We changed our name from IT Central Station: Here's why

Qualys VM OverviewUNIXBusinessApplication

Qualys VM is #5 ranked solution in top Vulnerability Management tools. PeerSpot users give Qualys VM an average rating of 8 out of 10. Qualys VM is most commonly compared to Tenable Nessus: Qualys VM vs Tenable Nessus. Qualys VM is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 30% of all views.
What is Qualys VM?

Qualys Vulnerability Management (VM) is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest Internet threats and how to protect them. It helps you to continuously identify threats and monitor unexpected changes in your network before they turn into breaches.

Qualys VM was previously known as QualysGuard VM.

Qualys VM Buyer's Guide

Download the Qualys VM Buyer's Guide including reviews and more. Updated: January 2022

Qualys VM Customers

Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx

Qualys VM Video

Qualys VM Pricing Advice

What users are saying about Qualys VM pricing:
  • "We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey."
  • "Qualys is cheaper and more affordable than other solutions."
  • "I used to work there, so I never paid for the product. As an employee, we get a lifetime license for personal use, and that's what I'm using. It is a comprehensive platform, so there is a lot more to it. There could be other solutions that are probably a little bit cheaper, but it depends on what people need. Different people have different needs. It offers many things on the same platform. If you add all the things up, it should be cheaper, but I have not done any analysis specifically."
  • "It is different for every company, but for us, it's every three years."
  • Qualys VM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Senior Security Consultant at a tech services company with 10,001+ employees
    Consultant
    Excellent continuous monitoring, helpful technical support, easy to scale, and simple to install
    Pros and Cons
    • "The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities."
    • "Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems."

    What is our primary use case?

    Qualys' main function is to scan IT systems. It does the scanning of computer systems.

    What is most valuable?

    Continuous Monitoring is excellent because it is entirely dependent on the agent, and the Agent Scan, is also quite good. 

    I also like the asset tagging, asset grouping features, and the dashboard, because we can customize and create our own dashboard. That's quite good. 

    The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities. That is also an excellent module.

    What needs improvement?

    The dashboard itself could be improved, while we can customize it, they can create different tabs where we can see the trending vulnerabilities, how many there are, or how many have been fixed, as in the most recent scan report, so that trend analysis is a little easier.

    Aside from that, the solution itself is fairly generic in nature. What they can do is pretty much customize everything and provide a relevant solution for everything. For example, because Qualys has a Cloud Agent that scans a system's entire inventory. As a result, they can test their use cases to determine whether or not a vulnerability has been confirmed. If they can do so, they can also provide us with a straightforward solution to a specific problem rather than a generic one. That could be one area where they can improve. 

    Qualys does not currently have an IoT, SCADA vulnerability assessment, they can significantly improve their IoT, SCADA, and ICS (Industrial Control Systems) vulnerability assessment technique. When you compare with Tenable SC it has more features than Qualys VM.

    If you see power grids, large oil stations, they fall under SCADA and Industrial Control Systems. These systems are very different from standard IT systems. Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems.

    I believe they can improve on the addition of devices. Assume I have two lakhs of devices that cannot all be added at the same time. For example, if I have two lakhs of devices, and two lakhs of those devices have a Cloud Agent, adding all of those devices at once is not easy. We have to add it 1,000 at a time, which takes a long time when there are two lakhs of assets to add. If we do 1,000 at a time, we'll have to do it for around two lakhs, which is quite difficult.

    They can increase their frequency of working faster, similar to the time constraint they currently have. The second thing they can improve is the addition of assets. They can almost completely automate the process of adding assets, or they can increase the maximum number of assets that can be added in one go. They are only allowed to add 1,000 assets. If I want to add two lakh assets, it will be extremely difficult to do so by adding 1,000, at a time.

    That is a fairly technical issue. Most of the false positives reported by Qualys or the inability to detect a cumulative patch update, if any, are the few things that they can improve and incorporate. 

    As I previously stated, it would be extremely beneficial if they could implement scanning, vulnerability scanning of IoT systems, Industrial Control Systems, and SCADA devices.

    For how long have I used the solution?

    I have been working with Qualys VM for approximately four years.

    We have been using multiple Qualys modules, such as VMDR, Cloud Agent, AssetView, and Continuous Monitoring. The most recent version that we are using is 4.14.

    What do I think about the stability of the solution?

    It's reasonably steady. When we say stable version, there is also room for improvement in that Qualys will not be able to handle large amounts of data at once. When you do billions of scans, such as a scan for millions of devices, it becomes extremely slow, and gathering data and populating the report becomes extremely tedious. 

