Qualys VMDR Reviews

The primary focus of this solution is to identify and detect vulnerabilities in real time and use that information to patch them using Qualys VMDR task management module. We have a variety of devices within our network, including network devices, firewalls, vCenters, VMs, web applications, and endpoints. We deploy cloud agents on workstations and servers where possible, and we scan network devices using a virtual scanner where we cannot deploy the cloud agent. Additionally, we perform web application scanning for our web apps. We also use the tool to manage our cloud security and container security.

With the help of Qualys VMDR, we were able to get real-time knowledge base updates from Qualys and perform scans on all devices to identify vulnerable devices. This allowed us to plan the next course of action for mitigating vulnerabilities. For example, during the zero-day events, such as the Log4j vulnerability, we received critical real-time information from Qualys, enabling us to identify and plan for mitigation while the rest of the world was still struggling. This capability has tremendously helped us maintain the cybersecurity posture within our organization.

The most valuable features of Qualys VMDR include CSAM, Qualys Gateway Service, Web Application Scanning, patch management and the use of virtual scanners to scan appliances and devices, especially those provided by vendors. 

The ability to run a map scan and identify all assets within our network is extremely beneficial for medium to large organizations. Real-time asset discovery and patch management have also been vital features for us.

One area for improvement is the simplification of the process to ignore certain vulnerabilities on specific devices. Currently, the process is quite long, requiring the creation of separate knowledge bases and lists. Simplifying this to one or two clicks would be beneficial. Additionally, enhancing patch management to support third-party tools and simplifying the creation of patch jobs would greatly improve usability. Improving the interconnection between multiple modules would also be helpful, making navigation and operations more straightforward.

I have been using Qualys VMDR for more than two - three years now.

I would rate the stability of Qualys VMDR as eight. It is a stable solution with minimal issues.

The scalability of Qualys VMDR is good. If we add additional resources, the tool can scale efficiently, ingesting new data seamlessly. Qualys has auto-scaling enabled for their cloud platform, which ensures performance remains high, even with increased resources.

Technical support from Qualys needs some improvement. There are instances where Level 2 support is not able to assist, requiring escalation, which can take time. Overall, basic troubleshooting and issue resolution are straightforward.

Neutral

I have worked with other vulnerability management solutions prior to Qualys. In my current organization, we selected Qualys after a POC. Other tools have not evolved well as Qualys has over the years, making Qualys the preferred solution.

The initial setup of Qualys VMDR is straightforward. The setup's complexity depends on the organization’s size and collaboration with various teams. For organizations with a clear device inventory, the deployment can be completed within a month.

In-house

We evaluated other tools available in the market during our POC process yet found Qualys to be the best solution.

I would recommend Qualys VMDR to other users if they want a comprehensive solution for real-time vulnerability detection and mitigation. The tool is easy to implement, backed by a reliable knowledge base, and offers quick updates during zero-day events. While there are areas for improvement, such as simplifications in handling certain features, the overall solution is robust and effective.

I'd rate the solution eight out of ten.

Qualys VMDR is used as a vulnerability management tool. We have more than a thousand users in our company, and we have integrated Qualys with their machines to help update software and measure known or unknown risks, prioritize them, and patch the devices. We monitor and mitigate alerts, and we find vulnerabilities in specific machines or systems, which we then address.

Before implementing Qualys, we used third-party companies to conduct vulnerability audits and paid them separately for mitigation. With Qualys, we now conduct our vulnerability management and mitigation internally, saving both time and money since we can monitor every system and threat without requiring manual processes or third-party involvement. This has resulted in significant ROI and reduced the risk of breaches.

The best features of Qualys VMDR are its patch management capabilities and the ability to mitigate vulnerabilities automatically. The report export feature allows us to see how many incidents have been mitigated and which ones still need attention. The compliance dashboard helps us track and fix threats efficiently, ensuring all machines comply with security standards.

The user interface (UI) is quite complicated. Initial-stage engineers or analysts might miss something due to the complexity. Also, for hybrid users, the agent might get disconnected, requiring users to revisit the office to reinstall the agent. Additionally, the reports could be more interactive.

I have had five years of experience with cybersecurity platforms and have been using Qualys VMDR for that duration.

I would rate the stability of the solution nine out of ten. It is a robust platform that provides consistent performance.

For scalability, I would rate it nine or 9.5 out of ten. The cloud-based architecture allows us to deploy it across multiple locations seamlessly.

The technical support provided by Qualys is good. Queries are responded to promptly, and if needed, we can contact the TAM or any POCs directly. I would rate their support nine out of ten.

Positive

Before using Qualys, we used a third-party solution for vulnerability audits and mitigations. However, we switched to Qualys because it allows us to handle everything internally, avoiding the need for additional external services.

