable for large networks. We have also used the agents and they work very well.

I have a team of five in our organization and external to it, there are approximately twenty-five.

We engage with technical support often. There could be some improvements made.

The initial setup is straightforward.

It is different for every company, but for us, it's every three years. I will know more about the pricing in September because we are going to be looking at our pricing again.

We get a large volume discount, which is good.

I would recommend this product to others who are interested in using it.

I would rate this solution an eight out of ten.

Qualys VM is used for vulnerability scanning.

It's really beneficial for scanning and interacting with the agent. 

The disadvantage of working with Qualys is that the graphical interface is quite outdated.

If you want to choose a scan result, or maybe configure an IP range or something similar, it opens up a lot of processes, or steps, which is somewhat bothersome. Because it opens several phases, it is not a single-window program. 

We are testing it, as well as Rapid 7 InsightVM.

We have been testing Qualys VM for approximately five weeks.

Qualys VM is a stable solution.

Qualys VM is a scalable product.

It works with ten assets. It works with 100 assets. It has worked with 3,000 assets. It's quite scalable.

In our organization, we have two dedicated people, and five others are only dedicated to gaining insights. 

It actually depends on how you remediate all of the vulnerabilities in Qualys since you can also set up it such that product owners, that is, the owners of the apps that are deployed on all systems, can access reports and everything. But that's not how we do things.

The security and infrastructure departments are using this solution in our organization.

We have a dedicated Qualys team of two persons assisting us with the implementation.

We are currently doing a proof of concept with both Qualys VM and Rapid 7 InsightVM.

Qualys is a fully SaaS solution.

It is dependent on the configuration. When you work with the agent, you are primarily concerned with deploying the agents to all assets. However, if you want to scan based on IP, you'll run into some problems.

If you wish to scan on an IP basis, for example, you should deploy a virtual appliance. You may set up several appliances for different domains. Otherwise, you must have your network rules properly configured so that the appliance can reach every asset.

It's relatively simple to set up the basics, but if you want to scan, it really depends on how many networks and domains you have.

In a couple of weeks, you can set it up.

It's very expensive, especially if you want to use multiple modules of Qualys.

I think mainly decide how you want to scan: based on IP or based on an agent.

Then work with the interface and then explore how it works.

I would rate Qualys VM an eight out of ten.

We use this solution to scan the servers on the network. It is used predominantly by our information security team.

This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system. 

Qualys makes us proactive in terms of handling patching and effective when it comes to scanning out network.

Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools. 

I have been using this solution for five years. 

I have previously used Nessus. Overall, Nessus is a better tool because it provides greater insight into all vulnerabilities, some of which are skipped by Qualys. 

This solution is very easy to set up. 

We worked with a third party to complete deployment. 

In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus.

I would advise others to run a proof of concept and to exhaust all functionality if considering Qualys. This may take between 15 and 60 days to complete. 

I would rate this solution a six out of ten. 

The interface is pretty good, as all the instructions are clear enough. The way you can create groups or scheduling scans and reports is a very good feature, and the CSV reports have very good information.

In this case, my last employer was a Qualys partner and the consultancy was extra. But, the reports and the way the information is, helped a lot. Also, with this information concise presentations were sent to the CIO every month.

I think the only area to improve it is the way the scores are calculated. That was the only problem I had and because of that, all scores had to be rectified manually.

I was using both Multimedios Redes (Enterprise version) and Lamosa for three years. I also used PC, PCI, and WAS.

No issues were encountered.

Maybe one or two times, but they were caused by scheduled windows, but these problems were fixed very quickly.

No issues were encountered.

Very good! I think I would give them 10/10 because in Latin America the service was excellent.

Again, I would give them 10/10, as the documentation is so good and all is clear, but if you have a doubt, technical support was always concise and had a quick answer. Also the community helps a lot.

I did not personally, but the technical contacts that worked for my customers tried another solutions, and they chose Qualys for the easy way it manages the processes.

The initial setup was very easy, with no complications found when the instructions were followed. Also, this activity was done with a physical and virtual appliance, and both ways were very easy to follow.

I was the vendor team, but I can give you the answer from the actual companies I worked for. The administrators, before Qualys, did not care so much about security, patching, etc.; but, after Qualys they changed their minds. Security took a very important role and of course they reduced, a lot, the chances of being hacked or attacked. It also helped, at this point, to be verified by auditors.

It's worth it, really, when you see the complete picture and see all the factors. It is a very good investment. Qualys is a very good tool and very easy to use and it is also better to have an annual subscription rather than paying for a scan.

My customers evaluated Foundstone and Rapid7, and possibly others.