The policy creation aspect needs improvement. Our team has limited knowledge about creating policies, and I need to focus on this area more. I should study more about creating and handling policies efficiently.
Policy implementation is sometimes a little bit different than, for example, the CIS standards. If you are using a CIS type of standard, controls will be differently implemented, and that implementation is not straightforward. There is no clear mapping for the CIS controls in terms of how they should be implemented into Qualys, so the implementation stage might be a little bit challenging for the customer. That means that the customer will end up opening support cases, which will overload their support team to explain those. If they are somehow published somewhere, it would save time and effort for both sides.
It would be good if the solution’s technical support could be faster. I would like to improve the solution's detection feature whereby any vulnerability can be detected and immediately put in the sandbox.
The reporting needs improvement. While the tool is really good at doing the assessment, it's not as good at reporting various compliance states. Maybe management reporting could be improved as well. They really need to improve the versioning of the policies. You can create basically your own policy based on the industry practice. However, if that industry practice changes, for example, maybe there's a new version from Microsoft, you basically need to start from scratch. That kind of migration from the old best practice to the new best practice and retaining all those customizations that have been done for the old one that has not been actually done. That's something to improve. However, we typically do it as we work with it. We do it programmatically. We do it through the API.
IT Governance solutions refer to a set of practices, processes, and tools designed to ensure effective management and control of IT resources within an organization.
The policy creation aspect needs improvement. Our team has limited knowledge about creating policies, and I need to focus on this area more. I should study more about creating and handling policies efficiently.
Policy implementation is sometimes a little bit different than, for example, the CIS standards. If you are using a CIS type of standard, controls will be differently implemented, and that implementation is not straightforward. There is no clear mapping for the CIS controls in terms of how they should be implemented into Qualys, so the implementation stage might be a little bit challenging for the customer. That means that the customer will end up opening support cases, which will overload their support team to explain those. If they are somehow published somewhere, it would save time and effort for both sides.
It would be good if the solution’s technical support could be faster. I would like to improve the solution's detection feature whereby any vulnerability can be detected and immediately put in the sandbox.
The reporting needs improvement. While the tool is really good at doing the assessment, it's not as good at reporting various compliance states. Maybe management reporting could be improved as well. They really need to improve the versioning of the policies. You can create basically your own policy based on the industry practice. However, if that industry practice changes, for example, maybe there's a new version from Microsoft, you basically need to start from scratch. That kind of migration from the old best practice to the new best practice and retaining all those customizations that have been done for the old one that has not been actually done. That's something to improve. However, we typically do it as we work with it. We do it programmatically. We do it through the API.