Qualys VMDR Reviews

I am working for an IT firm where I use Qualys VMDR for my clients. I specifically use it for vulnerability detection and vulnerability remediation as part of our vulnerability assessment team. We scan all the assets for vulnerabilities, both servers and client-side, and then share the vulnerability reports with the relevant teams for remediation planning.

The continuous scanning for vulnerabilities, especially the notifications for zero-day vulnerabilities, greatly aids in keeping our systems secure. The accurate vulnerability assessments and the remediation plans they provide enhance our workflow and effectiveness in vulnerability management.

The most valuable feature is the vulnerability assessment. Qualys VMDR is precise in its assessments and categorizes vulnerabilities by severity from one to five. Additionally, they provide detailed reports and possible remediation steps, such as updating from Java version 3.4 to a more secure version.

Qualys VMDR could improve in reducing the occurrences of false positive vulnerabilities. Enhancing this aspect would make the tool even more effective.

I have been using Qualys VMDR for two years.

There are no issues with stability. They notify us of any scheduled downtime a week in advance, usually planning it for weekends to avoid disrupting business operations.

Qualys VMDR handles scalability very well. It offers extensive features and facilities to create groups for assets or servers, making it easy to add new environments or data centers for scanning.

I have heard that their technical support team is very responsive and takes quick action when needed. However, I have never interacted with them personally.

Positive

We have used ZixSense, also known as Ivanti Neurons. ZixSense is more user-friendly than Qualys, however, the latter provides more comprehensive and accurate vulnerability assessments.

The initial setup of Qualys VMDR was easy. We just had to open the Qualys tool, add the IP addresses of the respective servers or hostnames, and start scanning. Access to vulnerability assessment is only provided via IP addresses, not hostnames.

Any changes or maintenance required are managed by the Qualys team following change requests from our upper management.

New users should complete two training programs from the Qualys training center: Qualys Foundation and Qualys VMDR. These certifications provide the necessary knowledge to set up and use Qualys effectively. Qualys also provides a demo trial account for new users.

I'd rate the solution nine out of ten.

Using the solution, I go through the reports and advise my organization on what needs to be done and how to go about it.

I find the solution's dashboard interesting since we get a proper view to streamline our findings and assist in prioritizing the schedule for patching or any other related incidents we believe have already been worked on.

Presently, I am more of the technical part. I am allowed to just go through the details of the report, which has been very interesting. It is a struggle to be able to pull our report and to be able to do onboarding using automated tools. So basically, the aforementioned aspect of the report needs improvement.

Presently, whatever I'm working on has been quite fantastic to the best of my knowledge.

I have been using Qualys VMDR. I have been using it on my own site as a client. I am just a consultant. I work with Qualys VMDR due to my understanding of the product so that I can help my clients check one or two things that can help improve the digital infrastructure part.

The stability of the tool is okay. Most of the time, you need to do the updates online to be able to get off from any vulnerability. As long as you are online since it's on the cloud, it's just as software of which the update has been handled on the cloud as well.

The response time is fine. You can pull up reports without dragging or consuming bandwidth.

The scalability of the tool is okay. Scalability-wise, I rate the solution an eight out of ten. I have not been able to have the solution function at a large scale. Hence, I will be able to categorically say that everything is fantastic.

Presently on my own part, I've not been able to experience the support, but I can search the technical algorithm of which I've not yet got any reports. 

The initial setup phase has been quite interesting because of our experience when we had to use the agents on most of the endpoints, which means it was okay for us.

The solution is deployed on the cloud.

I would tell those planning to use it that it is definitely not about the technology. However, at the same time, if you have the technology, make sure you have the right person with the ability to assist you in addressing the advantages of the product.

I rate the overall product an eight out of ten.

The use cases would be for scanning purposes, for identifying assets, identifying and viewing assets, and setting up scan schedules. I use it primarily as a vulnerability management and scanning tool.

When you have everything in one place, the job is very easy. Qualys VMDR having a Russian nesting doll sort of environment does take a steep learning curve, but having everything in one place is quite neat.

The most valuable feature is the asset view where I can find individual assets and take a deeper dive into their information gathering section, potential vulnerabilities, and confirmed vulnerabilities. I also value the scheduling of scans and reports as per the desired timeframes.

The reporting section needs improvement as running reports can take several hours. A more intuitive way to configure reports settings to reduce run time would be helpful. Improvements are needed for sorting QIDs and findings during the reporting section without downloading the entire report. 

Additionally, there is a need to address the issue of retaining report sections when they exceed one or two GBs. For asset management, adding a notification for unscanned assets or those missing CVE ratings would help.

I have been using it for close to three and a half to four years now.

