Qualys VMDR Reviews

We are a solution provider and this is one of the products that we implement for our clients. We do a lot of work with containers. With respect to containerization, security is important for us and we regularly check the market to see what solutions are available in these areas.

This solution is primarily used for container security and compliance. Moving into any environment, in particular, one that is cloud-based, our clients want to make sure that things are okay from a compliance perspective. We generate reports and they can see whether there are any violations. If they see violations or security breaches during the audit then they have to be addressed.

The most valuable feature is that this solution is very lightweight.

I would like to see this solution simplified to work more easily in a multi-cloud environment. One of our customers has more than 3,000 servers across multiple regions, and they were asking about security and vulnerability checking in an automated fashion. This could be done with a cloud-based service that monitors all of the deployments, pulls the data from the containers, and checks for compliance.

We have been dealing with Qualys for at least three years, which is when our container journey began. At that point, our proposals did not deal with security for containers because our customers did not ask for it, but now it is something that we recommend.

The technical support for this solution is good. We are required to solve any kind of security issue whin two hours, so these are critical tickets. The entire instance usually has to come down until the fix is delivered.

We often demonstrate these types of tools to the enterprise architecture team, who will ultimately decide which solutions they are going to implement based on their environment and requirements.

We are completely agnostic with respect to which tools our customers decide to implement. As an engineering team, we implement what the customer wants. In the case of Qualys and other solutions, we download the information and pass it along to our customers. We also facilitate or set up communication between vendors and customers to best help our clients.

We do try to learn about who the providers are and what differentiates their solutions from others. Sometimes our customers do not know very much about the products, so we try to provide as much insight as possible to facilitate their decision making. 

A lot of our customers have a workload that is scattered across a multi-cloud environment. This means that some of the RFPs we answer are based on very large landscapes with distributed workloads.

I would rate this solution a seven out of ten.

Our primary uses for this solution are security vulnerability detection and policy compliance.

It's been the chosen solution year after year for vulnerability management and our vulnerability management program is centered around this tool.

The most valuable features are vulnerability detection and the scanning capability to enable identification of vulnerabilities across our network.

I would like to see this solution more developed and competitive in the Cloud space.

We have been using Qualys VM for fifteen years.

Qualys VM is used for vulnerability scanning.

It's really beneficial for scanning and interacting with the agent. 

The disadvantage of working with Qualys is that the graphical interface is quite outdated.

If you want to choose a scan result, or maybe configure an IP range or something similar, it opens up a lot of processes, or steps, which is somewhat bothersome. Because it opens several phases, it is not a single-window program. 

We are testing it, as well as Rapid 7 InsightVM.

We have been testing Qualys VM for approximately five weeks.

Qualys VM is a stable solution.

Qualys VM is a scalable product.

It works with ten assets. It works with 100 assets. It has worked with 3,000 assets. It's quite scalable.

In our organization, we have two dedicated people, and five others are only dedicated to gaining insights. 

It actually depends on how you remediate all of the vulnerabilities in Qualys since you can also set up it such that product owners, that is, the owners of the apps that are deployed on all systems, can access reports and everything. But that's not how we do things.

The security and infrastructure departments are using this solution in our organization.

We have a dedicated Qualys team of two persons assisting us with the implementation.

We are currently doing a proof of concept with both Qualys VM and Rapid 7 InsightVM.

Qualys is a fully SaaS solution.

It is dependent on the configuration. When you work with the agent, you are primarily concerned with deploying the agents to all assets. However, if you want to scan based on IP, you'll run into some problems.

If you wish to scan on an IP basis, for example, you should deploy a virtual appliance. You may set up several appliances for different domains. Otherwise, you must have your network rules properly configured so that the appliance can reach every asset.

It's relatively simple to set up the basics, but if you want to scan, it really depends on how many networks and domains you have.

In a couple of weeks, you can set it up.

It's very expensive, especially if you want to use multiple modules of Qualys.

I think mainly decide how you want to scan: based on IP or based on an agent.

Then work with the interface and then explore how it works.

I would rate Qualys VM an eight out of ten.

We use bother on-premise and cloud deployments of Qualys VM. For my clients in the cloud, we use a cloud solution, which is a bring your own license model. Additionally, We have our own deployment of Qualys VM.

We are using Qualys VM to provide a VM service.

The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe.  It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment

I have been using Qualys VM for approximately five years.

Qualys VM is a highly stable solution.

Qualys VM could improve by having more skilled support personnel.

The initial setup of Qualys VM is straightforward. The full implementation took us approximately one day.

We have approximately 100 people who are part of our technical team. We did the implementation of this solution.

There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price.

I would recommend this solution to others.

I rate Qualys VM a nine out of ten.

We use this solution to scan the servers on the network. It is used predominantly by our information security team.

This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system. 

Qualys makes us proactive in terms of handling patching and effective when it comes to scanning out network.

Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools. 

I have been using this solution for five years. 

I have previously used Nessus. Overall, Nessus is a better tool because it provides greater insight into all vulnerabilities, some of which are skipped by Qualys. 

This solution is very easy to set up. 

We worked with a third party to complete deployment. 

In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus.

I would advise others to run a proof of concept and to exhaust all functionality if considering Qualys. This may take between 15 and 60 days to complete. 

I would rate this solution a six out of ten. 

The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product.

Qualys does have an on-prem solution, but it is very expensive. 

I have used this solution for six months. 

I would rate this solution a nine out of ten. 

Datacenters which are in different locations.

• Asset discovery
• Asset sanitization
• Scan scheduling
• Patch supersedence.

Patch supersedence.

Representation of the total number of vulnerabilities (with name) vs. the number of patches (with name).

The primary use case is using this as the infrastructure scanner for an enterprise vulnerability programme in a customer organization.

The customer was manually testing asset health by point-in-time audits. Using the policy compliance module allowed this to be automated and saved time as well as generated more complete coverage of assets leading to greater assurance.

The prebuilt CIS templates are very useful.

Expanding the template library would be very useful.