Qualys VMDR Reviews

We use the solution for vulnerability and policy scan. 

The product has helped us understand cybersecurity controls. 

I am impressed with the VMDR feature. 

The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases. 

I have been using the product for three years. 

I would rate the product's stability a nine out of ten. 

I would rate the tool's scalability an eight out of ten. My company has 10 IT specialists using the product. 

The product's support is not very helpful. They suggest things that we already know. 

Neutral

I would rate the product's setup an eight out of ten. The tool's deployment took one to two days to complete. 

We deployed the solution in-house. 

The tool's pricing is expensive and I would rate the pricing a seven out of ten. 

I would rate the product an eight out of ten. You need to complete the training before using the product. 

We use Qualys Asset Inventory for doing infrastructure level scans or server inventory, or saving the server database or asset database.

Good Posture of Servers database. Gives easy access of all hardware details. 

I think it's a good tracking mechanism, and it gives a good infrastructure level scan, which helps us to maintain the assets and the asset inventory or gives us a good understanding of both. 

It gives a very good overview of the inventory assessment process.

IT Manages assets in your account that you want to scan for security and
compliance, define asset tags and AWS connectors.

Modules supported
VM, PC, SCA, CERTVIEW, CLOUDVIEW

It can be accessed across our company because it's a global tool.

One thing that can be improved is the flexibility and the fact that Qualys Asset Inventory provides too much detail, which makes it not very easy to understand. It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution.

As for additional features, the first thing would be providing call support whenever we require any kind of help with issues that have been identified. The second would be a simple reporting structure.

I've been using Qualys Asset Inventory within the last 12 months.

Stability-wise, Qualys Asset Inventory is always stable, and for this particular asset inventory, it is a good tool. We have not had any kind of issues, and as of now, it's a stable environment.

We currently have 50 plus users and have no plans to increase usage at present. 

Most of the time technical support has been through emails; calling is a back feature. It's not as easy compared to that of Veracode.

The initial setup was quite complex and took two to three months, including customization and testing.

The license is on a yearly basis.

If you are familiar with or have hands on experience with Qualys Asset Inventory, this is a better tool. It will give you in-depth details of all the assets, and the managing inventory will be better. It will also give you advanced features compared to those of other inventory tools.

I would rate Qualys Asset Inventory at eight on a scale from one to ten.

Our customers use Qualys for vulnerability management, it's a way for them to discover the kinds of vulnerabilities they have on their systems. We are a partner with Qualys and I'm an infrastructure security consultant. We currently have 20 clients using Qualys. 

The functionality continues to improve and knowing when there are security issues is very helpful. 

I like the Qualys Cloud Agent because it's very easy to use. It has a low impact and is supported on Windows, Linux, and others. I deploy process scanners, which are usually connected to core switches so customers can replicate all the connections. Almost all our customers try to use the agents because they're already installed and integrated into the cloud and communicate with Qualys management. There are no problems and it's really better than using some virtual appliance to scan the various kinds of assets. Qualys has a lot of information and it's great to integrate with the Central Management Database.

If you're not overly experienced and you're looking for something in their management, it can sometimes be quite difficult because they can move buttons around without sending an update. Previously, if you deployed the Cloud Agent, you could define which tech would be under the agent and where it would be deployed. It now requires some text preparation and the Cloud Agent then downloads the specific profile defined without any indication that this might happen. If you are not using vulnerability management, you are not able to create the correct patch process for all applications stored on the system.

It would be helpful if Qualys would integrate with more systems like ServiceNow, Jira, and so on, to create some tickets and integrate them into the active directory, because each group works differently and if you need to prepare a ticket, it must be defined to a specific group of people. Qualys just created a kit on ServiceNow, but it doesn't have the correct group of people in the active directory.

I've been using this solution for three years. 

The solution is scalable. If you need more resources they can be added to the backend, depending on the circumstances and requirements. If you are able to deploy in the VMDR licensing, you are able to deploy unlimited virtual active appliances to discounted appliances. It all depends on your resources. 

Each customer is different and if you need to deploy a more active virtual process that will affect the implementation. If a customer wants to use policy compliance on their machines that can add to deployment time too. I tend to deploy myself because I'm usually making the POCs of Qualys.

I believe the annual cost is approximately $40 per asset in VMDR, although it also depends on the circumstances. It contains all the features one needs although if you need synchronization with ServiceNow and CMDB, there is an additional cost. 

I constantly speak to other companies to find out what they're doing and what the differences are between the different products. My job is to find the best solution for my customers so it's important to know what's on the market.

I rate this solution eight out of 10. 

We use this solution mainly for vulnerability management.

Qualys is a well-known name in the market and we use it for different scenarios. We also like the flexibility in their licensing.

The IoT scan is not great and we would like to see some improvements to it.

We have been using this solution for over three years.

It is a stable solution.

It is a scalable solution. We use the test version.

