The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents. Enhanced functionality in these areas would increase the service's effectiveness and efficiency. We anticipate updates that will address these issues and optimize our use of the service.
The scanning function could be improved. Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous. Publicly exposed assets are very critical. If a remediation action is taken by the end-user or the auditor working on a vulnerability management program, that person must be given access to run the scan as and when required. This way they can immediately check whether that particular vulnerability is present or not. Also, allowing more comprehensive scan configurations could be beneficial. The lightweight scan that it does is only based on the ports or services that are identified through the Discovery Scan. It would be helpful for the auditors to be able to run a more comprehensive scan. Additionally, while downloadable asset information is available in the CSAM module, it lacks mapping of software to assets in a consolidated report format. For instance, if I want to download information about 100,000 assets along with the software mapped to those assets, this option is currently not available. If I download the SH details, it will have only the BIOS information, the serial number of the device, the hostname, the MAC address, and the IP address. Only these details are available. It does not give information about the software installed on those assets. The software mapping with assets is not given in a consolidated report. Enhancing this capability would elevate its usefulness.
Senior Cyber Security Analyst at a financial services firm with 10,001+ employees
Real User
Top 10
2024-10-11T16:47:00Z
Oct 11, 2024
Initial scans can produce excess data that needs refining. This extra data is not always useful for us in terms of understanding. They should provide the exact information required by the end user. It sometimes produces false positives for configurations when it comes to identifying exact hostnames and DNS names pertaining to certain IPs. Sometimes, the tagging might be incorrect. It might incorrectly tag assets. This is something that should be fixed. Software composition analysis capability at the source code level would also be helpful. Other tools can check JAR and WAR files for any vulnerabilities. This capability is missing in Qualys CSAM. From the user experience perspective, we need a simpler interface and reduced complexity in certain features, particularly with the Qualys Query Language. I work for a bank. I am a part of the regional team. We ask branches to use this tool effectively, but the branch IT teams find it difficult in terms of user experience. It is not easy for them to understand and use Qualys Query Language to fetch some inputs. The user interface must be improved in terms of giving some examples through popups and other UI elements. Currently, our users are not able to use it easily based on the basic training that we are giving them. That is why we are now documenting step-by-step instructions for completing tasks. Some of the users find the UI to be very cluttered. They should simplify the dashboard. They would also like more customizable navigation. Some users have reported slow asset discovery. They should improve speed and efficiency. When we use some of the profile options within Qualys for scanning, it can take 40 to 50 minutes to scan a single asset. That time could be reduced. Users would also like more customizable reports. Currently, after downloading the reports, the team has to format the data provided by Qualys CSAM. If there is an option to customize the reports directly before downloading them, it would be very helpful. They can directly deliver the report to higher management. They do not have to spend time formatting the report. There could also be better integration with other tools. Based on my integration experience previously, not in this company, there were some limitations with the integration. The APIs and integration options can be improved making the integration with various tools such as ITSM tools a smooth experience. My team is using some Python scripts. It would be great if Qualys could provide some custom scripts as a part of the subscription. It will help new users in terms of understanding the solution better. There should be better tagging and categorization. That would be helpful for us. The tagging system should be more intuitive and flexible. Currently, the dynamic grouping of these assets based on the conditions is not up to the mark. Some of them are incorrectly tagged. In terms of the learning curve, some of the new users find it challenging to learn the full capabilities of the platform. In addition to supporting more customizations for dashboards, reporting, or navigation, there should be more resources for people to become familiar with the product. There should be more hands-on learning materials and a better onboarding experience. The current knowledge base is not up to date with the latest features. There should be updated learning material available along with a release. When they release any new features, it can take one or two months for the learning resources to be updated. Vulnerability remediation recommendations need to be more appropriate and specific. There could also be improvements in terms of vulnerability context. Even though Qualys CSAM identifies vulnerabilities very well, it would be helpful to have more context. Currently, in some cases, Qualys is not able to fetch the right remediation solution or proper context. It gives a generic statement. At times, recommendations are also not appropriate.
In Qualys CSAM, there is a module called EASM. One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team. It only allows us to add the domain. There are only certain criteria that we can use to create a new profile inside EASM. I know that EASM is a new module in Qualys, and it is improving day by day, but it currently does not have the same configuration area that CSAM has. In the future, I hope it will be improved so that we are able to handle the configuration of EASM on our own. We do not have to raise any kind of vendor ticket or Qualys support ticket for that. Mainly, the configuration area needs improvement. Currently, we do not have all the rights to do the configuration. For any critical change, we cannot wait for the vendor to resolve the ticket. Just like CSAM, we should be able to do the configuration on our own in EASM.
It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or filter which we would like to export. As of now, anything and everything is automatically exported. We cannot choose.
The CMDB Sync feature currently only works with ServiceNow, which is common in larger organizations. If the feature could integrate with other, more affordable CMDB options, like those used by smaller businesses, we would be more likely to use it. Qualys CyberSecurity Asset Management could be more cost-effective by offering a much lower price point or including it with existing VMDR subscriptions. Additionally, providing more pre-built reports would improve accessibility for organizations by reducing the need for custom report creation.
Learn what your peers think about Qualys CyberSecurity Asset Management (CSAM). Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents. Enhanced functionality in these areas would increase the service's effectiveness and efficiency. We anticipate updates that will address these issues and optimize our use of the service.
