Qualys VMDR Reviews

It is for vulnerability management. I used it in my previous company, and I also used it for my home network.

It is a SaaS platform. So, there is always the latest version.

The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities.

Certain integration factors between different options could be improved.

I worked with this solution for two years. 

Its stability and performance are good.

People use it for hundreds and thousands of assets, so it is definitely scalable.

I used to run technical support there. So, I didn't need to go for support.

It is easy and straightforward to set it up. It takes 5 to 10 minutes to set up a new asset.

I used to work there, so I never paid for the product. As an employee, we get a lifetime license for personal use, and that's what I'm using.

It is a comprehensive platform, so there is a lot more to it. There could be other solutions that are probably a little bit cheaper, but it depends on what people need. Different people have different needs. It offers many things on the same platform. If you add all the things up, it should be cheaper, but I have not done any analysis specifically.

It is a good product. I would recommend it to others. It had whatever I needed for my personal use case. There are a lot of features that I have not explored. Some of the features are applicable for corporate networks, and they can't be used for personal use cases.

I would rate it a nine out of 10.

I used this solution for one of my clients and the primary use case was for the compliance mode and scanning. We are customers of Qualys and I am senior vice president information security.

I found the solution quite intuitive and easy going. I have worked with other similar tools and found this simple to use. 

I felt hindered sometimes within reports in that they were lacking somewhat on the customization side in terms of making use of the data. The cloud user interface could be a little more responsive. It was a click and then a wait. 

I used this solution recently for about five months. 

There were a couple of small bugs but the solution was stable. 

I would recommend this solution and rate it a nine out of 10. 

Private Cloud

The fact that it's on the cloud, so there's no configuration whatsoever on my physical machine except for the VM scanner.

It now takes less time to run a vulnerability assessment for our client. I do not have to bring two laptops anymore to my clients sites.

Maybe the reporting features. It is too granular, so that if someone new wants to get familiar with it, they will have a hard time. A few more tutorials or guide on screen would also be appreciated.

I've been using the consultant edition for two years.

During the internal scanner deployment, but the issue was mostly not the product, but more the network architecture of our client.

No issues encountered.

No issues encountered.

Customer Service:

9/10

Technical Support:

9/10

Rapid 7 Nexpose. To use the software, it takes a whole laptop just to run it, and the results have too much redundancy. Additionally, the scan rate is very slow compared to Qualys, and furthermore it is too expensive when compared to Qualys.

It's very straightforward. Basically you can scan anything external/internet facing within five minutes. For internal scans you have to deploy the internal scanner which can be done in five minutes if the network architecture is not too complex.

It was done In-house, but the help we get from their Singapore support team is awesome.

• Nessus
• Nexpose

Use it. It is a great product. Many people are sceptical that their scan results are in the cloud. But if you want something affordable and that works like a charm, go for Qualys. Less headaches and easy to achieve ROI as you don't spend much on the deployment or maintenance.

Integrity of scanners; never do I need to worry….“Is this scanner going to bring down a host?”.

Higher frequency of scans, better aggregation of scan results, abundance of different reports (can be scheduled and automated), delivering metrics to senior management.

Ticket management

5 + years

No

No

No

Customer Service: Good – 4 out of 5Technical Support: Good – 4 out of 5

Straightforward. Assuming you know your network layout, # of devices and other basic information it is pretty simple to figure out what you need. Qualys ships you the scanners, you rack them, set them up and technically could start scanning. Though, there is other recommended tasks to complete via the QualysGuard Vulnerability Management web portal such as defining asset groups, setting up scan rules, turning ticketing on, generating reports, etc.

In-house

I do not have a specific quantitative number to provide but from a qualitative perspective it has been enormous. Once you are set up properly and have proper acceptance from support teams, device owners and senior management you can start to scan your environment much more often which increases your organizations ability to detect vulnerabilities more often reducing your overall vulnerability footprint and corresponding business risk.

The original setup cost was about $10,000 and the day-to-day costs is less than $100 per day with one caveat. Our parent company is large and has allowed us to fall under their pricing model. If we were not under their model our costs would be about 40% higher.

No, we had a 3rd party running the scans for us. We were very happy with Qualys but wanted to bring it “in-house”. We brought it in-house 5 years ago and never looked back.

Take the time to properly identify your network and as importantly get approval and acceptance from the group up – especially senior management. In addition, it is very important to have your scan schedule, profiles, reporting, metrics, expectations, etc. documented so that everyone in the company understands your expectations.

We use Qualys Virtual Scanner Appliance for the big scan. 

This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment. 

Integration could be better. When you think about scanning, it's not used just with this product alone but with other Qualys products. If you think about the bundle, the product itself is good. But integration with other products and packages has space for improvement. They should also offer a better price for bundles.

I have been using Qualys Virtual Scanner Appliance since I joined my company three years ago.

Qualys Virtual Scanner Appliance is very stable.

Qualys Virtual Scanner Appliance is scalable.

The initial setup is straightforward. You only need one technician to deploy and maintain this solution. However, it really depends on the size of the customer's environment. 

Qualys Virtual Scanner Appliance isn't expensive right now. But the price for their product bundles could be better.

I would advise potential users to look into the environment and understand what they want to do before implementing this solution. They must understand how to communicate with the network and what kind of network they want to put together. Just read the manual first. 

On a scale from one to ten, I would give Qualys Virtual Scanner Appliance a nine.

Our primary use case is vulnerability assessment.

This solution has provided information about existing vulnerabilities, and helped with quick remediation in case of global malware attacks.

The most valuable feature is the certificate management. The reason is the limited license provided by the mother company.

The reporting in this solution can be improved.

I have been using this solution for five years.

Datacenters which are in different locations.

• Asset discovery
• Asset sanitization
• Scan scheduling
• Patch supersedence.

Patch supersedence.

Representation of the total number of vulnerabilities (with name) vs. the number of patches (with name).

One to three years.

The primary use case is using this as the infrastructure scanner for an enterprise vulnerability programme in a customer organization.

The customer was manually testing asset health by point-in-time audits. Using the policy compliance module allowed this to be automated and saved time as well as generated more complete coverage of assets leading to greater assurance.

The prebuilt CIS templates are very useful.

Expanding the template library would be very useful.

Three to five years.