    What do I think about the scalability of the solution?

    Scalability is quite good. We can pretty much rely on the tool. It is easy to scale. 

    If the organization grows, we can pretty much scale it to most of the areas. The only problem is that they must primarily work on Industrial Control Systems and lightweight devices such as CCTV cameras, and lightweight devices. As a result, they are required to work in that field, otherwise, it is pretty good.

    Based on my previous experience, there were approximately 300 or more users using Qualys in organizations with a population of more than two lakh people. Currently, I see that approximately 400 users are using it, and the size of the organization is significantly larger than the previous one.

    We use this solution daily.

    How are customer service and support?

    Technicals support is pretty good. Since I've been working in this, they've been friendly and straightforward, and we were able to get the most out of them.

    We have suggested areas for improvement, and they have been working on them. They always make a good impression on us.

    Which solution did I use previously and why did I switch?

    As a consultant, I've worked on a variety of projects in a variety of organizations.

    How was the initial setup?

    The initial setup is simple and straightforward.

    What about the implementation team?

    We initially had assistance from the vendor, but once we had a good understanding of it, we scaled it in our organization.

    Which other solutions did I evaluate?

    Because I've been using Qualys for quite some time, I was looking for a comparison of several solutions such as Tenable SC, Rapid7, InsightVM, and Tenable Nessus. I was curious to know if there were any other tools that were better than Qualys.

    I was looking for more information about Tenable SC and wanted to compare it to Qualys in more detail, with parameters such as, how the false positives are detected in Tenable SC and how good it is in comparison to Qualys. In a similar manner, in comparison to Qualys, we learn about its usability, interface, and how user-friendly it is. Those are the few things I was looking for, and I'm still looking for more information about Tenable right now.

    What other advice do I have?

    They have the ability to improve SCADA. SCADA stands for Supervisory Control and Data Acquisition, and IoT stands for Internet of Things scanning.

    Recommending this solution would depend on the organization, the requirements, and the devices they have.

    For a typical IT system, it is very good to go with this solution. Microsoft, Deloitte, and the majority of organizations still use it, it is pretty much good to go. But, once again, it is entirely dependent on how the organization is, what type of devices they have, and what kind of scans they would like to have, it is entirely dependent.

    In a broad sense, it is a good solution to go with.

    I would rate Qualys VM an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Cyber Security Director at a manufacturing company with 10,001+ employees
    MSP
    Top 20
    Reliable with good technical support and good stability
    Pros and Cons
    • "The initial setup is straightforward."
    • "The solution is a bit expensive if you do not have access to discounts."

    What is our primary use case?

    We primarily use the solution for full enterprise visibility from both an asset detection perspective and vulnerability detection perspective. Basically, we are tracking all the devices over agents, including PCs and servers, et cetera. 

    We are able to understand what our current situation is on the devices. At the second stage, we are able to catch the devices which do not have agents or which are not in the inventory, with on-premise scanners. 

    We are running security configuration hardening assessments or compliance with CIA security benchmarks. 

    In addition to that, we are also utilizing the cloud assessment solution of the Qualys, to ensure compliance with CIA security standards. For example, the Amazon cloud platform is configured compliantly with the CIA security benchmark. These are the four pillars utilized.

    What is most valuable?

    The prioritization mechanism is the most valuable aspect of the solution.

    The initial setup is straightforward. 

    Technical support is great.

    The stability and reliability are good.

    What needs improvement?

    The user experience, the UI, needs to be improved. The technology is there and it is obvious it is able to do many things, however, from a user experience perspective, the UI design is a bit complicated. If the platform could have a bit more of a user-friendly environment, it could be easier for the admins and analysts to use it.

    The solution is a bit expensive if you do not have access to discounts. 

    From a general perspective, SLA tracking capabilities could be improved with a building method. There was a tracking method to be able to see if this vulnerability for a while or maybe it was patched. However, an internal SLA mechanism could help with batch prioritization and issue detection. 

    I'd rate the solution at a nine out of ten.

    For how long have I used the solution?

    I've been using the solution for six months. I've used it for less than a year now. 

    What do I think about the stability of the solution?

    The solution is stable. The passive scanning capabilities are advanced. I'm able to see all the missing paths and many vulnerabilities or many configuration mistakes at the same time. Due to its passive scanning, we don't see any stress or research consumption from agents.

