Coming October 25: PeerSpot Awards will be announced! Learn more

Qualys VM OverviewUNIXBusinessApplication

Qualys VM is #3 ranked solution in top Vulnerability Management tools. PeerSpot users give Qualys VM an average rating of 8.2 out of 10. Qualys VM is most commonly compared to Tenable Nessus: Qualys VM vs Tenable Nessus. Qualys VM is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
Qualys VM Buyer's Guide

Download the Qualys VM Buyer's Guide including reviews and more. Updated: September 2022

What is Qualys VM?

Qualys Vulnerability Management (VM) is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

Qualys VM was previously known as QualysGuard VM.

Qualys VM Customers

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx

Qualys VM Video

Qualys VM Pricing Advice

What users are saying about Qualys VM pricing:
  • "We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey."
  • "Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly. On a scale from one to five, I would give their pricing a three. It's still expensive."
  • "It is a high cost product. Compared to the other solutions, it is around 15 to 20% higher in cost."
  • "Qualys is cheaper and more affordable than other solutions."
  • "Qualys is a pay-as-you-go model, so there's flexibility to the pricing."
  • "There are no additional fees in addition to the standard licensing fees."
  • Qualys VM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Senior Security Consultant at a tech services company with 10,001+ employees
    Consultant
    Excellent continuous monitoring, helpful technical support, easy to scale, and simple to install
    Pros and Cons
    • "The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities."
    • "Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems."

    What is our primary use case?

    Qualys' main function is to scan IT systems. It does the scanning of computer systems.

    What is most valuable?

    Continuous Monitoring is excellent because it is entirely dependent on the agent, and the Agent Scan, is also quite good. 

    I also like the asset tagging, asset grouping features, and the dashboard, because we can customize and create our own dashboard. That's quite good. 

    The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities. That is also an excellent module.

    What needs improvement?

    The dashboard itself could be improved, while we can customize it, they can create different tabs where we can see the trending vulnerabilities, how many there are, or how many have been fixed, as in the most recent scan report, so that trend analysis is a little easier.

    Aside from that, the solution itself is fairly generic in nature. What they can do is pretty much customize everything and provide a relevant solution for everything. For example, because Qualys has a Cloud Agent that scans a system's entire inventory. As a result, they can test their use cases to determine whether or not a vulnerability has been confirmed. If they can do so, they can also provide us with a straightforward solution to a specific problem rather than a generic one. That could be one area where they can improve. 

    Qualys does not currently have an IoT, SCADA vulnerability assessment, they can significantly improve their IoT, SCADA, and ICS (Industrial Control Systems) vulnerability assessment technique. When you compare with Tenable SC it has more features than Qualys VM.

    If you see power grids, large oil stations, they fall under SCADA and Industrial Control Systems. These systems are very different from standard IT systems. Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems.

    I believe they can improve on the addition of devices. Assume I have two lakhs of devices that cannot all be added at the same time. For example, if I have two lakhs of devices, and two lakhs of those devices have a Cloud Agent, adding all of those devices at once is not easy. We have to add it 1,000 at a time, which takes a long time when there are two lakhs of assets to add. If we do 1,000 at a time, we'll have to do it for around two lakhs, which is quite difficult.

    They can increase their frequency of working faster, similar to the time constraint they currently have. The second thing they can improve is the addition of assets. They can almost completely automate the process of adding assets, or they can increase the maximum number of assets that can be added in one go. They are only allowed to add 1,000 assets. If I want to add two lakh assets, it will be extremely difficult to do so by adding 1,000, at a time.

    That is a fairly technical issue. Most of the false positives reported by Qualys or the inability to detect a cumulative patch update, if any, are the few things that they can improve and incorporate. 

    As I previously stated, it would be extremely beneficial if they could implement scanning, vulnerability scanning of IoT systems, Industrial Control Systems, and SCADA devices.

    For how long have I used the solution?

    I have been working with Qualys VM for approximately four years.

    We have been using multiple Qualys modules, such as VMDR, Cloud Agent, AssetView, and Continuous Monitoring. The most recent version that we are using is 4.14.

    Buyer's Guide
    Qualys VM
    September 2022
    Learn what your peers think about Qualys VM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    632,611 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    It's reasonably steady. When we say stable version, there is also room for improvement in that Qualys will not be able to handle large amounts of data at once. When you do billions of scans, such as a scan for millions of devices, it becomes extremely slow, and gathering data and populating the report becomes extremely tedious. 

