Qualys VMDR Valuable Features
Qualys VMDR provides a real-time response and reporting feature, which is excellent. It allows us to see real-time graphs and reports for every asset, server, and more, which is very user-friendly.
Our clients have given good feedback, and they are satisfied with the tool. We use it daily to fix vulnerabilities by connecting with infrastructure to remediate. The feedback from the client side is very good.
View full review »Qualys VMDR offers a one-stop solution for monitoring and reporting. The UI is straightforward and user-friendly, and even beginners can master it in a day.
It allows for simplicity in understanding issues and generating reports for clear visibility. The benefits of task division among teammates and the ability to work together without delays were significant.
View full review »What I find valuable about Qualys VMDR is the capability of the tool and its user-friendliness. It is easy to use and provides accurate results, which is exactly what we are looking for. The prioritization of vulnerabilities has improved our remediation efforts by around thirty to thirty-five percent. The tool's integration between Patch Management and other Qualys products is also indispensable.
View full review »Buyer's Guide
Qualys VMDR
June 2025

Learn what your peers think about Qualys VMDR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,687 professionals have used our research since 2012.
LG
Lakshay Grover
Works at a tech consulting company with 10,001+ employees
Compared to other tools, VMDR provides a clearer view and is easy to understand. It's also highly customizable, allowing us to tailor it to our needs. I find it to be better than tools like Belwix, Rapid7, and Tenable.
For asset management, there's a feature that tracks unused machines and purging mechansim. It informs us if a machine hasn’t been used for 180 days, or if it’s been idle for 368 days, allowing us to segregate the data. This reduces our active vulnerability count, which improves tracking and helps us provide more accurate information to customers. It gives more active grip on the information.
With continuous monitoring, we can customize dashboards according to customer needs. Whether they require reports on a daily, weekly, or quarterly basis, we can set up the dashboard to display the relevant data. It's essential to understand their requirements and adjust the Qualys Query Language (QQL) accordingly. A solid grasp of QQL is a plus when working with Qualys.
View full review »First of all, the licensing products itself is a great tool for VM because it's easy to use, and its reporting is excellent. It gives you a lot of ability and tweaking options to get what you want out of the reports. It gives you a lot of options, and it integrates with our ServiceNow for ticketing and all. So that is also a great feature. Then, the licensing that comes with VMDR enables us to scan different devices without getting any sort of extra license. So, it covers everything under one bundle.
It's the capability of scanning that has proven to be most effective in the risk management aspect. The less number of false positives and the authenticated basic scans are more concrete. So, the reliable reports and the efficiency of scans are something that we appreciate with all of this.
So, it does reduce those false positives and gives us a more concrete report.
View full review »In Qualys VMDR, there are multiple valuable features such as Continuous Monitoring, SFU Connector, and WebVPN. Continuous monitoring is a crucial feature that we use more frequently.
View full review »The most valuable feature is the vulnerability assessment. Qualys VMDR is precise in its assessments and categorizes vulnerabilities by severity from one to five. Additionally, they provide detailed reports and possible remediation steps, such as updating from Java version 3.4 to a more secure version.
View full review »Cloud Agents: lots of control available and very trouble-free. It pulls all systems information, including installed software and open ports. It's very configurable to adjust impact to systems.
Connectors: Pulls all the cloud information per account and helps to build a CMDB. Qualys connectors do some control evaluations to help manage these accounts.
Global Asset View (GAV): With the ability to establish dynamic tagging and perform queries GAV has become a very valuable research tool to our teams.
View full review »The most valuable features of Qualys VMDR include CSAM, Qualys Gateway Service, Web Application Scanning, patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors.
The ability to run a map scan and identify all assets within our network is extremely beneficial for medium to large organizations. Real-time asset discovery and patch management have also been vital features for us.
View full review »The best features of Qualys VMDR are its patch management capabilities and the ability to mitigate vulnerabilities automatically. The report export feature allows us to see how many incidents have been mitigated and which ones still need attention. The compliance dashboard helps us track and fix threats efficiently, ensuring all machines comply with security standards.
View full review »RN
Nabanita Roy
JMS, RPSG Ventures Limited at RP Sanjiv Goenka Group
The most helpful and useful features of Qualys VMDR are its user-friendly design.
Qualys VMDR is easy to understand and provides detailed reports.
It impacts my workflow overall, with the patch management features as it has the missing patches listed in detail, making it easier to get a comprehensive report and providing some dashboards that offer visual representation.