    Network scans are a bit more intense and they of course require research and can create some noise, however, for the most part, it is okay. There is no reliability issue from our perspective.

    What do I think about the scalability of the solution?

    I haven't really tried to scale the solution and therefore cannot really speak to it. We do have some activities happening on there, however, I'm not ready to provide feedback for the results. It's my understanding, however, that the API extensibility is great. I've just not seen anything yet that I can really comment on.

    How are customer service and technical support?

    Technical support is pretty good. It is very easy to get support from the global team, at least for us. We don't depend on local partners, which is great due to the fact that, whenever you are acting in 10 or 11 countries, local partners can be an issue. The language barriers, et cetera, can be an issue. That's why it is great to have responsible global support.

    How was the initial setup?

    The initial setup was very straightforward. We just deployed the agents and everything went very smoothly. There were no big issues.

    What's my experience with pricing, setup cost, and licensing?

    We pay a yearly fee for a license. 

    They have very good discounts. That's why the price is okay for us. Generally, if we talk about the price without discounts, I do see a big peak in vulnerability management solutions licenses. It is not only Qualys. All the vendors peaked at some point. 

    We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey. There's room to improve, however, I believe they're managing things with discount offerings. I'm saying this not only for Qualys. All the vulnerability management solutions do the same thing price-wise.

    Which other solutions did I evaluate?

    We did evaluate other solutions. We looked at most other vulnerability management solutions.

    What other advice do I have?

    We are just a customer and end-user.

    We are using the latest version of the solution. I cannot speak to the exact version we are using, however. 

    We are using both the on-premises and cloud deployment models. We have on-premise sensors and we have a scan-over cloud service from Qualys. Qualys cloud has a scanning capability for pairing sensors, for scanning an external perimeter. Therefore, we are utilizing that and agents as well.

    I'd recommend the solution.

    If anybody looks forward to first perimeter security, if any conceptual work is done around perimeter security, they have to solve that agent issue first for their program. Companies need to select a solution that can work wherever the PC is. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Learn what your peers think about Qualys VM. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    565,689 professionals have used our research since 2012.
    AVP - Information Security at a financial services firm with 10,001+ employees
    Real User
    Top 20
    Easy to use and scalable but needs to be priced more competitively
    Pros and Cons
    • "It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily."
    • "Sometimes we face a problem with accessing the tool and not getting an expected result. From a technology point of view, they need to look into this."

    What is our primary use case?

    We're primarily using the solution for vulnerability assessment of internal server as well as the external server.

    What is most valuable?

    The solution, overall, is very useful for our organization.

    It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily.

    What needs improvement?

    Sometimes we face a problem with accessing the tool and not getting an expected result. From a technology point of view, they need to look into this. 

    They need to consider how they can improve tool usability and different scanning options. 

    Sometimes we are facing issues while performing a scan and things are not correctly shown on the GUI. Even as we are doing a task, it may show up as completed, and then something is not visible. Sometimes we face other technical problems. For example, sometimes we can't go to the next page. It's limiting any positive results.

    The solution needs to be easier to understand and configure.

    The pricing is a bit on the higher side compared to other products in the industry.

    For how long have I used the solution?

    I've been dealing with the solution for the last five or six years now. It's been a while.

    What do I think about the stability of the solution?

    I haven't had any issues with stability. It's been okay.

    What do I think about the scalability of the solution?

    I don't see any issues with scalability. When we do multiple IP scans, when we require an increase in the number of IPs, we won't have any problem doing so.

    How are customer service and technical support?

    The technical support has been fine. We're getting the required support we need when we need it. I'd say we're pretty satisfied in that regard.

    What's my experience with pricing, setup cost, and licensing?

    I find the pricing to be a bit high, especially compared to the competition.

    Which other solutions did I evaluate?

    While we didn't evaluate other options previously, currently, we are looking at all sorts of vulnerability management solutions and that's including Kenna and RiskSense. 

    Although Qualys has come up with the model, I've not really looked that far into their other offerings. There is the possibility of upgrading the model on the part of vulnerability management. We'll see if we change solutions or decide to upgrade instead.

    We've also looked at Tenable, which is easier to understand and configure.

    What other advice do I have?

    We are a Qualys customer. We aren't a reseller or partner.

    Overall I'd rate the solution seven out of ten.