    What do I think about the scalability of the solution?

    Scalability is quite good. We can pretty much rely on the tool. It is easy to scale. 

    If the organization grows, we can pretty much scale it to most of the areas. The only problem is that they must primarily work on Industrial Control Systems and lightweight devices such as CCTV cameras, and lightweight devices. As a result, they are required to work in that field, otherwise, it is pretty good.

    Based on my previous experience, there were approximately 300 or more users using Qualys in organizations with a population of more than two lakh people. Currently, I see that approximately 400 users are using it, and the size of the organization is significantly larger than the previous one.

    We use this solution daily.

    How are customer service and support?

    Technicals support is pretty good. Since I've been working in this, they've been friendly and straightforward, and we were able to get the most out of them.

    We have suggested areas for improvement, and they have been working on them. They always make a good impression on us.

    Which solution did I use previously and why did I switch?

    As a consultant, I've worked on a variety of projects in a variety of organizations.

    How was the initial setup?

    The initial setup is simple and straightforward.

    What about the implementation team?

    We initially had assistance from the vendor, but once we had a good understanding of it, we scaled it in our organization.

    Which other solutions did I evaluate?

    Because I've been using Qualys for quite some time, I was looking for a comparison of several solutions such as Tenable SC, Rapid7, InsightVM, and Tenable Nessus. I was curious to know if there were any other tools that were better than Qualys.

    I was looking for more information about Tenable SC and wanted to compare it to Qualys in more detail, with parameters such as, how the false positives are detected in Tenable SC and how good it is in comparison to Qualys. In a similar manner, in comparison to Qualys, we learn about its usability, interface, and how user-friendly it is. Those are the few things I was looking for, and I'm still looking for more information about Tenable right now.

    What other advice do I have?

    They have the ability to improve SCADA. SCADA stands for Supervisory Control and Data Acquisition, and IoT stands for Internet of Things scanning.

    Recommending this solution would depend on the organization, the requirements, and the devices they have.

    For a typical IT system, it is very good to go with this solution. Microsoft, Deloitte, and the majority of organizations still use it, it is pretty much good to go. But, once again, it is entirely dependent on how the organization is, what type of devices they have, and what kind of scans they would like to have, it is entirely dependent.

    In a broad sense, it is a good solution to go with.

    I would rate Qualys VM an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Information Security Manager at a outsourcing company with 51-200 employees
    Real User
    Accurate and effective with good reporting
    Pros and Cons
    • "The reporting functionality is great."
    • "They're still evolving their platform in terms of reporting capabilities."

    What is our primary use case?

    We do vulnerability management mostly with the agents and sometimes with the scanner.

    We use it to install for around 20 or 30 clients right now so that we can remotely monitor their vulnerability status and help them improve their patch management processes. When certain critical things come up, we help clients with the Log4J, identifying where they need to remediate some of the super trendy critical things that come out and identifying end-of-life operating systems and software that need to be updated.

    What is most valuable?

    The reporting functionality is great. The most prominent feature that made us move from Nessus Professional was the scanner-based scanning to the Qualys agent-based scanning to move to work from home and remote.

    If somebody's not connected to the network, you're not going to catch them with an appliance-based scan. However, if you have the agent on, as long as they're on the network, they're constantly checking in and constantly scanning.

    It's more accurate and effective to get a picture of what the vulnerabilities are in a more distributed workforce.

    The reporting capabilities that are available in Qualys are a work in progress. I know they're still evolving, and it's not always perfect. However, we only have so much flexibility to pinpoint a specific thing that we want to follow or monitor across all of our clients. We can set it up in a dashboard or report and do it quickly.

    What needs improvement?

    They're still evolving their platform in terms of reporting capabilities. Every time they make a change, it's not always super smooth, and it's a little quirky with bugs sometimes. That said, they've been really responsive at helping resolve issues that we find. We've got a pretty close relationship with them and our account managers there. We’re working on it.

    For how long have I used the solution?

    We've been using it as a service provider for about a year or so.

    What do I think about the stability of the solution?

    The solution can sometimes be buggy.

    The agent itself is stable. The reporting platform seems to go through quite a bit of change that they're trying to make it more robust and developing more things, and so we'll make customizations, and they make it update, and the customizations wipe out. I wouldn't say the reporting platform is super stable at the moment. However, it more than meets our needs far beyond what we had with Nessus Professional. The ability to monitor has been stable.

