In Qualys CSAM, there is a module called EASM. One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team. It only allows us to add the domain. There are only certain criteria that we can use to create a new profile inside EASM. I know that EASM is a new module in Qualys, and it is improving day by day, but it currently does not have the same configuration area that CSAM has. In the future, I hope it will be improved so that we are able to handle the configuration of EASM on our own. We do not have to raise any kind of vendor ticket or Qualys support ticket for that. Mainly, the configuration area needs improvement. Currently, we do not have all the rights to do the configuration. For any critical change, we cannot wait for the vendor to resolve the ticket. Just like CSAM, we should be able to do the configuration on our own in EASM.
It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or filter which we would like to export. As of now, anything and everything is automatically exported. We cannot choose.
The CMDB Sync feature currently only works with ServiceNow, which is common in larger organizations. If the feature could integrate with other, more affordable CMDB options, like those used by smaller businesses, we would be more likely to use it. Qualys CyberSecurity Asset Management could be more cost-effective by offering a much lower price point or including it with existing VMDR subscriptions. Additionally, providing more pre-built reports would improve accessibility for organizations by reducing the need for custom report creation.
Learn what your peers think about Qualys CyberSecurity Asset Management (CSAM). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
In Qualys CSAM, there is a module called EASM. One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team. It only allows us to add the domain. There are only certain criteria that we can use to create a new profile inside EASM. I know that EASM is a new module in Qualys, and it is improving day by day, but it currently does not have the same configuration area that CSAM has. In the future, I hope it will be improved so that we are able to handle the configuration of EASM on our own. We do not have to raise any kind of vendor ticket or Qualys support ticket for that. Mainly, the configuration area needs improvement. Currently, we do not have all the rights to do the configuration. For any critical change, we cannot wait for the vendor to resolve the ticket. Just like CSAM, we should be able to do the configuration on our own in EASM.
It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or filter which we would like to export. As of now, anything and everything is automatically exported. We cannot choose.
The CMDB Sync feature currently only works with ServiceNow, which is common in larger organizations. If the feature could integrate with other, more affordable CMDB options, like those used by smaller businesses, we would be more likely to use it. Qualys CyberSecurity Asset Management could be more cost-effective by offering a much lower price point or including it with existing VMDR subscriptions. Additionally, providing more pre-built reports would improve accessibility for organizations by reducing the need for custom report creation.