We use the solution for vulnerability and policy scan.
Cyber Security Engineer at a transportation company with 5,001-10,000 employees
Helps with vulnerability scanning and understanding of cyber security controls
Pros and Cons
- "I am impressed with the VMDR feature."
- "The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases."
What is our primary use case?
How has it helped my organization?
The product has helped us understand cybersecurity controls.
What is most valuable?
I am impressed with the VMDR feature.
What needs improvement?
The tool needs to improve the adding assets and report generation features. I would like to see the policy scan of offline appliances in the product's future releases.
Buyer's Guide
Qualys VMDR
December 2024
Learn what your peers think about Qualys VMDR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
I have been using the product for three years.
What do I think about the stability of the solution?
I would rate the product's stability a nine out of ten.
What do I think about the scalability of the solution?
I would rate the tool's scalability an eight out of ten. My company has 10 IT specialists using the product.
How are customer service and support?
The product's support is not very helpful. They suggest things that we already know.
How would you rate customer service and support?
Neutral
How was the initial setup?
I would rate the product's setup an eight out of ten. The tool's deployment took one to two days to complete.
What about the implementation team?
We deployed the solution in-house.
What's my experience with pricing, setup cost, and licensing?
The tool's pricing is expensive and I would rate the pricing a seven out of ten.
What other advice do I have?
I would rate the product an eight out of ten. You need to complete the training before using the product.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Lead Cyber Security engineer at a manufacturing company with 10,001+ employees
Provides an overview of the inventory assessment process and can be accessed across the company
Pros and Cons
- "It gives a very good overview of the inventory assessment process, and it can be accessed across our company because it's a global tool."
- "It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution."
What is our primary use case?
We use Qualys Asset Inventory for doing infrastructure level scans or server inventory, or saving the server database or asset database.
How has it helped my organization?
Good Posture of Servers database. Gives easy access of all hardware details.
What is most valuable?
I think it's a good tracking mechanism, and it gives a good infrastructure level scan, which helps us to maintain the assets and the asset inventory or gives us a good understanding of both.
It gives a very good overview of the inventory assessment process.
IT Manages assets in your account that you want to scan for security and
compliance, define asset tags and AWS connectors.
Modules supported
VM, PC, SCA, CERTVIEW, CLOUDVIEW
It can be accessed across our company because it's a global tool.
What needs improvement?
One thing that can be improved is the flexibility and the fact that Qualys Asset Inventory provides too much detail, which makes it not very easy to understand. It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution.
As for additional features, the first thing would be providing call support whenever we require any kind of help with issues that have been identified. The second would be a simple reporting structure.
For how long have I used the solution?
I've been using Qualys Asset Inventory within the last 12 months.
What do I think about the stability of the solution?
Stability-wise, Qualys Asset Inventory is always stable, and for this particular asset inventory, it is a good tool. We have not had any kind of issues, and as of now, it's a stable environment.
What do I think about the scalability of the solution?
We currently have 50 plus users and have no plans to increase usage at present.
How are customer service and technical support?
Most of the time technical support has been through emails; calling is a back feature. It's not as easy compared to that of Veracode.
How was the initial setup?
The initial setup was quite complex and took two to three months, including customization and testing.
What's my experience with pricing, setup cost, and licensing?
The license is on a yearly basis.
What other advice do I have?
If you are familiar with or have hands on experience with Qualys Asset Inventory, this is a better tool. It will give you in-depth details of all the assets, and the managing inventory will be better. It will also give you advanced features compared to those of other inventory tools.
I would rate Qualys Asset Inventory at eight on a scale from one to ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Qualys VMDR
December 2024
Learn what your peers think about Qualys VMDR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Infrastructure Security Consultant at ANECT
Easy to use, well supported with continually improving functionality
Pros and Cons
- "Provides great functionality."
- "Finding things in management can be quite difficult."
What is our primary use case?
Our customers use Qualys for vulnerability management, it's a way for them to discover the kinds of vulnerabilities they have on their systems. We are a partner with Qualys and I'm an infrastructure security consultant. We currently have 20 clients using Qualys.
How has it helped my organization?
The functionality continues to improve and knowing when there are security issues is very helpful.
What is most valuable?
I like the Qualys Cloud Agent because it's very easy to use. It has a low impact and is supported on Windows, Linux, and others. I deploy process scanners, which are usually connected to core switches so customers can replicate all the connections. Almost all our customers try to use the agents because they're already installed and integrated into the cloud and communicate with Qualys management. There are no problems and it's really better than using some virtual appliance to scan the various kinds of assets. Qualys has a lot of information and it's great to integrate with the Central Management Database.
What needs improvement?
If you're not overly experienced and you're looking for something in their management, it can sometimes be quite difficult because they can move buttons around without sending an update. Previously, if you deployed the Cloud Agent, you could define which tech would be under the agent and where it would be deployed. It now requires some text preparation and the Cloud Agent then downloads the specific profile defined without any indication that this might happen. If you are not using vulnerability management, you are not able to create the correct patch process for all applications stored on the system.