    What do I think about the scalability of the solution?

    It's incredibly scalable. We've got it across 20 or 30 clients, and so we're pretty happy with how scalable it is from that aspect of a multi-client platform as an MSTP of that type of service.

    However, the reporting doesn't seem to be as scalable. The more clients we add to it, the slower it runs with the reporting and dashboards.

    Most of our clients are small and medium-sized businesses, so each of those clients has maybe anywhere from 30 to 1,000 agents.

    We do plan to increase usage. We're only a year in. We touch a couple of hundred clients a year, so we're just learning the capabilities of it and growing with Qualys as we go. We're definitely all in with Qualys at this point.

    How are customer service and support?

    I maybe had one meeting trying to understand how to build the dashboards, however, my colleague is the one that was selected to handle the solution and works closely with technical support. From what I heard, they've been great.

    Which solution did I use previously and why did I switch?

    We previously used Nessus Professional. We switched when we could no longer go use our paid scanner on a client environment due to COVID and not actually going to client offices and nobody being there. Therefore, at that time, it wouldn't have been an effective vulnerability scan, and we had to look at other options. While one of our larger clients does have Nessus iOS through the city government, and it's a great tool, the pricing model was just cost prohibitive for our users across so many clients, and so that's why we were looking at other tools.

    How was the initial setup?

    It's straightforward as long as the clients have any technical know-how or central management of their devices.

    The agents update themselves. There isn’t maintenance necessary once it is deployed.

    What's my experience with pricing, setup cost, and licensing?

    I’m not clear on the pricing. We don't use it as an in-house tool, and we use it more as a managed service provider. We provide information security consulting services for many companies. When they don't have vulnerability management, we'll offer to support Qualys for them. We've got the MSP platform, and so it's not the typical pricing structure or platform. Therefore, I can’t speak to the exact pricing or typical licensing.

    What other advice do I have?

    We pay for the Qualys platform, and we will maintain the vulnerability management for our clients until they get their own vulnerability management solution.

    I’d recommend the solution to others.

    In a world of the hybrid workforce and work from home, if you're looking for a more effective vulnerability management tool, you have to go to the agent-based vulnerability management tools that are out there, and we've been extremely happy with Qualys. We were also delighted with Nessus in terms of their ability to identify things. However, an agent-based scanner is above an appliance base for known devices. Ideally, you have both of them together so you can scan your network for devices that might have an agent on it. However, for known devices, we definitely have been switching and really appreciate the switch to agent-based in Qualys.

    I’d rate the solution eight out of ten. The only downside is that reporting can be slow, knowing that we're dealing with trying to load dashboards with 20,000 to 30,000 agents.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Qualys VM
    September 2022
    Learn what your peers think about Qualys VM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    632,611 professionals have used our research since 2012.
    Cyber Security Director at a manufacturing company with 10,001+ employees
    MSP
    Top 20
    Reliable with good technical support and good stability
    Pros and Cons
    • "The initial setup is straightforward."
    • "The solution is a bit expensive if you do not have access to discounts."

    What is our primary use case?

    We primarily use the solution for full enterprise visibility from both an asset detection perspective and vulnerability detection perspective. Basically, we are tracking all the devices over agents, including PCs and servers, et cetera. 

    We are able to understand what our current situation is on the devices. At the second stage, we are able to catch the devices which do not have agents or which are not in the inventory, with on-premise scanners. 

    We are running security configuration hardening assessments or compliance with CIA security benchmarks. 

    In addition to that, we are also utilizing the cloud assessment solution of the Qualys, to ensure compliance with CIA security standards. For example, the Amazon cloud platform is configured compliantly with the CIA security benchmark. These are the four pillars utilized.

    What is most valuable?

    The prioritization mechanism is the most valuable aspect of the solution.

    The initial setup is straightforward. 

    Technical support is great.

    The stability and reliability are good.

    What needs improvement?

    The user experience, the UI, needs to be improved. The technology is there and it is obvious it is able to do many things, however, from a user experience perspective, the UI design is a bit complicated. If the platform could have a bit more of a user-friendly environment, it could be easier for the admins and analysts to use it.

    The solution is a bit expensive if you do not have access to discounts. 

