Qualys VMDR Reviews

Qualys VM had a recent upgrade and the newer version is supporting the cloud.

The reporting and dashboards could improve in Qualys VM. However, they have improved since the previous versions.

I have been using Qualys VM for approximately 10 years.

Qualys VM is highly scalable.

The technical support was very good from Qualys VM.

Qualys VM helps to identify the vulnerabilities on a timely basis. It helps the companies to upgrade their networks and apply patches. In the latest version, it has added the patching capability, it's very useful.

My advice to others is this is one of the top solutions in its category. However, they can evaluate many solutions to see for themselves. 

I would recommend this solution to others to implement it in their network.

I rate Qualys VM an eight out of ten

The fact that it's on the cloud, so there's no configuration whatsoever on my physical machine except for the VM scanner.

It now takes less time to run a vulnerability assessment for our client. I do not have to bring two laptops anymore to my clients sites.

Maybe the reporting features. It is too granular, so that if someone new wants to get familiar with it, they will have a hard time. A few more tutorials or guide on screen would also be appreciated.

I've been using the consultant edition for two years.

During the internal scanner deployment, but the issue was mostly not the product, but more the network architecture of our client.

No issues encountered.

No issues encountered.

9/10

9/10

Rapid 7 Nexpose. To use the software, it takes a whole laptop just to run it, and the results have too much redundancy. Additionally, the scan rate is very slow compared to Qualys, and furthermore it is too expensive when compared to Qualys.

It's very straightforward. Basically you can scan anything external/internet facing within five minutes. For internal scans you have to deploy the internal scanner which can be done in five minutes if the network architecture is not too complex.

It was done In-house, but the help we get from their Singapore support team is awesome.

• Nessus
• Nexpose

Use it. It is a great product. Many people are sceptical that their scan results are in the cloud. But if you want something affordable and that works like a charm, go for Qualys. Less headaches and easy to achieve ROI as you don't spend much on the deployment or maintenance.

It is for vulnerability management. I used it in my previous company, and I also used it for my home network.

It is a SaaS platform. So, there is always the latest version.

The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities.

Certain integration factors between different options could be improved.

I worked with this solution for two years. 

Its stability and performance are good.

People use it for hundreds and thousands of assets, so it is definitely scalable.

I used to run technical support there. So, I didn't need to go for support.

It is easy and straightforward to set it up. It takes 5 to 10 minutes to set up a new asset.

I used to work there, so I never paid for the product. As an employee, we get a lifetime license for personal use, and that's what I'm using.

It is a comprehensive platform, so there is a lot more to it. There could be other solutions that are probably a little bit cheaper, but it depends on what people need. Different people have different needs. It offers many things on the same platform. If you add all the things up, it should be cheaper, but I have not done any analysis specifically.

It is a good product. I would recommend it to others. It had whatever I needed for my personal use case. There are a lot of features that I have not explored. Some of the features are applicable for corporate networks, and they can't be used for personal use cases.

I would rate it a nine out of 10.

Qualys Container Security scans similar to a runtime container and it scans the entire cluster.

The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities.

Qualys Container Security can improve the interface. It could be easier to navigate and be enriched.

In a future release, it would be beneficial if the network and port policies we provided with some kind of automation AML script files. Having configuration files related to Kubernetes environments would be helpful.

I have been using one year.

Qualys Container Security is stable.

The scalability of Qualys Container Security is good.

I have used the support from Qualys Container Security and they could improve their knowledge.

I rate the support from Qualys Container Security a two out of five.

Neutral

I have not used another similar solution prior to Qualys Container Security.

The initial setup of Qualys Container Security is complex. The documentation could improve.

I rate the initial setup of Qualys Container Security a three out of five.

I rate Qualys Container Security a six out of ten.

The reporting and vulnerability analysis features.

Vulnerability scans are easily managed and maintained using Qualys. What used to be a manual process is now automatic. When we have an issue, I can easily see what production systems are affected and I can easily pinpoint a solution to mitigate the issue.

The reporting is lacking a little, and it would be nice to have reports sent via email. Often times we have to manually generate the reports after a vulnerability is fixed and a scan has to be re-run.

I've used it for three years.

We did not.

Our Qualys box is hardware and it's very easy to set up and maintain. It's very little maintenance, and the most time consuming part is setting up everything initially, such as what subnets you want to scan, what reports you want to run, etc.

We have over 15,000 devices and had no issues with scaling up our Qualys infrastructure.

I have never had to interact with them. I get most of the information on the forums, and even there the responses are lighting fast. As far as actually talking to someone, I personally have never had to speak to Qualys support.

It's great. The users on the forums are very knowledgeable and eager to help. If I need a quick answer I will always get one from the support forum.

We used Nessus before. It was a manual process and very time consuming. I like Nessus, but it was very tedious to get it to function automatically.

There are always complexities to every setup. I think the biggest issue was the learning curve. Having to learn all the new pieces and how they fit into our environment was probably the single biggest hurdle we had to face.

We did it in-house.

We looked at Metasploit Expose but the price was too much for what we needed.

Do your research and see how this product would best fit into your environment.

Qualys VM's best feature is vulnerability management.

Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap. Their reporting could also be more user-friendly. In the next release, I would like Qualys to include basic policy and compliance checks in the basic licensing. 

I've been using Qualys VM for almost two years.

Qualys VM is quite stable - we've had no problems with it.

Qualys VM's scalability depends on the license that you use.

Previously we used Nessus, but only Qualys does intrusive scanning.

We used an in-house team.

An annual license for a single scanner costs around $3,000.

Qualys VM is a really good tool for vulnerability scanning, and it has different sets of profiles that can be utilized for your own requirements. I would rate Qualys VM as seven out of ten.

• Totally vendor-managed appliance
• Highly scalable and deployable portal interface
• Ability to easily distribute administration functions based on access roles

It provides fully automated internal and external vulnerability management.

Streamline PCI integration and attestation.

I have used it for five years.

I have not encountered any scalability issues.

Technical staff are excellent.

We previously used Rapid 7. The product was not staying current with shifting trends, sales staff were pushy and management were arrogant.

Initial setup was simple.

Negotiate for the pricing model that fits your budget. The vendor is willing to customize pricing.

Before choosing this product, we evaluated Rapid 7, Nessus.

Take your time and have each vendor set up an actual proof of concept, rather than just relying on a demo. Get your network and support staff engaged in the process early on because they will be instrumental in deployment and support. Know what you’re trying to accomplish.

We use this product for vulnerability management.

I like Qualys because it is a very complete product, more so than Tenable. It has vast capabilities.

We have been working with Qualys VM for a very short time, perhaps six months.

This is a stable solution.

Scalability-wise, this is a good product.

The technical support is very good and they have it both in Spanish and English.

We are also working with Tenable SC. Qualys is both more complete and for us, better in terms of pricing.

For a beginning, the initial setup is complex. You have to have some knowledge for setting it up and using it.

The price of Qualys for us is better than Tenable, although that is only because we are partners. The retail price of Qualys is higher than that of tenable. The pricing and licensing for Qualys could be improved.

Overall, this is a good product and I recommend it, mainly because of the capabilities and the management using a single console. I can even create a calendar for activities from the main screen.

I would rate this solution a nine out of ten.