It would be helpful if Qualys would integrate with more systems like ServiceNow, Jira, and so on, to create some tickets and integrate them into the active directory, because each group works differently and if you need to prepare a ticket, it must be defined to a specific group of people. Qualys just created a kit on ServiceNow, but it doesn't have the correct group of people in the active directory.
For how long have I used the solution?
I've been using this solution for three years.
What do I think about the scalability of the solution?
The solution is scalable. If you need more resources they can be added to the backend, depending on the circumstances and requirements. If you are able to deploy in the VMDR licensing, you are able to deploy unlimited virtual active appliances to discounted appliances. It all depends on your resources.
How was the initial setup?
Each customer is different and if you need to deploy a more active virtual process that will affect the implementation. If a customer wants to use policy compliance on their machines that can add to deployment time too. I tend to deploy myself because I'm usually making the POCs of Qualys.
What's my experience with pricing, setup cost, and licensing?
I believe the annual cost is approximately $40 per asset in VMDR, although it also depends on the circumstances. It contains all the features one needs although if you need synchronization with ServiceNow and CMDB, there is an additional cost.
Which other solutions did I evaluate?
I constantly speak to other companies to find out what they're doing and what the differences are between the different products. My job is to find the best solution for my customers so it's important to know what's on the market.
What other advice do I have?
I rate this solution eight out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Manager|Cloud Security & Solution Architect| CloudOps|AppSec | DevSecOps | DevOps | CapOps | FinOps at Wipro
A solution with flexible licensing, easy setup and great integration
Pros and Cons
- "We also like the flexibility in their licensing."
- "The IoT scan is not great."
What is our primary use case?
We use this solution mainly for vulnerability management.
What is most valuable?
Qualys is a well-known name in the market and we use it for different scenarios. We also like the flexibility in their licensing.
What needs improvement?
The IoT scan is not great and we would like to see some improvements to it.
For how long have I used the solution?
We have been using this solution for over three years.
What do I think about the stability of the solution?
It is a stable solution.
What do I think about the scalability of the solution?
It is a scalable solution. We use the test version.
How are customer service and support?
I rate the technical support an eight out of ten. They have really good support.
How would you rate customer service and support?
Positive
How was the initial setup?
I rate the initial setup a nine out of ten. It was very good and easy.
What's my experience with pricing, setup cost, and licensing?
It has a competitive price. I rate the pricing an eight out of ten.
What other advice do I have?
I rate this solution a ten out of ten. Compared to other solutions, brand awareness and Azure integration are the strong points of Qualys VM. We would like to have some predefined parameters for the setup in regards to security and vulnerability, and how to maximize it. For example, we want scans and management with some predefined parameters that we need to have in the environment prior to deployment and initial setup.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CIO at Oakmount
A powerful virtual scanner appliance that scans batch files, BIT files, and compact files.
Pros and Cons
- "This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment."
- "Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles."
What is our primary use case?
We use Qualys Virtual Scanner Appliance for the big scan.
What is most valuable?
This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment.
What needs improvement?
Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles.
For how long have I used the solution?
I have been using Qualys Virtual Scanner Appliance since I joined my company three years ago.
What do I think about the stability of the solution?
Qualys Virtual Scanner Appliance is very stable.
What do I think about the scalability of the solution?
Qualys Virtual Scanner Appliance is scalable.
How was the initial setup?
The initial setup is straightforward. You only need one technician to deploy and maintain this solution. However, it really depends on the size of the customer's environment.
What's my experience with pricing, setup cost, and licensing?
Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better.
What other advice do I have?
I would advise potential users to look into the environment and understand what they want to do before implementing this solution. They must understand how to communicate with the network and what kind of network they want to put together. Just read the manual first.
On a scale from one to ten, I would give Qualys Virtual Scanner Appliance a nine.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Chief Executive Officer at a consultancy with 1-10 employees
An excellent solution for vulnerability management that's highly scalable and very stable
Pros and Cons
- "Technical support is fantastic."
- "It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check."
What is our primary use case?
The primary use for the solution is vulnerability management.
What is most valuable?
The way we can maintain a current actual registry of all the IP assets within it is very good. The scanning of software assets on the endpoint machine is also useful. I've tried the scanning of similar asset vulnerabilities throughout different servers, including Unix and Windows. Qualys maintains a good intervention database. We have a service line that updates to the newest software, or whenever you set it up. The second service line has denominated my nodes across the globe. It's easy to deploy the solution.
What needs improvement?
The server application scanning has room for improvement.
It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check.
They do talk about an agent-based scanning for non-IP machines. It sort of sits between server scanning and endpoint scanning. That's not very clear. If they can improve that and deploy, then it'll be such a nice package.
The solution should help its vendors more with renewals. For example, we had deployed the solution as a reseller to a client and then somebody else came along and we didn't end up getting the renewal licenses for the servers. I wasn't very happy about that. We put all the hard work to get it in, but the following years we didn't get the benefit of our low pricing in the first year.