    From a general perspective, SLA tracking capabilities could be improved with a building method. There was a tracking method to be able to see if this vulnerability for a while or maybe it was patched. However, an internal SLA mechanism could help with batch prioritization and issue detection. 

    I'd rate the solution at a nine out of ten.

    For how long have I used the solution?

    I've been using the solution for six months. I've used it for less than a year now. 

    What do I think about the stability of the solution?

    The solution is stable. The passive scanning capabilities are advanced. I'm able to see all the missing paths and many vulnerabilities or many configuration mistakes at the same time. Due to its passive scanning, we don't see any stress or research consumption from agents.

    Network scans are a bit more intense and they of course require research and can create some noise, however, for the most part, it is okay. There is no reliability issue from our perspective.

    What do I think about the scalability of the solution?

    I haven't really tried to scale the solution and therefore cannot really speak to it. We do have some activities happening on there, however, I'm not ready to provide feedback for the results. It's my understanding, however, that the API extensibility is great. I've just not seen anything yet that I can really comment on.

    How are customer service and technical support?

    Technical support is pretty good. It is very easy to get support from the global team, at least for us. We don't depend on local partners, which is great due to the fact that, whenever you are acting in 10 or 11 countries, local partners can be an issue. The language barriers, et cetera, can be an issue. That's why it is great to have responsible global support.

    How was the initial setup?

    The initial setup was very straightforward. We just deployed the agents and everything went very smoothly. There were no big issues.

    What's my experience with pricing, setup cost, and licensing?

    We pay a yearly fee for a license. 

    They have very good discounts. That's why the price is okay for us. Generally, if we talk about the price without discounts, I do see a big peak in vulnerability management solutions licenses. It is not only Qualys. All the vendors peaked at some point. 

    We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey. There's room to improve, however, I believe they're managing things with discount offerings. I'm saying this not only for Qualys. All the vulnerability management solutions do the same thing price-wise.

    Which other solutions did I evaluate?

    We did evaluate other solutions. We looked at most other vulnerability management solutions.

    What other advice do I have?

    We are just a customer and end-user.

    We are using the latest version of the solution. I cannot speak to the exact version we are using, however. 

    We are using both the on-premises and cloud deployment models. We have on-premise sensors and we have a scan-over cloud service from Qualys. Qualys cloud has a scanning capability for pairing sensors, for scanning an external perimeter. Therefore, we are utilizing that and agents as well.

    I'd recommend the solution.

    If anybody looks forward to first perimeter security, if any conceptual work is done around perimeter security, they have to solve that agent issue first for their program. Companies need to select a solution that can work wherever the PC is. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Assistant Manager Solutions at Mutex Systems Pvt. Ltd.
    Real User
    Top 20
    A robust and user-friendly cloud-based service that gives you immediate, global visibility into potential vulnerabilities and threats
    Pros and Cons
    • "I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned. I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first. I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report. The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile."
    • "The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release. I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement."

    What is our primary use case?

    We're using the entire suite except for Patch Management. I use Qualys VM for my production environment on Amazon AWS. I also use it for my endpoints and some BDI solutions that require on-premise solutions, and I use it for both.

    What is most valuable?

    I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned.

    I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first.

    I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report.

    The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile. 

    What needs improvement?

    The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release.

    I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement.

    For how long have I used the solution?

    I have been working with Qualys VM for the past six months.

    What do I think about the stability of the solution?

    Qualys VM is a stable solution.

    What do I think about the scalability of the solution?

    Qualys VM is a scalable solution. We currently have about 4500 users in our organization.

    How are customer service and support?

    Support could be a little bit faster. I haven't been granted access to their support portal, but I have a technical support engineer who's always available, and there is only one person I can talk to. But the problem is if he's absent, I'm left waiting for access to his portal. 

    Which solution did I use previously and why did I switch?

    I used Symantec before but switched to Qualys VM as there's no limitation to adding endpoints. The other reason everyone moved to Qualys VM was its robustness and flexibility. I think that's something that's there, and there was no hassle in deploying the agent. All I had to do was get these machines that were enrolled in our MDM solutions.

    How was the initial setup?

    As it's a cloud agent, there wasn't any specific setup. It's also managed centrally by Qualys, and when they always release a new update, all we have to do is push it. So, the maintenance requirement is minimum at best.

    What about the implementation team?

    We deployed this solution by ourselves.

    What's my experience with pricing, setup cost, and licensing?

    Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly.

    On a scale from one to five, I would give their pricing a three. It's still expensive.

    What other advice do I have?

    If you're going for an on-premises solution, you should dive into the POC. Because I wasn't procuring an on-premises solution, it was pretty easy for me, and the support was quite helpful. But if you're going to deploy it on-premises, you should go through a proper procedure of going through the POC and getting to know the product. I would rate it at the top because it's better than Nexpose, it's better than Tenable, and it's better than Symantec.

    On a scale from one to ten, I would give Qualys VM an eight. 

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    JoaoManso - PeerSpot reviewer
    CIO / IT Consultant at RedShift
    Reseller
    Top 5
    Cloud based service that offers insight into security and the vulnerability management of assets
    Pros and Cons
    • "The most valuable feature is the ability to run different capabilities with the same agent. With only one agent, we can have EDR, vulnerability management, compliance and some basic SaaS security capabilities."
    • "This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs."

    What is our primary use case?

    We use this solution to manage compliance and to verify the gap between the policy defined by the company and the ones that are implemented in the system. We also use Qualys for vulnerability management of assets in the cloud or on-prem. 

    What is most valuable?

    The most valuable feature is the ability to run different capabilities with the same agent. With only one agent, we can have EDR, vulnerability management, compliance and some basic SaaS security capabilities.

    What needs improvement?

    This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs. 

    They have been adding additional features such as attack surface monitoring and intelligence to help managers detect additional risks. Adding intelligence is one of the most important features that we need.

    For how long have I used the solution?

    We have been using this solution for two years. 

    What do I think about the stability of the solution?

    This is a stable solution. 

    What do I think about the scalability of the solution?

    For a company with over 100,000 assets, there are challenges with scalability. 

    How are customer service and support?

    We haven't often needed support from Qualys but when we have needed it, they have been quick to respond and resolve our issues. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    If we compare Qualys VM to other vulnerability management solutions like Tenable, Qualys is only for agents. Their on-prem capabilities are pretty limited so it is very easy to manage assets that are cloud connected, but if they are not cloud connected, it is challenging. Tenable is better at managing non-cloud connected agents.

    How was the initial setup?

    The initial setup is straightforward. After the cloud tenant is available and the agents are installed, the first scans can be done in one to two days.

    There is maintenance required for the agents but it is completely controlled by the cloud and is done automatically. There is a necessity for human intervention when there is a new agent or new feature that must be tested before it is implemented.

    What about the implementation team?

    We implemented the solution in-house. 

    What was our ROI?

    Return of investment is difficult to assess because it's a tool that helps to reduce risks but doesn't have a direct feature on ROI.

    What's my experience with pricing, setup cost, and licensing?

    It is a high cost product. Compared to the other solutions, it is around 15 to 20% higher in cost. Qualys VMDR has multiple features in addition to vulnerability management and there is an additional cost for these features. 

    What other advice do I have?

    The initial setup is not straightforward and it's important to have the agent connectivity linked to the cloud and available all the time.

    If you have assets that are not connected to the cloud, you will need help from a service provider or integrator because the introduction of passive scanning is not straightforward.

    I would rate this solution a seven out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
    Flag as inappropriate
    PeerSpot user
    Network and security Pre-sales Engineer at a tech services company with 51-200 employees
    MSP
    Top 20
    A reliable, affordable, safe, scalable, and easy-to-use solution for vulnerability management and policy compliance
    Pros and Cons
    • "There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features."
    • "Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching. They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework."

    What is our primary use case?

    We are a system integrator. We implement Qualys for our customers for vulnerability management and policy compliance. We are not using Qualys as a product in our company. We have public, private, and hybrid cloud as well as on-premises deployments.

    What is most valuable?

    There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features.

    What needs improvement?

    Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching.

    They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework. 

    For how long have I used the solution?

    I have been using this solution for three years.

    What do I think about the stability of the solution?

    Qualys is a reliable, strong, and solid product. 

    What do I think about the scalability of the solution?

    It is scalable. The main advantage of Qualys is that it is a cloud-based solution because of which you can scale it up or down according to your needs. It is very quick and flexible.

    How are customer service and technical support?

    Because we are in the Middle East, we deal with the office in Dubai. You cannot imagine how supportive they are. They are amazing in their response.

    How was the initial setup?