There are rarely any stability issues. Discrepancies are usually anticipated due to the downtime and maintenance window provided in advance. It's a technological tool, and random anomalies may happen, but they are manageable.

Qualys offers one of the best scalability capabilities for large-scale deployments. Its tools and solutions work effectively with large corporations. VMDR helps club multiple vulnerabilities into one QID, which assists with remediation cycles.

Customer support is fast, although there can be a lot of back and forth. However, the overall service is satisfactory and of great quality.

Positive

I have used Nessus and Burp Suite, however, Burp Suite isn't in close proximity with Qualys for scanning purposes. Microsoft Defender offers some advantages with real-time, agent-based scanning that consumes fewer resources.

The initial setup was quite simple and straightforward. Setting up Qualys was fairly easy with clear documentation and guidance.

I am not familiar with the pricing side as I am not a part of that aspect. However, it is on the higher side, but it provides large-scale scalability for vulnerability management.

I have evaluated Nessus and Microsoft Defender for vulnerability management.

Users should go through the training offered by Qualys for all VMDR modules and take an introductory call on how to use and schedule tasks. Setting up one thing at a time and testing the desired results before moving on is advised.

I'd rate the solution eight out of ten.

We use Qualys VMDR to scan our public websites and products, anywhere that is publicly available. We deploy it through Qualys's cloud scanner.

Qualys VMDR provides us with a quick response to threat findings through regular scheduled scanning, which improves our security operations. It also offers an impressive knowledge base for quick research results and coverage of all vulnerabilities.

The knowledge base is the most impressive feature because it provides quick research results and coverage of all vulnerabilities. Additionally, the real-time threat detection feature provides quick responses to threat findings.

Qualys VMDR should improve authenticated scanning capabilities. It currently only allows basic authorization tokens and preset parameters. In contrast, Burp's in-built browser works more like a proxy, which makes security testing easier and more accurate. Pricing is also an issue; it's high enough to deter mid-sized to small companies. Moreover, the technical support is slow and tends to just reference documentation rather than providing real technical assistance.

I have been using it personally for five years, while my company has been using it for three years.

The technical support is slow to respond. Most likely, they just provide reference links for documentation instead of offering in-depth technical guidance. This level of support doesn't compare well to others like Cisco, Juniper, or Avaya, which offer more hands-on assistance.

Neutral

This goes beyond my scope of responsibilities and is managed by my superior.

The pricing for Qualys products is too high, and the licensing model involves paying for the whole bundle, which may not be affordable for mid-sized to small companies.

We are currently looking for alternatives to Qualys by researching competitor products on the market.

For midsize to small-size companies, Qualys might not be the best choice if you don't have enough funding for security due to its high pricing. Qualys VMDR is still recommended for comprehensive vulnerability management but be prepared for slow technical support.

I'd rate the solution nine out of ten.

In our DLP operations, we use the tool to address stability issues and implement fixes suggested by it. This helps manage risk levels and decide whether to fix issues or implement workarounds.

I like that we have many scanners and channels that don't overload. It helps us scan and track easily. Also, the tagging system is good for tagging. We can still use QualysAgent task ID tools even if tags aren't made.

The asset inventory management feature has improved our security posture, which is good. It was introduced recently, and we've just started using it. In terms of management, I believe it's better than what we were using before.

Qualys VMDR is good at handling vulnerability management trends, especially with its policy module. Qualys VMDR offers customizable labels that fit the organization's needs, unlike other tools. This is important for enhancing security and meeting compliance requirements.

There's a need to upgrade or fix the potential vulnerability rate. Around 20,000 potential vulnerabilities were showing in Qualys VMDR, but none of the other tools showed them. When we checked, it wasn't the case. Support explained that even small issues were being counted as vulnerabilities, causing issues in our audit. So, the security features could be improved to identify vulnerabilities accurately.

I have been working with the product for two years. 

The stability is generally good, but we did face issues during the pandemic due to connectivity problems with Qualys VMDR servers. There were syncing issues, and agents weren't getting updated. However, we later realized it was our issue because our software needed updating. We had to manually update the proxy settings, which Qualys VMDR should have done. We managed to tackle the challenge with the help of another team.

Support should be faster and more customer-friendly. We often have to review a lot of documentation for issues we're already aware of and follow basic steps repeatedly. Additionally, we must wait for Qualys VMDR personnel to move scans into debug mode, which can be time-consuming. Getting notifications or updates on these processes more quickly would be helpful.

Setting up the tool doesn't take long and doesn't require many people.

We have an annual contract for Qualys VMDR. I believe it's for either two years or five years.

I haven't personally done any integration, so I can't comment on it. However, I believe some integration was happening between Qualys VMDR and ServiceNow. Our asset management tool was also trying to integrate with Qualys VMDR, but I'm unsure about the details or how it works. I rate the overall product an eight out of ten. 