They should integrate with the dashboard and provide a plugins link for data that's coming into API on the dashboard. When the users buy the license, they can turn it items on. So, that way you know you've got the full solution. What you don't pay for is not switched on, and what you pay for can get switched on immediately.
For how long have I used the solution?
I've been using the solution for since 2005.
What do I think about the stability of the solution?
The solution is very stable.
What do I think about the scalability of the solution?
The solution is highly scalable.
How are customer service and technical support?
Technical support is fantastic.
What other advice do I have?
I would advise others to always have a proof of concept version of the solution put into play. Then spend a good two months on it. Stabilize the solution and check out the features and then deploy it into production. Otherwise, you will spend money during the real project for what could have been done as a POC. Deploy the core solution, get the scanning done and all the critical components put it in a proof of concept and then move it into production.
I would rate the solution eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Principal at Cranny Group
Good return on investment, ease of deployment, and metrics
Pros and Cons
- "The Vulnerability Management and Patch Management features are the most valuable features of this solution."
- "Endpoint stability and fault resolution could be improved."
What is our primary use case?
It is a SaaS solution with agents distributed at endpoints.
How has it helped my organization?
Qualys VM has improved the way the organization functions.
What is most valuable?
The Vulnerability Management and Patch Management features are the most valuable features of this solution.
The most valuable qualities of Qualys VM are its ease of deployment and metrics.
What needs improvement?
Endpoint stability and fault resolution could be improved.
I would like to see the solution's footprint expanded to include iOS and iPads in the next release.
One example of how it could be better would be better handling of end-of-life systems and better feedback on job failures.
For how long have I used the solution?
We have been working with Qualys VM for just over two years.
It is a cloud platform. I'm not sure if a version is associated with that.
What do I think about the stability of the solution?
The stability of Qualys VM is quite good, but not fantastic. I would rate it an eight out of ten.
What do I think about the scalability of the solution?
The scalability of Qualys VM is very good.
This solution is used by five security or system administrators in our organization.
We have no plans to expand our usage; it is already widely deployed.
How are customer service and support?
The technical support is mediocre at best.
I would rate them a two out of five.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We were previously using Lansweeper, which was not scalable.
How was the initial setup?
I would rate the initial setup a three out of five.
It took several weeks to deploy.
What about the implementation team?
We completed the deployment in-house.
What was our ROI?
We have seen a return on investment.
What's my experience with pricing, setup cost, and licensing?
There are no additional fees in addition to the standard licensing fees.
What other advice do I have?
I would recommend identifying the right metrics to drive the program.
I would rate Qualys VM an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Global Infrastructure Architect at a energy/utilities company with 5,001-10,000 employees
Good technical support that is always there when you need them, but the prioritization of vulnerabilities needs to be improved
Pros and Cons
- "Technical support is great and we've never really had a problem."
- "We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at."
What is our primary use case?
We are currently using Qualys for vulnerability detection, as part of our security solution. We're moving towards Defender ATP because I am looking more at the Operational Technology (OT) side of things than I am at the Information Technology (IT) side.
What is most valuable?
What I like best about this product is that it does what it is supposed to do, which is vulnerability scanning.
What needs improvement?
We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at.
In general, I would like to see some better analytics and prioritization of vulnerabilities.
For how long have I used the solution?
We have been working with Qualys VM for three years.
What do I think about the stability of the solution?
Qualys VM is a stable solution.
What do I think about the scalability of the solution?
This is a stable product.
How are customer service and technical support?
Technical support is great and we've never really had a problem. They're always there if we need them.
Which solution did I use previously and why did I switch?
We did not work with another similar solution prior to Qualys.
How was the initial setup?
The initial setup is straightforward.
Our setup involved some on-premises deployments but ultimately, it uses the cloud.
What's my experience with pricing, setup cost, and licensing?
They have recently changed the pricing model, which is now better than it was before.
Which other solutions did I evaluate?
Right now, we don't have anything in our OT environment, and this is what I am particularly interested in. I am currently having discussions about new solutions with Qualys, Tenable, and Forescout.
What other advice do I have?
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Qualys VMDR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Vulnerability Management IT Asset Management Configuration Management Databases Container Security Risk-Based Vulnerability ManagementPopular Comparisons
Tenable Nessus
Tenable Security Center
Tanium
Tenable Vulnerability Management
SentinelOne Singularity Cloud Security
Orca Security
Pentera
Acunetix
JFrog Xray
Lacework FortiCNAPP
Skybox Security Suite
Check Point CloudGuard CNAPP
Trend Vision One - Cloud Security
Microsoft Defender Vulnerability Management
Buyer's Guide
Download our free Qualys VMDR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Qualys VM vs Tenable Nessus: Comparison
- How does Tenable Nessus compare with Qualys VM?
- How does Pentera compare with Qualys VMDR?
- What are the main differences between Qualys VMDR and Tenable Nessus?
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- Which is the best vulnerability scanner tool?