The initial setup is agent-based and straightforward, especially if you have necessary tools like Active Directory. Given the cloud-based nature of Qualys, deployment can be completed within a day with appropriate resources.

We have seen a significant ROI with Qualys, which is estimated to be around twenty to thirty percent. It has saved a lot of time and money by allowing us to mitigate issues without user interaction and preventing breaches.

Compared to Tenable, Qualys is quite expensive. However, its performance justifies the cost, making it a worthwhile investment.

We also use Tenable Solutions for vulnerability management. However, Tenable requires manual processes for mitigation, whereas Qualys allows for automated mitigation of vulnerabilities and threats.

I would definitely recommend Qualys to other users. Depending on the number of users and specific needs, Qualys is a good vulnerability management product that offers efficient solutions. I'd rate the solution nine out of ten.

My main use cases for Qualys VMDR are for server vulnerability and missing patches.

The most helpful and useful features of Qualys VMDR are its user-friendly design.

Qualys VMDR is easy to understand and provides detailed reports.

It impacts my workflow overall, with the patch management features as it has the missing patches listed in detail, making it easier to get a comprehensive report and providing some dashboards that offer visual representation.

There were some issues later with Qualys VMDR regarding security, specifically with numerous false positive reports.

It doesn't take much time to deploy Qualys VMDR. There is a process mentioned already on the website about how to proceed with the installation, so we followed that process.

I am satisfied with the support of Qualys VMDR as they are supportive. However, there are sometimes issues where we cannot talk to customer support directly, and we have to raise tickets, which sometimes takes a lot of time to resolve issues because it goes through their own phase. We cannot change the SLA or the priority of the tickets, so that is an issue.

Positive

Our organization changed to something else due to a higher management decision, and that might be the reason for the change regarding the pricing.

We are not using any AI features with Qualys VMDR.

Overall, I would rate Qualys VMDR as good, giving it an eight.

Our primary use case of the product is comprehensive vulnerability management and asset inventory across a hybrid environment consisting of both cloud and on-premises deployments. We manage approximately 45,000 endpoints spread across multiple geographical locations.

The platform's most valuable features include its robust vulnerability detection capabilities and automated remediation workflows. These features not only help us identify vulnerabilities promptly but also enable us to prioritize and remediate them efficiently.

While Qualys VMDR is comprehensive, improvements in asset management functionality would be beneficial. Additionally, reducing dependency on multiple agents for data collection across different endpoints could simplify management and resource utilization.

In the next release, enhancements in reporting and analytics would be appreciated. Advanced analytics capabilities for trend analysis and predictive insights could further empower proactive decision-making in cybersecurity management.

I have been using Qualys VMDR for approximately two years now.

The product is stable. I rate the stability a seven. 

I rate the product scalability an eight. 

The technical support services are good. 

Positive

The initial setup was relatively straightforward. They provided comprehensive documentation and support during deployment, which helped streamline the process. 

I would rate the process a seven or eight. 

We implemented the product with the help of in-house resources and support from Qualys.

We evaluated other options such as Tenable and Rapid7.

I rate Qualys VMDR a nine out of ten. 

I primarily use Qualys VMDR for daily scans, onboarding assets, scanning, reporting, and managing the entire vulnerability management process, including test management.

The platform has significantly improved our organization by simplifying asset discovery and management. We can easily identify and categorize assets, ensuring comprehensive scanning and reporting.

The product's patch management is excellent for keeping our critical servers and third-party applications updated efficiently.

One area of the product that could be improved is the management of vulnerabilities detected on disabled applications. We currently face challenges with unnecessary alerts for Microsoft Defender, which we do not use. Additionally, enhancing the alerts for agent communication failures would be beneficial.

I have been using Qualys VMDR for approximately three years.

The product has been very reliable in our day-to-day operations.

I would rate the product scalability a ten. It easily scales with our organization's growth, allowing us to add new assets and expand our coverage seamlessly. We are considering expanding our deployment to include 500 assets next year.

The initial setup was straightforward, taking less than a week to configure and generate reports. The deployment process was smooth, and we were able to integrate it effectively into our hybrid environment.

Within three months of deployment, we began seeing improvements in vulnerability management. This helped us significantly reduce vulnerabilities and streamline our patch management processes, providing a notable return on investment.

The solution is reasonably priced for the value it provides. Our contract renewal was approximately 2.5 million ZAR for three years, including managed services.

Before selecting Qualys VMDR, we evaluated other options but ultimately chose Qualys due to its comprehensive features and effective proof of concept.