    We are currently looking at other options, to see if there's a better solution out there. This one has pretty good technical support and is easy to use, however, there are other issues associated with it.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Network and security Pre-sales Engineer at a tech services company with 51-200 employees
    MSP
    Top 20
    A reliable, affordable, safe, scalable, and easy-to-use solution for vulnerability management and policy compliance
    Pros and Cons
    • "There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features."
    • "Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching. They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework."

    What is our primary use case?

    We are a system integrator. We implement Qualys for our customers for vulnerability management and policy compliance. We are not using Qualys as a product in our company. We have public, private, and hybrid cloud as well as on-premises deployments.

    What is most valuable?

    There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features.

    What needs improvement?

    Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching.

    They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework. 

    For how long have I used the solution?

    I have been using this solution for three years.

    What do I think about the stability of the solution?

    Qualys is a reliable, strong, and solid product. 

    What do I think about the scalability of the solution?

    It is scalable. The main advantage of Qualys is that it is a cloud-based solution because of which you can scale it up or down according to your needs. It is very quick and flexible.

    How are customer service and technical support?

    Because we are in the Middle East, we deal with the office in Dubai. You cannot imagine how supportive they are. They are amazing in their response.

    How was the initial setup?

    The initial setup was easy. It has great hardware. Its deployment was easier than Rapid7, which is a bit complicated. Tenable is less complicated, but Qualys is faster and easier to deploy than Tenable. 

    I deployed Qualys in two hours. It is easy to install, manage, and go through. There are multiple tabs, and everything is understandable.

    What's my experience with pricing, setup cost, and licensing?

    Qualys is cheaper and more affordable than other solutions.

    What other advice do I have?

    I would recommend Qualys because it is a reliable, affordable, and very safe product. It can have everything that you are looking for.

    I would rate Qualys VM an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Anusha Patnaik
    IRM Technical Consultant at Shell Exploration & Production Co.
    Real User
    Top 20
    Vulnerability scanner with good dashboard presentation and clear reporting
    Pros and Cons
    • "What I like about Qualys VM is the dashboard presentation. It's very good."
    • "The customer support is very bad."

    What is our primary use case?

    The primary use cases of this solution are as a scanner. We use it with Azure and AWS. For on-premises, we use physical scanners all over the globe. We have deployed our external scanners in approximately 70 regions.

    What is most valuable?

    What I like about Qualys VM is the dashboard presentation. It's very good.

    The reporting capability and executive reporting are very good.

    What needs improvement?

    Customer support needs to be improved because it was not to our SLA standards.

    Suddenly, the scan engine will go down. We don't know what the reason is, or how it goes down. Because of that, the business is impacted.

    I had a look at the PCI reports  (policy compliance reports) and I have heard that most memberships have been taken by Azure, although I was not aware of that. I would like to see more documentation or awareness.

    For how long have I used the solution?

    I have worked with Qualys VM for the last two years.

    What do I think about the stability of the solution?

    This solution is stable.

    What do I think about the scalability of the solution?

    The scalability is good.

    How are customer service and technical support?

    The customer support is very bad. When we submit a ticket, we do not get a response immediately.

    Which solution did I use previously and why did I switch?

    Previously, I have used Rapid 7 Nexpose. They are similar solutions although what Qualys is providing, it provides well but requires less. Qualys reporting is better.

    Nexpose has upgraded too, and now their reporting is also very good.

    How was the initial setup?

    The initial setup was straightforward and we didn't have any issues with it.

    What other advice do I have?

    If you are comparing Nexpose and Qualys, I would prefer Qualys. The UI is good and whatever reports you are getting, are very clear. If you present it to management, the reports are good. They require an executive report that highlights the vulnerability and how many servers are affected. You can customize it also.

    Nexpose is coming out with new features, but Qualys has already implemented them.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Chief Information Officer/Senior Vice President at a tech services company with 51-200 employees
    Real User
    Top 5
    Helps prioritize which security patches need to be deployed on specific equipment
    Pros and Cons
    • "The prioritization feature is great. I think it has all of the advanced features that we need."
    • "It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution."

    What is our primary use case?

    It's used for vulnerability assessments, assessment of IT equipment, PCs, servers. It's supposed to help prioritize which security patches need to be deployed on that equipment.

    What is most valuable?

    The prioritization feature is great. I think it has all of the advanced features that we need.

    What needs improvement?

    It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution. So far, we've been pretty happy about it. Nothing comes to mind that is negative.

    Given that it's really new, we're really trying to use all of the features and get a good comfort level and gain more experience in it. For this reason, I can't speak negatively of it, yet.

    For how long have I used the solution?

