

Qualys Policy Compliance and MetricStream compete in compliance management. Qualys excels in pricing and customer support, while MetricStream offers a more advanced feature set, justifying higher costs for those needing complex functionalities.
Features: Qualys Policy Compliance provides comprehensive vulnerability assessments, automated compliance checks, and a user-friendly interface. MetricStream includes advanced risk management capabilities, extensive integration options, and customizable reporting features.
Room for Improvement: Qualys could enhance its customizable features and reporting depth. MetricStream requires simplifying its deployment process and reducing its reliance on extensive customer support due to its complexity.
Ease of Deployment and Customer Service: Qualys is renowned for its easy deployment and responsive customer service, easing implementation. MetricStream, however, could pose deployment challenges and requires more intensive support for optimal use.
Pricing and ROI: Qualys Policy Compliance is more cost-effective and offers a quicker ROI with its straightforward pricing and excellent support. MetricStream, while having higher initial costs, may deliver significant ROI for those needing extensive risk management and compliance features.
It delivers strong ROI as an enterprise-wide GRC platform with value realized through automation, reduced compliance effort, improved visibility, and efficient auditing.
I definitely saw a return on investment; there was a lesser number of audit headcount required, which saved us money and time on audits.
There is a measurable return on investment since we have reduced the time for Risk and Control Assessment from three to four months to approximately 30 to 40 days, which lowers costs significantly.
Additionally, when needed, they help set up additional training to walk us through demos of each module to help us make the best use of MetricStream for our organization's needs.
We had to engage with senior management from time to time, but they were responsive and quick in working through our issues.
Customer support was very quick to respond anytime I needed assistance.
They understood the scope, and we were ready to jump into the implementation phase in a day or two.
Qualys Policy Compliance customer support is very good.
It is an enterprise-grade platform designed to support large global organizations with thousands of users, handling high volumes of risk controls, audits, issues, and assessments.
The biggest issue I have encountered with clients has been around upgrades that require re-implementing customizations to the out-of-box solutions after significant upgrades.
MetricStream demonstrates strong scalability by supporting enterprise compliance programs with large volumes of regulatory requirements, controls, assessments, evidence records, and user activity.
In terms of scalability with Qualys Policy Compliance, we did not face any issues. It was scalable.
MetricStream performs well in managing large volumes of data.
MetricStream is stable, but if there is an issue, it will be complicated to resolve with the support team.
MetricStream's stability is very powerful, and it can handle a lot of tasks effectively.
Once everything is set and done with Qualys Policy Compliance, we did not face any performance issues or issues in terms of it being resource-friendly or utilizing any machine resources.
It is very rare to encounter performance issues, about 0.1 to 0.01%.
Low-code or no-code enhancements and easier integration with enterprise systems such as SharePoint, ServiceNow, SAP, or Azure DevOps could reduce implementation effort and operational time.
We desire a product that does not require development teams for customization but enables users to make configurations or adjustments with little effort.
The support quality needs significant improvement.
They need to improve the reporting part of the CI/CD pipelines and the ability to download scans from pods.
If there were some sort of reporting that fulfills auditor's requirements, particularly if there is an external audit and they ask us for any historical data like how long we have been compliant to the PCI framework, that would be valuable.
MetricStream is a bit costly.
In terms of pricing, setup cost, and licensing for MetricStream, we did run into issues with insufficient licensing, but the ability to acquire new licenses was relatively quick and effortless.
My experience with the pricing, setup cost, and licensing was that it was reasonable.
We have had the ability to essentially write SQL code that allows us to develop a report in real time that gives us insight into various different KPIs or KRIs leveraged across the organization.
Control and compliance mapping was one of the most powerful features for NERC compliance as we can map NERC standards and requirements directly to controls, risks, evidence, and corrective actions, creating end-to-end traceability.
The best features that MetricStream offers for the automation of audits include the alerting system and the ability to attach evidence.
From the Qualys Policy Compliance, the best feature is that they have predefined templates for compliances, allowing easy application of compliance requirements against our products and providing clear reports on whether assets are compliant or not.
In Qualys Policy Compliance, the best feature is that they keep their vulnerability database updated.
| Product | Mindshare (%) |
|---|---|
| Qualys Policy Compliance | 4.0% |
| MetricStream | 15.2% |
| Other | 80.8% |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 2 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 2 |
| Midsize Enterprise | 2 |
| Large Enterprise | 4 |
MetricStream is a cloud-based platform providing robust audit, compliance, and risk management tools. Users enjoy features like mobile interfaces and centralized risk libraries, though some report interface flow issues and technical support challenges.
MetricStream stands out for its audit, risk, and compliance capabilities, delivering customizable and standardized risk management across departments. Its comprehensive dashboards and reporting tools streamline compliance processes, reducing planning time and breaking down silos. Though described as a pricier option, it efficiently integrates risk elements and supports users with mobile interfaces and cloud availability. Areas for improvement include enhancing security integration, improving interface flow, and boosting support services, particularly from India.
What features does MetricStream offer?System integrators utilize MetricStream in audit and risk management, focusing on template preparation and UI testing. They assemble components like Lego pieces, but face challenges with larger solutions requiring developer participation for code alterations. Initial implementation is often delayed by India-based technical support, impacting operations. Enterprise and Operations Risk Management are commonly employed with MetricStream, highlighting its industry relevance.
Qualys Policy Compliance offers seamless compliance management featuring real-time threat detection, policy customization, and integration with SIEM and ticketing tools. It supports both on-premises and cloud assets, ensuring comprehensive security management.
Qualys Policy Compliance provides a streamlined approach to compliance through its predefined templates and frequent vulnerability updates, supporting the compliance needs of organizations managing diverse infrastructures. Its interface allows effective management of security policies and straightforward compliance verification. Users benefit from enhanced security management with its automation features and asset scanning capabilities. Integration with cloud infrastructure and seamless policy management across platforms like Windows, Linux, and networking appliances make it indispensable for enterprises seeking minimal vulnerabilities.
What are the key features of Qualys Policy Compliance?Banks and organizations utilize Qualys Policy Compliance for server hardening and security configuration verification. Loading it with security policies, they ensure PCI compliance and effective vulnerability management. It's particularly effective across Windows, Linux, and networking appliances with basic scans for compliance checks.
We monitor all IT Governance reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.