View full review »The platform's most valuable features include its robust vulnerability detection capabilities and automated remediation workflows. These features not only help us identify vulnerabilities promptly but also enable us to prioritize and remediate them efficiently.
View full review »The product's patch management is excellent for keeping our critical servers and third-party applications updated efficiently.
View full review »SV
Saivarun Varun
IT Team Lead at a consultancy with 10,001+ employees
The most valuable feature is the QID part, especially of CentralList, which makes it easy to assess new critical vulnerabilities. It saves a lot in assessing and prioritizing risks to the organization.
View full review »The product has multiple valuable areas. The process of defining and discovering scans is organized efficiently. It has an effective tagging system and authentication mechanism compared to other tools. Its integration with AD helps us a lot. Additionally, I like the report generation feature.
View full review »I find the solution's dashboard interesting since we get a proper view to streamline our findings and assist in prioritizing the schedule for patching or any other related incidents we believe have already been worked on.
The knowledge base is the most impressive feature because it provides quick research results and coverage of all vulnerabilities. Additionally, the real-time threat detection feature provides quick responses to threat findings.
View full review »The most valuable features are vulnerability detection, patching capabilities, and remediation. Cloud security posture management is also very valuable. I find these features valuable because getting a unified view of your cloud security posture across different environments is not always easy. For example, you might have most of your resources sitting in Azure, but you might have a couple of workloads in AWS. Naturally, there are different tools that report on that, so it's invaluable to have those pulled into a single dashboard so you can drive your remediation from a single platform.
View full review »The most valuable feature is the asset view where I can find individual assets and take a deeper dive into their information gathering section, potential vulnerabilities, and confirmed vulnerabilities. I also value the scheduling of scans and reports as per the desired timeframes.
View full review »I like the automated report generation and vulnerability report generation.
View full review »The most valuable feature of the solution is the external channel. The cloud-based channel within the AWS, which we implement accordingly.
The vulnerability cycle feature of the solution is valuable.
Almost all of the features are great. We use Qualys for vulnerability scanning of servers and web application scanning. These are the two prominent features that we often use.
The initial setup is very straightforward.
It's stable and quite reliable.
The product can scale.
Technical support is helpful, and the product provides a good amount of training.
View full review »The reporting functionality is great. The most prominent feature that made us move from Nessus Professional was the scanner-based scanning to the Qualys agent-based scanning to move to work from home and remote.
If somebody's not connected to the network, you're not going to catch them with an appliance-based scan. However, if you have the agent on, as long as they're on the network, they're constantly checking in and constantly scanning.
It's more accurate and effective to get a picture of what the vulnerabilities are in a more distributed workforce.
The reporting capabilities that are available in Qualys are a work in progress. I know they're still evolving, and it's not always perfect. However, we only have so much flexibility to pinpoint a specific thing that we want to follow or monitor across all of our clients. We can set it up in a dashboard or report and do it quickly.
View full review »Qualys has a continuous endpoint monitoring feature for agent-based scanning. Once you deploy the solution, it monitors everything that is happening every 30 minutes. Then, if there are any vulnerabilities, they are reported. Plus, the dashboards are amazing. There are so many dashboards and things in the console that you can explore, which I think other solutions, Tenable.io for example, are still working on.
View full review »The most valuable feature is the ability to run different capabilities with the same agent. With only one agent, we can have EDR, vulnerability management, compliance and some basic SaaS security capabilities.
View full review »DJ
DivyaJyoti
0
I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made.
The asset inventory management feature has improved our security posture, which is good. It was introduced recently, and we've just started using it. In terms of management, I believe it's better than what we were using before.
Qualys VMDR is good at handling vulnerability management trends, especially with its policy module. Qualys VMDR offers customizable labels that fit the organization's needs, unlike other tools. This is important for enhancing security and meeting compliance requirements.
View full review »The solution's best features are scanning and vulnerability management. By using them, we can obtain all critical reports.
View full review »AZ
AvaisZaidi
Assistant Manager Solutions at Mutex Systems Pvt. Ltd.
I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned.
I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first.
I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report.
The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile.
View full review »The most valuable feature is automation.
View full review »It's really beneficial for scanning and interacting with the agent.
View full review »Qualys VM's most valuable feature is automatic detection.
View full review »Continuous Monitoring is excellent because it is entirely dependent on the agent, and the Agent Scan, is also quite good.
I also like the asset tagging, asset grouping features, and the dashboard, because we can customize and create our own dashboard. That's quite good.
The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities. That is also an excellent module.
