We use almost every module that Qualys has, except the EDR, which is endpoint protection. They came up with that module last year. We use their patch management, vulnerability scanners, cloud agents, and network passive scanners. We are using everything that is available.
System Architect at a leisure / travel company with 10,001+ employees
Real User
Top 20
2024-10-17T14:56:00Z
Oct 17, 2024
Initially, we were using Qualys Patch Management for TruRisk vulnerability detections. I am on the risk operations side, so I also used it to determine ways to fix a particular vulnerability and address it.
Foundation Services Director at a leisure / travel company with 10,001+ employees
Real User
Top 20
2024-10-14T20:00:00Z
Oct 14, 2024
Our primary use case is to try to reduce our time to remediate. One of our sister teams, the attack surface team, uses the scanning piece. Therefore, we thought it would be best to close the ecosystem and use the patching piece. The feedback from the PoC made it evident that making a shift was necessary. By implementing Qualys Patch Management, we wanted to reduce the meantime to remediate and have the ability to weigh our threats so that we are not just patching everything; we are patching what is most critical to our environment. The automation capability that it has to create jobs, set them, and forget them was very intriguing to our business.
System Admin at a insurance company with 501-1,000 employees
Real User
Top 20
2024-10-14T12:54:00Z
Oct 14, 2024
Qualys Patch Management is used to address and remediate server vulnerabilities. It provides a dashboard with information on remediation steps, vulnerability severity, impact, and other relevant details. This tool effectively manages and mitigates security vulnerabilities, ensuring the security of our infrastructure.
SOC - Cyber Security Engineer at a computer software company with 201-500 employees
Real User
Top 20
2024-09-25T16:11:00Z
Sep 25, 2024
Our use cases for Qualys vary depending on the client. I work for a Paris-based French company that provides cybersecurity and metadata services to multiple clients. We primarily use Qualys to check the core infrastructure that hosts everything, scanning and remediating vulnerabilities. We work with multiple teams, so if we identify a patching issue using Qualys, we might need to escalate it to another department. For example, if we identify a vulnerability in a CI/CD tool the DevOps team uses in Terraform, we're not supposed to touch it. We recommend a time frame for the DevOps team to apply the patch. If the issue is high-severity, they may need to address it as soon as possible. We run the scans, get the reports, and create recommendations. We have integrated Qualys with our homegrown ticketing tool, but we plan to migrate to ServiceNow. It's a gradual process. Microsoft Sentinel, our SIEM solution, sends alerts to our internal detection and monitoring tool, which ServiceNow will soon replace. Our SIEM tool is responsible for monitoring the overall risk, while we use Qualys to report vulnerabilities that need to be patched.
Qualys has a scanning tool for viruses, vulnerability, and malware detections. They recently launched Qualys Patch Management for patching applications or server sites. We previously used tools like SCCM or Microsoft Intune. Qualys Patch Management is a replacement for all those kinds of tools, but we mainly use it for patching the applications, not the servers.
My organization uses Qualys Patch Management internally, including its core patching functionality and Vulnerability Management, Detection, and Response. As a consultant, I help several Qualys user clients with best practices and similar tasks, addressing use cases ranging from vulnerability reduction and patch management to asset management. Qualys is a cloud-based platform. While they offer a private cloud option at a higher cost, their core functionality resides in the cloud. The lightweight agents we install on our systems simply collect data and upload it to the cloud-based Qualys interface. The only exceptions are passive sensors like network sniffers and on-premise scanners, which are optional deployments for specific needs. This cloud-centric approach eliminates the need for us to manage on-premise servers, unlike some competing products like baramundi.
Qualys Patch Management optimizes patching and vulnerability remediation through automation and intelligence insights, accelerating the process by 43% and improving patch rates by 90%. Its integration with CMDB and ITSM tools speeds up ticket closures by 60%, effectively reducing the attack surface while freeing IT and security resources. This cloud-based solution bridges the IT-security gap, making it essential for cybersecurity.
We use almost every module that Qualys has, except the EDR, which is endpoint protection. They came up with that module last year. We use their patch management, vulnerability scanners, cloud agents, and network passive scanners. We are using everything that is available.
Initially, we were using Qualys Patch Management for TruRisk vulnerability detections. I am on the risk operations side, so I also used it to determine ways to fix a particular vulnerability and address it.
Our primary use case is to try to reduce our time to remediate. One of our sister teams, the attack surface team, uses the scanning piece. Therefore, we thought it would be best to close the ecosystem and use the patching piece. The feedback from the PoC made it evident that making a shift was necessary. By implementing Qualys Patch Management, we wanted to reduce the meantime to remediate and have the ability to weigh our threats so that we are not just patching everything; we are patching what is most critical to our environment. The automation capability that it has to create jobs, set them, and forget them was very intriguing to our business.
Qualys Patch Management is used to address and remediate server vulnerabilities. It provides a dashboard with information on remediation steps, vulnerability severity, impact, and other relevant details. This tool effectively manages and mitigates security vulnerabilities, ensuring the security of our infrastructure.
Our use cases for Qualys vary depending on the client. I work for a Paris-based French company that provides cybersecurity and metadata services to multiple clients. We primarily use Qualys to check the core infrastructure that hosts everything, scanning and remediating vulnerabilities. We work with multiple teams, so if we identify a patching issue using Qualys, we might need to escalate it to another department. For example, if we identify a vulnerability in a CI/CD tool the DevOps team uses in Terraform, we're not supposed to touch it. We recommend a time frame for the DevOps team to apply the patch. If the issue is high-severity, they may need to address it as soon as possible. We run the scans, get the reports, and create recommendations. We have integrated Qualys with our homegrown ticketing tool, but we plan to migrate to ServiceNow. It's a gradual process. Microsoft Sentinel, our SIEM solution, sends alerts to our internal detection and monitoring tool, which ServiceNow will soon replace. Our SIEM tool is responsible for monitoring the overall risk, while we use Qualys to report vulnerabilities that need to be patched.
Qualys has a scanning tool for viruses, vulnerability, and malware detections. They recently launched Qualys Patch Management for patching applications or server sites. We previously used tools like SCCM or Microsoft Intune. Qualys Patch Management is a replacement for all those kinds of tools, but we mainly use it for patching the applications, not the servers.
My organization uses Qualys Patch Management internally, including its core patching functionality and Vulnerability Management, Detection, and Response. As a consultant, I help several Qualys user clients with best practices and similar tasks, addressing use cases ranging from vulnerability reduction and patch management to asset management. Qualys is a cloud-based platform. While they offer a private cloud option at a higher cost, their core functionality resides in the cloud. The lightweight agents we install on our systems simply collect data and upload it to the cloud-based Qualys interface. The only exceptions are passive sensors like network sniffers and on-premise scanners, which are optional deployments for specific needs. This cloud-centric approach eliminates the need for us to manage on-premise servers, unlike some competing products like baramundi.