Qualys VM Room for Improvement
Senior Security Consultant at a tech services company with 10,001+ employees
The dashboard itself could be improved, while we can customize it, they can create different tabs where we can see the trending vulnerabilities, how many there are, or how many have been fixed, as in the most recent scan report, so that trend analysis is a little easier.
Aside from that, the solution itself is fairly generic in nature. What they can do is pretty much customize everything and provide a relevant solution for everything. For example, because Qualys has a Cloud Agent that scans a system's entire inventory. As a result, they can test their use cases to determine whether or not a vulnerability has been confirmed. If they can do so, they can also provide us with a straightforward solution to a specific problem rather than a generic one. That could be one area where they can improve.
Qualys does not currently have an IoT, SCADA vulnerability assessment, they can significantly improve their IoT, SCADA, and ICS (Industrial Control Systems) vulnerability assessment technique. When you compare with Tenable SC it has more features than Qualys VM.
If you see power grids, large oil stations, they fall under SCADA and Industrial Control Systems. These systems are very different from standard IT systems. Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems.
I believe they can improve on the addition of devices. Assume I have two lakhs of devices that cannot all be added at the same time. For example, if I have two lakhs of devices, and two lakhs of those devices have a Cloud Agent, adding all of those devices at once is not easy. We have to add it 1,000 at a time, which takes a long time when there are two lakhs of assets to add. If we do 1,000 at a time, we'll have to do it for around two lakhs, which is quite difficult.
They can increase their frequency of working faster, similar to the time constraint they currently have. The second thing they can improve is the addition of assets. They can almost completely automate the process of adding assets, or they can increase the maximum number of assets that can be added in one go. They are only allowed to add 1,000 assets. If I want to add two lakh assets, it will be extremely difficult to do so by adding 1,000, at a time.
That is a fairly technical issue. Most of the false positives reported by Qualys or the inability to detect a cumulative patch update, if any, are the few things that they can improve and incorporate.
As I previously stated, it would be extremely beneficial if they could implement scanning, vulnerability scanning of IoT systems, Industrial Control Systems, and SCADA devices.View full review »
Information Security Manager at a outsourcing company with 51-200 employees
They're still evolving their platform in terms of reporting capabilities. Every time they make a change, it's not always super smooth, and it's a little quirky with bugs sometimes. That said, they've been really responsive at helping resolve issues that we find. We've got a pretty close relationship with them and our account managers there. We’re working on it.
Cyber Security Director at a manufacturing company with 10,001+ employees
The user experience, the UI, needs to be improved. The technology is there and it is obvious it is able to do many things, however, from a user experience perspective, the UI design is a bit complicated. If the platform could have a bit more of a user-friendly environment, it could be easier for the admins and analysts to use it.
The solution is a bit expensive if you do not have access to discounts.
From a general perspective, SLA tracking capabilities could be improved with a building method. There was a tracking method to be able to see if this vulnerability for a while or maybe it was patched. However, an internal SLA mechanism could help with batch prioritization and issue detection.
I'd rate the solution at a nine out of ten.View full review »
Assistant Manager Solutions at Mutex Systems Pvt. Ltd.
The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release.
I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement.
This solution could be improved by extending the agent capabilities to different operating systems including Mac and Linux. We would also like the capability to easily check for vulnerability in assets in the IOTs.
They have been adding additional features such as attack surface monitoring and intelligence to help managers detect additional risks. Adding intelligence is one of the most important features that we need.
Network and security Pre-sales Engineer at a tech services company with 51-200 employees
Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching.
They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework.View full review »
They have everything covered as far as features are concerned, but Qualys should improve their customer experience. They need to improve the tech support experience and the turnaround time.View full review »
Endpoint stability and fault resolution could be improved.
I would like to see the solution's footprint expanded to include iOS and iPads in the next release.
One example of how it could be better would be better handling of end-of-life systems and better feedback on job failures.View full review »
Chief Information Officer/Senior Vice President at a tech services company with 51-200 employees
It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution. So far, we've been pretty happy about it. Nothing comes to mind that is negative.
Given that it's really new, we're really trying to use all of the features and get a good comfort level and gain more experience in it. For this reason, I can't speak negatively of it, yet.View full review »
Director for global support at a tech vendor with 1,001-5,000 employees
Certain integration factors between different options could be improved.View full review »
Sr. Manager, Vulnerability Management at a transportation company with 10,001+ employees
The Patch Identifications, which are supersedence identifications, need improvement.
I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities. These are things that are definitely needed.View full review »
Global Infrastructure Architect at a energy/utilities company with 5,001-10,000 employees
We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at.
In general, I would like to see some better analytics and prioritization of vulnerabilities.View full review »
Manager, Info Security Planning & Architecture at a comms service provider with 10,001+ employees
Sometimes the scanning can get overwhelmed and start to drag when a lot of users are trying to scan at once. I think cloud-based solutions like Qualys VM should be prepared to throw more resources in to ensure they don't get overwhelmed like this.View full review »
Senior Consultant at a tech services company with 11-50 employees
Some of the older features could be polished instead of focusing on releasing new features.View full review »
Senior Cyber Security Specialist at a tech services company with 1,001-5,000 employees
The reporting and the GUI need improvements. Tenable dominated in these two areas: reporting and graphical user interface.View full review »
Consultant at a tech services company with 11-50 employees
I'd like to see additional security for the app. The product lacks integrations for third party solutions or automation integration for other tools.
Technical Architect at a outsourcing company with 1,001-5,000 employees
Qualys VM's scanner doesn't pick up every vulnerability, so we have to use multiple scanners to cover that gap. Their reporting could also be more user-friendly. In the next release, I would like Qualys to include basic policy and compliance checks in the basic licensing.View full review »
Senior Vice President | Information Security at a financial services firm with 1,001-5,000 employees
I felt hindered sometimes within reports in that they were lacking somewhat on the customization side in terms of making use of the data. The cloud user interface could be a little more responsive. It was a click and then a wait.
GM Network Information Security at a tech services company with 1,001-5,000 employees
The reporting and dashboards could improve in Qualys VM. However, they have improved since the previous versions.View full review »
Consultant at a media company with 51-200 employees
The ability to manage user accounts and give rights to the operator to know about abnormalities of applications is something that needs improvement.
The pricing is also expensive.
Qualys VM should improve its methodology.View full review »
Qualys does have an on-prem solution, but it is very expensive.View full review »