I rate the technical support an eight out of ten. They have really good support.

Positive

I rate the initial setup a nine out of ten. It was very good and easy. 

It has a competitive price. I rate the pricing an eight out of ten.

I rate this solution a ten out of ten. Compared to other solutions, brand awareness and Azure integration are the strong points of Qualys VM. We would like to have some predefined parameters for the setup in regards to security and vulnerability, and how to maximize it. For example, we want scans and management with some predefined parameters that we need to have in the environment prior to deployment and initial setup.

We use Qualys Virtual Scanner Appliance for the big scan. 

This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment. 

Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles.

I have been using Qualys Virtual Scanner Appliance since I joined my company three years ago.

Qualys Virtual Scanner Appliance is very stable.

Qualys Virtual Scanner Appliance is scalable.

The initial setup is straightforward. You only need one technician to deploy and maintain this solution. However, it really depends on the size of the customer's environment. 

Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better.

I would advise potential users to look into the environment and understand what they want to do before implementing this solution. They must understand how to communicate with the network and what kind of network they want to put together. Just read the manual first. 

On a scale from one to ten, I would give Qualys Virtual Scanner Appliance a nine.

The primary use for the solution is vulnerability management.

The way we can maintain a current actual registry of all the IP assets within it is very good. The scanning of software assets on the endpoint machine is also useful. I've tried the scanning of similar asset vulnerabilities throughout different servers, including Unix and Windows. Qualys maintains a good intervention database. We have a service line that updates to the newest software, or whenever you set it up. The second service line has denominated my nodes across the globe. It's easy to deploy the solution.

The server application scanning has room for improvement.

It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check.

They do talk about an agent-based scanning for non-IP machines. It sort of sits between server scanning and endpoint scanning. That's not very clear. If they can improve that and deploy, then it'll be such a nice package.

The solution should help its vendors more with renewals. For example, we had deployed the solution as a reseller to a client and then somebody else came along and we didn't end up getting the renewal licenses for the servers. I wasn't very happy about that. We put all the hard work to get it in, but the following years we didn't get the benefit of our low pricing in the first year. 

They should integrate with the dashboard and provide a plugins link for data that's coming into API on the dashboard. When the users buy the license, they can turn it items on. So, that way you know you've got the full solution. What you don't pay for is not switched on, and what you pay for can get switched on immediately.

The solution is very stable. 

The solution is highly scalable.

Technical support is fantastic.

I would advise others to always have a proof of concept version of the solution put into play. Then spend a good two months on it. Stabilize the solution and check out the features and then deploy it into production. Otherwise, you will spend money during the real project for what could have been done as a POC. Deploy the core solution, get the scanning done and all the critical components put it in a proof of concept and then move it into production.

I would rate the solution eight out of ten.

It is a SaaS solution with agents distributed at endpoints.

Qualys VM has improved the way the organization functions.

The Vulnerability Management and Patch Management features are the most valuable features of this solution.

The most valuable qualities of Qualys VM are its ease of deployment and metrics.

Endpoint stability and fault resolution could be improved.

I would like to see the solution's footprint expanded to include iOS and iPads in the next release.

One example of how it could be better would be better handling of end-of-life systems and better feedback on job failures.

We have been working with Qualys VM for just over two years.

It is a cloud platform. I'm not sure if a version is associated with that. 

The stability of Qualys VM is quite good, but not fantastic. I would rate it an eight out of ten.

The scalability of Qualys VM is very good.

This solution is used by five security or system administrators in our organization.

We have no plans to expand our usage; it is already widely deployed.

The technical support is mediocre at best.

I would rate them a two out of five.

Neutral

We were previously using Lansweeper, which was not scalable.

I would rate the initial setup a three out of five.

It took several weeks to deploy.

We completed the deployment in-house.

We have seen a return on investment.

There are no additional fees in addition to the standard licensing fees.

I would recommend identifying the right metrics to drive the program.

I would rate Qualys VM an eight out of ten.

We are currently using Qualys for vulnerability detection, as part of our security solution. We're moving towards Defender ATP because I am looking more at the Operational Technology (OT) side of things than I am at the Information Technology (IT) side.

What I like best about this product is that it does what it is supposed to do, which is vulnerability scanning.

We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at.

In general, I would like to see some better analytics and prioritization of vulnerabilities.

We have been working with Qualys VM for three years.

Qualys VM is a stable solution.

This is a stable product.

Technical support is great and we've never really had a problem. They're always there if we need them.

We did not work with another similar solution prior to Qualys.

The initial setup is straightforward.

Our setup involved some on-premises deployments but ultimately, it uses the cloud.

They have recently changed the pricing model, which is now better than it was before.

Right now, we don't have anything in our OT environment, and this is what I am particularly interested in. I am currently having discussions about new solutions with Qualys, Tenable, and Forescout.

I would rate this solution a seven out of ten.