View full review »JT
Jerome TOUTEE
Former Employee of Orange Business Services as Head of Security Engineering at a comms service provider with 5,001-10,000 employees
The solution is easy to use and has many essential features. I found the concept of tags the most valuable feature. It allows us to build assets from different views. We can categorize systems with tags, either automatically or manually.
View full review »I am impressed with the VMDR feature.
View full review »We generally analyze everything at the OS level and application level, including the open ports, the OS, and older versions, including the packaged versions. We generate the scan, and then we generate the report, and then we will issue it to the application teams to clear off those.
We have Java remediation happening, and if Java has, for example, multiple versions and when I run the scan, it is going to identify all Java versions that are really vulnerable so you can fix them. Therefore, it helps keep things secure and up-to-date.
The reporting is good. We give reports to the application teams and we will ask them to either fix or remove applications. Once that is done, then we will read the scan, and if it comes back that we don't have any critical, we are assured of good safety.
The solution shows us classic categories, including high, medium, and low risks. It also shows critical items, and that gives us the advantage of prioritizing things.
It's very clear on what components need to be fixed.
The initial setup is straightforward.
It's stable.
Technical support is helpful.
View full review »Qualys makes us proactive in terms of handling patching and effective when it comes to scanning out network.
I like the Qualys Cloud Agent because it's very easy to use. It has a low impact and is supported on Windows, Linux, and others. I deploy process scanners, which are usually connected to core switches so customers can replicate all the connections. Almost all our customers try to use the agents because they're already installed and integrated into the cloud and communicate with Qualys management. There are no problems and it's really better than using some virtual appliance to scan the various kinds of assets. Qualys has a lot of information and it's great to integrate with the Central Management Database.
AL
AntonyLai
Sr Security Engineer at a tech services company with 10,001+ employees
Qualys VM's best features are vulnerability management and customizable scoring.
View full review »The prioritization mechanism is the most valuable aspect of the solution.
The initial setup is straightforward.
Technical support is great.
The stability and reliability are good.
View full review »Qualys is a well-known name in the market and we use it for different scenarios. We also like the flexibility in their licensing.
View full review »The Vulnerability Management and Patch Management features are the most valuable features of this solution.
The most valuable qualities of Qualys VM are its ease of deployment and metrics.
View full review »The most valuable features are vulnerability scanning, policy compliance scanning, and tablet for web application scanning.
View full review »AH
ASHRAF ALI HASSAN
Senior Manager Network Design at MEEZA, Managed IT Services Provider
The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe. It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment
View full review »This is one of the best products I have worked with so far. I like the power of Qualys, and it's a better solution because you can scan a compact file, a BIT file, or batch files. The product already knows what's happening inside, and you don't need to expand the package. Tenable will do the same thing, but you need to have a package issuance claim. With Qualys, we can immediately understand the file, even a compact file. If there's some kind of discovery or incident, you will know what happened in the environment.
View full review »I found the solution quite intuitive and easy going. I have worked with other similar tools and found this simple to use.
NS
Nagaraj Sheshachalam
Lead Cyber Security engineer at a manufacturing company with 10,001+ employees
I think it's a good tracking mechanism, and it gives a good infrastructure level scan, which helps us to maintain the assets and the asset inventory or gives us a good understanding of both.
It gives a very good overview of the inventory assessment process.
IT Manages assets in your account that you want to scan for security and
compliance, define asset tags and AWS connectors.
Modules supported
VM, PC, SCA, CERTVIEW, CLOUDVIEW
It can be accessed across our company because it's a global tool.
View full review »The features that are most valuable are the identification, scan features, and the identification of vulnerabilities. Recently, the VMDR additions and the threat protection has been useful.
It's pretty user-friendly.
View full review »What I like best about this product is that it does what it is supposed to do, which is vulnerability scanning.
View full review »The solution, overall, is very useful for our organization.
It is very easy to use and there are lots of options. We can usually easily go through it and all of the things we want to configure, and we can configure everything to our specifications very easily.
View full review »What I like about Qualys VM is the dashboard presentation. It's very good.
The reporting capability and executive reporting are very good.
View full review »The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities.
View full review »Qualys VM's best features are its machine-learning-backed intelligence, real-time inventory of vulnerabilities, backup, threat intelligence exposure database, and that it doesn't hold on to infrastructure resources like memory.
View full review »The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product.
View full review »Qualys VM had a recent upgrade and the newer version is supporting the cloud.
View full review »The vulnerability management feature is what I used the most. It is a good SaaS product. It is easy to use. It has a nice UI where you can see all the assets and vulnerabilities.