    The initial setup was easy. It has great hardware. Its deployment was easier than Rapid7, which is a bit complicated. Tenable is less complicated, but Qualys is faster and easier to deploy than Tenable. 

    I deployed Qualys in two hours. It is easy to install, manage, and go through. There are multiple tabs, and everything is understandable.

    What's my experience with pricing, setup cost, and licensing?

    Qualys is cheaper and more affordable than other solutions.

    What other advice do I have?

    I would recommend Qualys because it is a reliable, affordable, and very safe product. It can have everything that you are looking for.

    I would rate Qualys VM an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    PeerSpot user
    Prajot Nair - PeerSpot reviewer
    Senior Manager -Cloud Security at Capgemini
    Real User
    Top 5
    Continuous endpoint monitoring and amazing dashboards
    Pros and Cons
    • "Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported."
    • "Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time."

    What is most valuable?

    Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported. Plus, the dashboards are amazing. There are so many dashboards and things in the console that you can explore, which I think other solutions, Tenable.io for example, are still working on. 

    What needs improvement?

    They have everything covered as far as features are concerned, but Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time. 

    For how long have I used the solution?

    I've been working with this solution for one to two years.

    What do I think about the stability of the solution?

    This solution is definitely stable.

    What do I think about the scalability of the solution?

    The solution is scalable. 

    How are customer service and support?

    I am not happy with the technical support because I had a very bad experience with them. On a scale of one to five, I would give Qualys tech support a two.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    There were a few challenges. I had an integration issue with Qualys where they had to enable the data privacy from the back end because I couldn't integrate it with the SIEM.

    What was our ROI?

    The ROI is definitely good for this solution. 

    What's my experience with pricing, setup cost, and licensing?

    Qualys is a pay-as-you-go model, so there's flexibility to the pricing. 

    What other advice do I have?

    Everything is well-documented by Qualys. Their white paper is published and they have much visibility across the globe and on different platforms. If you look into their educational YouTube channel, you get a lot of information. There are a lot of seminars and talks on Qualys VMDR features.

    The advantage with Qualys is that you get a lot of features because it has been a market leader for quite a long time. The solution has an agent-based approach and I think it is highly evolved when compared to Tenable, for example. However, Qualys is a bit highly priced so if you're looking strictly at pricing, I think you will get a better value with Tenable. 

    I would rate this solution as a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Tim Cranny - PeerSpot reviewer
    Principal at Cranny Group
    Real User
    Good return on investment, ease of deployment, and metrics
    Pros and Cons
    • "The Vulnerability Management and Patch Management features are the most valuable features of this solution."
    • "Endpoint stability and fault resolution could be improved."

    What is our primary use case?

    It is a SaaS solution with agents distributed at endpoints.

    How has it helped my organization?

    Qualys VM has improved the way the organization functions.

    What is most valuable?

    The Vulnerability Management and Patch Management features are the most valuable features of this solution.

    The most valuable qualities of Qualys VM are its ease of deployment and metrics.

    What needs improvement?

    Endpoint stability and fault resolution could be improved.

    I would like to see the solution's footprint expanded to include iOS and iPads in the next release.

    One example of how it could be better would be better handling of end-of-life systems and better feedback on job failures.

    For how long have I used the solution?

    We have been working with Qualys VM for just over two years.

    It is a cloud platform. I'm not sure if a version is associated with that. 

    What do I think about the stability of the solution?

    The stability of Qualys VM is quite good, but not fantastic. I would rate it an eight out of ten.

    What do I think about the scalability of the solution?

    The scalability of Qualys VM is very good.

    This solution is used by five security or system administrators in our organization.

    We have no plans to expand our usage; it is already widely deployed.

    How are customer service and support?

    The technical support is mediocre at best.

    I would rate them a two out of five.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We were previously using Lansweeper, which was not scalable.

    How was the initial setup?

    I would rate the initial setup a three out of five.

    It took several weeks to deploy.

    What about the implementation team?

    We completed the deployment in-house.

    What was our ROI?

    We have seen a return on investment.

    What's my experience with pricing, setup cost, and licensing?

    There are no additional fees in addition to the standard licensing fees.

    What other advice do I have?

    I would recommend identifying the right metrics to drive the program.

    I would rate Qualys VM an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Qualys VM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Product Categories
    Vulnerability Management
    Buyer's Guide
    Download our free Qualys VM Report and get advice and tips from experienced pros sharing their opinions.