    We've been using Qualys for roughly six to seven years, but we've only been using Qualys VMDR for a few months.

    What do I think about the stability of the solution?

    Qualys VMDR is very stable.

    What do I think about the scalability of the solution?

    Qualys VMDR is definitely scalable.

    How are customer service and technical support?

    They provide a lot of free virtual training to really understand the technology and the solution. That's a plus for them.

    Which solution did I use previously and why did I switch?

    I used to work with QualysGuard VM — an older version. The earlier version didn't have the detection response that we needed, that's why this time it has the detection response. VMDR is the evolution of the solution.

    How was the initial setup?

    The initial setup was pretty straightforward. Deployment was quick.

    What about the implementation team?

    We implemented this solution ourselves.

    What other advice do I have?

    Overall, on a scale from one to ten, I would give this solution a rating of eight. For us, it's just more of gathering more experience. The more we learn, I think we'll appreciate it, and then maybe from that point, we'll be able to say it's a nine, or a ten. It's more on us versus the solution.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Director for global support at a tech vendor with 1,001-5,000 employees
    Real User
    A comprehensive, scalable, and easy-to-deploy platform with a nice UI
    Pros and Cons
    • "The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities."
    • "Certain integration factors between different options could be improved."

    What is our primary use case?

    It is for vulnerability management. I used it in my previous company, and I also used it for my home network.

    It is a SaaS platform. So, there is always the latest version.

    What is most valuable?

    The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities.

    What needs improvement?

    Certain integration factors between different options could be improved.

    For how long have I used the solution?

    I worked with this solution for two years. 

    What do I think about the stability of the solution?

    Its stability and performance are good.

    What do I think about the scalability of the solution?

    People use it for hundreds and thousands of assets, so it is definitely scalable.

    How are customer service and support?

    I used to run technical support there. So, I didn't need to go for support.

    How was the initial setup?

    It is easy and straightforward to set it up. It takes 5 to 10 minutes to set up a new asset.

    What's my experience with pricing, setup cost, and licensing?

    I used to work there, so I never paid for the product. As an employee, we get a lifetime license for personal use, and that's what I'm using.

    It is a comprehensive platform, so there is a lot more to it. There could be other solutions that are probably a little bit cheaper, but it depends on what people need. Different people have different needs. It offers many things on the same platform. If you add all the things up, it should be cheaper, but I have not done any analysis specifically.

    What other advice do I have?

    It is a good product. I would recommend it to others. It had whatever I needed for my personal use case. There are a lot of features that I have not explored. Some of the features are applicable for corporate networks, and they can't be used for personal use cases.

    I would rate it a nine out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Sr. Manager, Vulnerability Management at a transportation company with 10,001+ employees
    Real User
    Top 20
    User-friendly, supports multiple platforms, and the VM DR capabilities are helpful
    Pros and Cons
    • "The features that are most valuable are the identification, scan features, and the identification of vulnerabilities."
    • "I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities."

    What is our primary use case?

    We are using Qualys VM, as our scanner tool. We also use it for Application Security and Policy Compliance.

    We use it for the identification of vulnerabilities for all of our devices on the network. This includes Windows workstations, servers, and Linux machines. We also use it for cloud, and external use as well.

    What is most valuable?

    The features that are most valuable are the identification, scan features, and the identification of vulnerabilities. Recently, the VMDR additions and the threat protection has been useful.

    It's pretty user-friendly.

    What needs improvement?

    The Patch Identifications, which are supersedence identifications, need improvement.

    I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities. These are things that are definitely needed.

    For how long have I used the solution?

    I have been using Qualys VM for more than 15 years.

    We are using the latest version.

    VMDR was added in July with newer enhancements.

    What do I think about the stability of the solution?

    It's a stable solution.

    What do I think about the scalability of the solution?

    It's very scalable for large networks. We have also used the agents and they work very well.

    I have a team of five in our organization and external to it, there are approximately twenty-five.

    How are customer service and technical support?

    We engage with technical support often. There could be some improvements made.

    How was the initial setup?

    The initial setup is straightforward.

    What's my experience with pricing, setup cost, and licensing?

    It is different for every company, but for us, it's every three years. I will know more about the pricing in September because we are going to be looking at our pricing again.

    We get a large volume discount, which is good.

    What other advice do I have?

    I would recommend this product to others who are interested in using it.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Product Categories
    Vulnerability Management
    Buyer's Guide
    Download our free Qualys VM Report and get advice and tips from experienced pros sharing their opinions.