View full review »The prioritization feature is great. I think it has all of the advanced features that we need.
View full review »OO
Omar ORta
Director Transformación Digital at oesia
I like Qualys because it is a very complete product, more so than Tenable. It has vast capabilities.
View full review »HH
Engineer10496
Network and security Pre-sales Engineer at a tech services company with 51-200 employees
There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features.
View full review »I like the solution's web application security for scanning, the solution is flexible with good integration.
maybe compliance monitoring.
View full review »The most valuable feature is that this solution is very lightweight.
View full review »The most valuable features are vulnerability detection and the scanning capability to enable identification of vulnerabilities across our network.
View full review »PK
Piotr Koryczan
Technology Security Expert at T-Mobile Polska (Deutsche Telekom)
The most valuable feature is the certificate management. The reason is the limited license provided by the mother company.
View full review »The way we can maintain a current actual registry of all the IP assets within it is very good. The scanning of software assets on the endpoint machine is also useful. I've tried the scanning of similar asset vulnerabilities throughout different servers, including Unix and Windows. Qualys maintains a good intervention database. We have a service line that updates to the newest software, or whenever you set it up. The second service line has denominated my nodes across the globe. It's easy to deploy the solution.
View full review »The first thing we like is the scanner, the device which checks vulnerability management.
They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability. If there is a new attack, we definitely know that it is happening, what is happening in our environment.
View full review »Patch supersedence.
View full review »The prebuilt CIS templates are very useful.
View full review »We find all of the features useful.
View full review »MW
SecuritySpec783
Information Security Specialist at a manufacturing company with 10,001+ employees
I find most valuable to achieve a channel system and we can also use it to track when we actually close the ticketing of the sites.
In addition, it is quite easy to implement. We found it quite convenient.
View full review »SS
Sujit Sharma
Information Security Engineer at a tech services company with 1,001-5,000 employees
The most valuable features are that it is a simple solution that makes scanning easy. You just give it a scheduled task, and it will do everything for you. The reporting is fine, too. And, the knowledge base is pretty good, too.
View full review »RR
RaghunandanRaju
Senior Vulnerability Analyst at a comms service provider with 10,001+ employees
I find the most valuable features are the continuous monitoring. Even on premises, there is constant monitoring.
View full review »The Qualys Agent is most valuable for getting insight into what is happening on what device with all its metadata.
View full review »From my point of view all the Qualys products are valuable. From the clients' perspective, I believe vulnerability management is the most valuable one and it’s a must in every organization. After the client realize the risks from outside, and that the vulnerabilities are real, a proper compliance policy implementation using Qualys Policy Compliance (I'm using v8.4), the second product needed in any infrastructure, can be done. If the organization has public websites, Web Application Scanning (I'm using v4.1) is the third valuable product needed in an organization.
View full review »- Totally vendor-managed appliance
- Highly scalable and deployable portal interface
- Ability to easily distribute administration functions based on access roles
QualysGuard provides a solution for network security, web application security and compliance.
Vulnerability management and policy/PCI compliance are the features that I have used which I think are the most valuable.
View full review »It gets up to date very fast.
View full review »The vulnerability scanning feature is valuable.
View full review »The feature where the solutions to issues are mentioned in the reports.
View full review »The interface is pretty good, as all the instructions are clear enough. The way you can create groups or scheduling scans and reports is a very good feature, and the CSV reports have very good information.
View full review »- Vulnerability management
- Policy compliance
- Scalability
The fact that it's on the cloud, so there's no configuration whatsoever on my physical machine except for the VM scanner.
View full review »The top one for me is that the vulnerabilities are kept up to date.
View full review »Vulnerability management.
View full review »- Vulnerability assessment
- Asset management
- WAS
The reporting and vulnerability analysis features.
View full review »WAF integration is valuable.
View full review »I have mostly used vulnerability management so I would recommend it for the same.
View full review »
Integrity of scanners; never do I need to worry….“Is this scanner going to bring down a host?”.
View full review »
The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks.
View full review »Qualys VM's best feature is vulnerability management.
View full review »I find the scans portion of VMDR to be valuable. Authenticated scans provide different options, including those using or not using the FactSet and adding option profiles. Another good feature is the Knowledge Base, which provides detailed information on vulnerabilities, period scores, solutions, issues, and mitigation.
View full review »Buyer's Guide
Qualys VMDR
June 2025

Learn what your peers think about Qualys VMDR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,687 professionals have used our research since 2012.