Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time.
Users like Qualys VMDR solution's dashboard, which allows them to streamline findings and prioritize patching schedules. Qualys Cloud Agent is easy to use and low impact. The solution's intelligence is enhanced by machine learning, and Qualys provides a real-time inventory of vulnerabilities. The solution also offers excellent integration as well as robust asset-tagging and grouping features.
Qualys VMDR could add more automated reporting and onboarding. Users say Qualys should do more to address false positives and false negatives while expanding agent support more for operating systems and devices. Some users say the UI design and user experience could be overhauled, and they suggested improvements to IoT scanning. Others requested more customization options and additional IoT, SCADA, and ICS vulnerability assessment capabilities.
Qualys VMDR provides a positive return on investment by reducing risks, identifying vulnerabilities, and helping companies upgrade their networks and apply patches. The latest version's patching capability has been particularly useful. Quantifying the exact ROI is challenging because the tool does not directly generate revenue.
Some reviewers find Qualys VMDR reasonable and competitively priced, while others consider it expensive. The license is based on the number of endpoints and specific modules or features being used. Some reviewers mention additional fees for advanced solutions or extra features like web scanning. The pricing is flexible and can be customized based on the customer's needs. Discounts are available, and users can opt for annual licenses or a pay-as-you-go model with flexibility in pricing.
The primary use case of Qualys VMDR is vulnerability management, including identifying and prioritizing potentially vulnerable assets, conducting vulnerability scans, and advising organizations on patching and remediation. It is used across various platforms such as cloud, physical interfaces, endpoints, and log servers. The solution also supports asset management, network scanning, web application scanning, and compliance management. Qualys VMDR is utilized by information security teams, infrastructure security consultants, and managed service providers. It offers a comprehensive suite of features for enterprise visibility, vulnerability detection, and security configuration management.
While there are a few negative reviews suggesting that it could be faster or more skilled, Qualys support is considered good and readily available. Some users have said that Qualys support suggests things they already know or provides generic answers. Others described technical support as excellent and responsive. Reviewers appreciated the dedicated Qualys team's assistance during implementation and the support they offered in the form of training and labs.
The initial setup for Qualys VMDR has been described as easy and not overly complex. Some users mentioned that it took one month to complete the setup process, while others could set it up in under a week. The deployment depends on factors such as the number of networks and domains involved. A few users reported challenges, such as integration issues and the need for data privacy enablement.
Qualys VMDR is seen as a scalable and flexible solution that can meet the needs of different organizations and handle a large number of assets. Users have reported successfully using the solution with upwards of 50,000 users. The tool is described as easy to expand, allowing for the addition of more resources as needed. However, some reported challenges with scalability when it comes to reporting and dashboards, particularly when adding more clients.
The users generally find Qualys VMDR to be stable, but a few users mentioned that the reporting platform can sometimes be buggy.
Qualys VMDR offers an all-inclusive risk-based vulnerability management solution to prioritize vulnerabilities and assets based on risk and business criticality. VMDR seamlessly integrates with configuration management databases (CMDB), Qualys Patch Management, Custom Assessment and Remediation (CAR), Qualys TotalCloud and other Qualys and non-Qualys solutions to facilitate vulnerability detection and remediation across the entire enterprise.
With VMDR, users are empowered with actionable risk insights that translate vulnerabilities and exploits into optimized remediation actions based on business impact. Qualys customers can now aggregate and orchestrate data from the Qualys Threat Library, 25+ threat intelligence feeds, and third-party security and IT solutions, empowering organizations to measure, communicate, and eliminate risk across on-premises, hybrid, and cloud environments.
Qualys VMDR was previously known as Qualys VM, QualysGuard VM, Qualys Asset Inventory, Qualys Container Security, Qualys Virtual Scanner Appliance.
Agrokor Group, American Specialty Health, American State Bank, Arval, Life:), Axway, Bank of the West, Blueport Commerce, BSkyB, Brinks, CaixaBank, Cartagena, Catholic Health System, CEC Bank, Cegedim, CIGNA, Clickability, Colby-Sawyer College, Commercial Bank of Dubai, University of Utah, eBay Inc., ING Singapore, National Theatre, OTP Bank, Sodexo, WebEx