We integrate Qualys VMDR with our infrastructure, conducting weekly scans and generating reports based on the findings. This provides daily views of vulnerabilities, and we use Qualys' patch management to deploy patches promptly, starting with the most severe vulnerabilities, thus reducing our threat exposure. Conducting a thorough proof of concept is essential to evaluate its effectiveness in your environment and to see how it integrates with your existing systems and handles your specific security needs.

I rate it a ten out of ten. 

The primary use case for Qualys VMDR is for infrastructure vulnerability management. It assists devices, including all infrastructure devices like serverless network devices and development environments.

The solution has improved the organization significantly because it helps in assessing and prioritizing risk. Based on the results from Qualys, I can prioritize remediations with the remediation teams, thereby reducing the volume of vulnerabilities.

The most valuable feature is the QID part, especially of CentralList, which makes it easy to assess new critical vulnerabilities. It saves a lot in assessing and prioritizing risks to the organization.

Support could be improved since the response can be slow. There is always room for improvement to align with the latest content and technologies.

I have used the solution for three years.

The solution is stable. Anytime there is downtime or maintenance, Qualys ensures that we are well-informed with priority communications.

Scalability would be rated nine or nine point five out of ten. We have high satisfaction with this aspect.

Technical support response can sometimes be slow, leading to a rating of eight or nine out of ten.

Positive

I previously used a different tool. I switched to Qualys as it didn't have the same feature set.

The initial setup was straightforward. Deployment took two to three days.

The deployment was done by a different team, so I do not have specific details about the implementation team size.

I have used RapidSky before Qualys.

I would recommend Qualys VMDR because it ensures comprehensive coverage, including aspects like vulnerability management and PCI, providing good inputs and improvements over time.

I'd rate the solution nine out of ten.

We use the product for enterprise network infrastructure scanning.

The product has multiple valuable areas. The process of defining and discovering scans is organized efficiently. It has an effective tagging system and authentication mechanism compared to other tools. Its integration with AD helps us a lot. Additionally, I like the report generation feature.

Qualys could improve the inbuilt dashboards. They could be advanced compared to competitors like Rapid7 and Tenable. They should include a faster reverse integration process. They could enhance its integration with ServiceNow CMDB to ensure that mapping IP addresses, domains, and net bias names is consistent and accurate.

We have been using Qualys VMDR for nearly two and a half years.

I rate the product's stability a nine out of ten. I have rarely seen any stability issues with Qualys.

I rate the product's scalability an eight out of ten. We only recommend some people use Qualys in our organization. It is a limited audience. It is used by the vulnerability management team and a few critical resources from different parts of the cybersecurity department. We have 50 users in total. They should provide role-based access for managers, reviewers, and scanners.

The initial setup process is simple as I have prior experience working on two full-time projects with it. I find it simple as I have enough background knowledge of it.

The product is more expensive than that of any other vendor.

I did work on Tenable's POC and some other vendors. It has some limitations in detecting different types of vulnerabilities or false positives. Qualys is on the higher side when compared to the other tools.

I rate the product an eight out of ten.

Using the solution, I go through the reports and advise my organization on what needs to be done and how to go about it.

I find the solution's dashboard interesting since we get a proper view to streamline our findings and assist in prioritizing the schedule for patching or any other related incidents we believe have already been worked on.

Presently, I am more of the technical part. I am allowed to just go through the details of the report, which has been very interesting. It is a struggle to be able to pull our report and to be able to do onboarding using automated tools. So basically, the aforementioned aspect of the report needs improvement.

Presently, whatever I'm working on has been quite fantastic to the best of my knowledge.

I have been using Qualys VMDR. I have been using it on my own site as a client. I am just a consultant. I work with Qualys VMDR due to my understanding of the product so that I can help my clients check one or two things that can help improve the digital infrastructure part.

The stability of the tool is okay. Most of the time, you need to do the updates online to be able to get off from any vulnerability. As long as you are online since it's on the cloud, it's just as software of which the update has been handled on the cloud as well.

The response time is fine. You can pull up reports without dragging or consuming bandwidth.

The scalability of the tool is okay. Scalability-wise, I rate the solution an eight out of ten. I have not been able to have the solution function at a large scale. Hence, I will be able to categorically say that everything is fantastic.

Presently on my own part, I've not been able to experience the support, but I can search the technical algorithm of which I've not yet got any reports. 

The initial setup phase has been quite interesting because of our experience when we had to use the agents on most of the endpoints, which means it was okay for us.

The solution is deployed on the cloud.

I would tell those planning to use it that it is definitely not about the technology. However, at the same time, if you have the technology, make sure you have the right person with the ability to assist you in addressing the advantages of the product.

I rate the overall product an eight out of ten.