Qualys VMDR Reviews

I mainly use Qualys VM for CSAM, to complement vulnerability management on our assets, and to check for intrusions through our email gateways.

Qualys VM has allowed us to know the vulnerabilities we need to prioritize based on the threat levels and the possible impact if there's an intrusion. It also provides a view of inventories and vulnerabilities in the containers running on my infrastructure, which helps me to do better roadmapping on where I need to put my resources.

Qualys VM's best features are its machine-learning-backed intelligence, real-time inventory of vulnerabilities, backup, threat intelligence exposure database, and that it doesn't hold on to infrastructure resources like memory.

Qualys VM's machine learning and artificial intelligence features could be improved.

I've been using Qualys VM for over a year.

I've had no issues with Qualys VM's stability.

Qualys VM is scalable.

Qualys has an impeccable, readily available technical support team.

Positive

The initial setup is very simple - it's just a deploy-and-run.

Qualys VM is reasonably priced.

I would rate Qualys VM as nine out of ten.

My primary use case is for the web application scans of websites. I also made some new search profiles and other scanning profiles.

Before using Qualys, we had other security tools. And, the main purpose was to remove the granularity. We had so many attacks every day. Qualys really helped us manage the security for our operations.

The most valuable features are that it is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you. The reporting is fine, too. And, the knowledge base is pretty good, too.

The only improvement I can think of is on the implementation side, otherwise the operation is fine. At times it is a bit slow.

Qualys is really nice, but people only use Qualys for the VM and web scan. They just file the report, and send the report to the customer or client. They don't do anything with the reports. They will get the report, and there are usually 30 to 40 vulnerabilities, not in the web servers. And, of those 30 vulnerabilities, 10 or 15 were usually the first cases. In case of those vulnerabilities are around 50, in which around 50-60% of vulnerabilities are usually found worse. So, for those cases, was pretty low and in Qualys we have to look for them also. Whenever the report comes, we just send the report from the client. And that was one of the biggest issues. So, in this area, we only have to actually check the vulnerabilities in the report. You just have to catch a little bit of this, when we do the type or not. That was one of the issues we had with Qualys.

No, we have not experienced any issues with stability of the product at all.

I have not encountered issues with scalability of the solution. I had scanned 77 servers at a time, and found no issues with scalability while doing so.

I have not had a need to deal with Qualys tech support.

I have previous experience with Tenable Nessus. I like Qualys better because there are so many nice features, it builds better.

I am not personally involved with the pricing or licensing of the solution for our organization.

I have prior experience with Alert Logic CloudDefender, RSA, Odyssey and Forcepoint Websense (formerly Raytheon Websense). 

A really nice feature of Qualys is the asset management. Some of the end users were using that function, and paid for that particular function. It is helpful to get a bit of history of all types of supports of scanning of particular servers.

Our primary use case is vulnerability assessment.

This solution has provided information about existing vulnerabilities, and helped with quick remediation in case of global malware attacks.

The most valuable feature is the certificate management. The reason is the limited license provided by the mother company.

The reporting in this solution can be improved.

My primary use case is to actually fill out forms, ensure that they are being closed in a timely manner. This is why we use these one point solutions.

I find most valuable to achieve a channel system and we can also use it to track when we actually close the ticketing of the sites.

In addition, it is quite easy to implement. We found it quite convenient.

I think it could improve asset imagery.  

I have not encountered issues with stability of the product.

I have not encountered any issues of scalability function. We do have to pay extra according to the number we are placing on the scan. So, when you want to be covered for the scalability, you will have to pay more.

The initial setup was straightforward. It was quite simple. We just needed to download the image from the website, and onto our service team.

Qualys is considered more expensive versus other products on the market.

We were previously using McAfee. We had to switch because McAfee stopped producing the solution we needed. We considered Tenable Nessus, but we chose Qualys in the end.

I advise that you see if this solution can fit your problems, and help your needs.

Vulnerability management.

It has helped to automate the vulnerability management program, increasing the security posture and helped us to identify the security risks in our infrastructure.

Web application security model needs some work.

I've been using it for four years, including including VM, PCI, WAS and MDS features.

No issues encountered.

There's been a few times, related to reporting, that we've had issues, but overall it's stable.

Excellent, the Qualys support team always helps on a priority basis.

Excellent!

No previous solution was used.

It was straightforward.

It was done in-house.

No other options were looked at.

Qualys VM had a recent upgrade and the newer version is supporting the cloud.

The reporting and dashboards could improve in Qualys VM. However, they have improved since the previous versions.

I have been using Qualys VM for approximately 10 years.

Qualys VM is highly scalable.

The technical support was very good from Qualys VM.

Qualys VM helps to identify the vulnerabilities on a timely basis. It helps the companies to upgrade their networks and apply patches. In the latest version, it has added the patching capability, it's very useful.

My advice to others is this is one of the top solutions in its category. However, they can evaluate many solutions to see for themselves. 

I would recommend this solution to others to implement it in their network.

I rate Qualys VM an eight out of ten

The fact that it's on the cloud, so there's no configuration whatsoever on my physical machine except for the VM scanner.

It now takes less time to run a vulnerability assessment for our client. I do not have to bring two laptops anymore to my clients sites.

Maybe the reporting features. It is too granular, so that if someone new wants to get familiar with it, they will have a hard time. A few more tutorials or guide on screen would also be appreciated.

I've been using the consultant edition for two years.

During the internal scanner deployment, but the issue was mostly not the product, but more the network architecture of our client.

No issues encountered.

No issues encountered.

9/10

9/10

Rapid 7 Nexpose. To use the software, it takes a whole laptop just to run it, and the results have too much redundancy. Additionally, the scan rate is very slow compared to Qualys, and furthermore it is too expensive when compared to Qualys.

It's very straightforward. Basically you can scan anything external/internet facing within five minutes. For internal scans you have to deploy the internal scanner which can be done in five minutes if the network architecture is not too complex.

It was done In-house, but the help we get from their Singapore support team is awesome.

• Nessus
• Nexpose

Use it. It is a great product. Many people are sceptical that their scan results are in the cloud. But if you want something affordable and that works like a charm, go for Qualys. Less headaches and easy to achieve ROI as you don't spend much on the deployment or maintenance.