Our use cases are primarily on-premises vulnerability management and remediation, external attack surface management and vulnerability scanning.

The benefits I've seen are twofold. The biggest benefit is from a security operations perspective, where we are able to drive our security posture upwards by remediating any discovered vulnerabilities. We can also automate the remediation process. The other big benefit is executive reporting because it's very easy to produce trends over time to report on risk.

The most valuable features are vulnerability detection, patching capabilities, and remediation. Cloud security posture management is also very valuable. I find these features valuable because getting a unified view of your cloud security posture across different environments is not always easy. For example, you might have most of your resources sitting in Azure, but you might have a couple of workloads in AWS. Naturally, there are different tools that report on that, so it's invaluable to have those pulled into a single dashboard so you can drive your remediation from a single platform.

If anything, I would like to see the user interface modernized a bit more. Also, there are a lot of various modules, and if they could be consolidated into fewer options, it would make the buying experience easier.

I've been working with Qualys VMDR for the last three years or so.

We haven’t faced any issues, the solution is very stable.

Because the management sits in the cloud, you don't have to worry about management appliances or anything like that on-premise, so the solution is very scalable. You can split your assets into asset groups and delegate management to different teams. Around 1,000 users are using Qualys in my organization across 60 locations.

We've had very few technical issues, and the customer support team has quickly resolved issues we've had.

Positive

In the first step, Qualys provisions your cloud-based management instance. From there, you get a small, lightweight agent deployed by deployment technology like Microsoft Intune, in our case, SCCM, or any deployment technology.

We worked with BCX Namibia and the Qualys team in South Africa while deploying the solution. It took two weeks to deploy the solution. The solution is not difficult to maintain because the management component is cloud-based and is taken care of by Qualys. Any agent upgrades that might be necessary are very seamless.

We have seen an ROI using Qualys. Most breaches nowadays are because of a vulnerability that is exploited. By virtue of being able to identify and remediate these vulnerabilities, I believe we are significantly driving our cybersecurity risk downwards.

The pricing is very competitive, especially because Qualys is integrated and does vulnerability management and remediation patching in one solution, so there's no need for a separate patching solution. You can also get very granular with the amount of IP addresses you can cover. You can go from as few as 16 IP addresses to many more. And the Qualys team is also willing to work with organizations to make the solution make commercial sense. The prices are fixed. We have a yearly subscription model based on the number of IP addresses we’re scanning.

We evaluated vulnerability management in Microsoft Defender, but we found the reporting and functionality lacking compared to Qualys. And then the Microsoft licensing costs were also a bit of a dealbreaker.

If you're considering implementing Qualys in your organization, work with a strong pre-sales partner. Evaluate the product, make sure it does what you need, make sure you buy the features that you need, and make sure to use the training and onboarding material that Qualys has made available on its website so you can leverage the solution's full capability from the start. I rate Qualys VMDR a nine out of ten.

We use the solution for vulnerability management.

The solution's best features are scanning and vulnerability management. By using them, we can obtain all critical reports.

They should improve the solution's pricing. Also, they should enhance the authentication feature. Presently, we face issues while scanning multiple assets. In cases of heavy workloads, it must scan assets properly.

We have been using the solution for more than six years.

It is a stable solution.

It is a scalable solution. We have more than 50,000 solution users in our organization globally.

The solution's technical support is excellent and responsive.

The solution's initial setup is straightforward.

We have over 30 administrators managing the solution in our organization. In addition to installing the solution internally, we receive assistance from other vendors.

The solution is expensive.

I recommend the solution to others. It is excellent. We can detect and mitigate all the vulnerabilities using it.

I rate the solution as an eight.

We use it for vulnerability management and report generation mostly. I am trying to solve the issue wherein the stakeholders can get automated vulnerability reports to their mailbox.

Using this product, we now have a vulnerability management cycle wherein VMDR plays a major role. It has greatly increased the capability on the detection aspect of the vulnerability and improved our scope and visibility on all other endpoints.

I like the automated report generation and vulnerability report generation.

I don't have any improvement requests on top of my mind right now. The response time of technical support takes a while.

It's been more than two years now.

I would rate the stability as nine out of ten. It's quite stable.

The solution is scalable.

My rating for the technical support for Qualys is six out of ten. The response time takes a while.

Neutral

I personally didn't use a different solution before Qualys.

Although I was not present during the initial deployment process, it's pretty straightforward. It's just an agent installation, which automatically connects it to the cloud platform, so the implementation won't take as long.

I would recommend Qualys VMDR to the other stakeholders because it already has its place in the market, and it's very reliable.

I'd rate the solution eight out of ten.