The scanning function could be improved. Currently, in the EASM module, the scan frequency is limited to once daily, but allowing end users control over scan scheduling would be advantageous. Publicly exposed assets are very critical. If a remediation action is taken by the end-user or the auditor working on a vulnerability management program, that person must be given access to run the scan as and when required. This way they can immediately check whether that particular vulnerability is present or not. Also, allowing more comprehensive scan configurations could be beneficial. The lightweight scan that it does is only based on the ports or services that are identified through the Discovery Scan. It would be helpful for the auditors to be able to run a more comprehensive scan. Additionally, while downloadable asset information is available in the CSAM module, it lacks mapping of software to assets in a consolidated report format. For instance, if I want to download information about 100,000 assets along with the software mapped to those assets, this option is currently not available. If I download the SH details, it will have only the BIOS information, the serial number of the device, the hostname, the MAC address, and the IP address. Only these details are available. It does not give information about the software installed on those assets. The software mapping with assets is not given in a consolidated report. Enhancing this capability would elevate its usefulness.
Initial scans can produce excess data that needs refining. This extra data is not always useful for us in terms of understanding. They should provide the exact information required by the end user. It sometimes produces false positives for configurations when it comes to identifying exact hostnames and DNS names pertaining to certain IPs. Sometimes, the tagging might be incorrect. It might incorrectly tag assets. This is something that should be fixed. Software composition analysis capability at the source code level would also be helpful. Other tools can check JAR and WAR files for any vulnerabilities. This capability is missing in Qualys CSAM. From the user experience perspective, we need a simpler interface and reduced complexity in certain features, particularly with the Qualys Query Language. I work for a bank. I am a part of the regional team. We ask branches to use this tool effectively, but the branch IT teams find it difficult in terms of user experience. It is not easy for them to understand and use Qualys Query Language to fetch some inputs. The user interface must be improved in terms of giving some examples through popups and other UI elements. Currently, our users are not able to use it easily based on the basic training that we are giving them. That is why we are now documenting step-by-step instructions for completing tasks. Some of the users find the UI to be very cluttered. They should simplify the dashboard. They would also like more customizable navigation. Some users have reported slow asset discovery. They should improve speed and efficiency. When we use some of the profile options within Qualys for scanning, it can take 40 to 50 minutes to scan a single asset. That time could be reduced. Users would also like more customizable reports. Currently, after downloading the reports, the team has to format the data provided by Qualys CSAM. If there is an option to customize the reports directly before downloading them, it would be very helpful. They can directly deliver the report to higher management. They do not have to spend time formatting the report. There could also be better integration with other tools. Based on my integration experience previously, not in this company, there were some limitations with the integration. The APIs and integration options can be improved making the integration with various tools such as ITSM tools a smooth experience. My team is using some Python scripts. It would be great if Qualys could provide some custom scripts as a part of the subscription. It will help new users in terms of understanding the solution better. There should be better tagging and categorization. That would be helpful for us. The tagging system should be more intuitive and flexible. Currently, the dynamic grouping of these assets based on the conditions is not up to the mark. Some of them are incorrectly tagged. In terms of the learning curve, some of the new users find it challenging to learn the full capabilities of the platform. In addition to supporting more customizations for dashboards, reporting, or navigation, there should be more resources for people to become familiar with the product. There should be more hands-on learning materials and a better onboarding experience. The current knowledge base is not up to date with the latest features. There should be updated learning material available along with a release. When they release any new features, it can take one or two months for the learning resources to be updated. Vulnerability remediation recommendations need to be more appropriate and specific. There could also be improvements in terms of vulnerability context. Even though Qualys CSAM identifies vulnerabilities very well, it would be helpful to have more context. Currently, in some cases, Qualys is not able to fetch the right remediation solution or proper context. It gives a generic statement. At times, recommendations are also not appropriate.
In Qualys CSAM, there is a module called EASM. One improvement that they can make in the EASM module is the scan frequency. After EASM is configured the first time, it allows you to do the complete configuration, but if you want to reconfigure it, it will not ask or provide any option for scan frequency. For that, you need to raise a case with Qualys and talk to the Qualys team. It only allows us to add the domain. There are only certain criteria that we can use to create a new profile inside EASM. I know that EASM is a new module in Qualys, and it is improving day by day, but it currently does not have the same configuration area that CSAM has. In the future, I hope it will be improved so that we are able to handle the configuration of EASM on our own. We do not have to raise any kind of vendor ticket or Qualys support ticket for that. Mainly, the configuration area needs improvement. Currently, we do not have all the rights to do the configuration. For any critical change, we cannot wait for the vendor to resolve the ticket. Just like CSAM, we should be able to do the configuration on our own in EASM.
It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or filter which we would like to export. As of now, anything and everything is automatically exported. We cannot choose.
The CMDB Sync feature currently only works with ServiceNow, which is common in larger organizations. If the feature could integrate with other, more affordable CMDB options, like those used by smaller businesses, we would be more likely to use it. Qualys CyberSecurity Asset Management could be more cost-effective by offering a much lower price point or including it with existing VMDR subscriptions. Additionally, providing more pre-built reports would improve accessibility for organizations by reducing the need for custom report creation.