Qualys VMDR Reviews

The primary use cases of this solution are as a scanner. We use it with Azure and AWS. For on-premises, we use physical scanners all over the globe. We have deployed our external scanners in approximately 70 regions.

What I like about Qualys VM is the dashboard presentation. It's very good.

The reporting capability and executive reporting are very good.

Customer support needs to be improved because it was not to our SLA standards.

Suddenly, the scan engine will go down. We don't know what the reason is, or how it goes down. Because of that, the business is impacted.

I had a look at the PCI reports  (policy compliance reports) and I have heard that most memberships have been taken by Azure, although I was not aware of that. I would like to see more documentation or awareness.

I have worked with Qualys VM for the last two years.

This solution is stable.

The scalability is good.

The customer support is very bad. When we submit a ticket, we do not get a response immediately.

Previously, I have used Rapid 7 Nexpose. They are similar solutions although what Qualys is providing, it provides well but requires less. Qualys reporting is better.

Nexpose has upgraded too, and now their reporting is also very good.

The initial setup was straightforward and we didn't have any issues with it.

If you are comparing Nexpose and Qualys, I would prefer Qualys. The UI is good and whatever reports you are getting, are very clear. If you present it to management, the reports are good. They require an executive report that highlights the vulnerability and how many servers are affected. You can customize it also.

Nexpose is coming out with new features, but Qualys has already implemented them.

I would rate this solution an eight out of ten.

It improves the continuous monitoring of the systems on-premises.

If any anomalies are there, we can easily detect with our agent based solutions, and we can isolate them quickly, and response time or any incident is much quicker than previous. Before we were taking eight hours, now we're taking around 30 minutes to respond to any incident, security and such.

I find the most valuable features are the continuous monitoring.  Even on premises, there is constant monitoring.

When tested on Zero day, there were errors.

In addition, they have integrated with other third parties, but it is still not viable. They are using their own Q id's. This sometimes leads to a false positive. And, even the updating of signatures into Qualys is not that much quicker. Maybe for Windows and Linux, it is a little quicker or networks and other devices. The signature updating is not quicker.

I have not experienced issues with stability of the solution. There were a few bugs, but we reported it.

I did not have any issues of scalability.

The tech support acted quickly and responded quickly to our tickets. There was a good response time.

I also have previous experience with Tennable Nessus, and I find Qualys is better than Nessus, which is slow in the security center and lags a bit.

It's good. Yes, it's competitive. We got the best price.

It is a SaaS solution with agents distributed at endpoints.

Qualys VM has improved the way the organization functions.

The Vulnerability Management and Patch Management features are the most valuable features of this solution.

The most valuable qualities of Qualys VM are its ease of deployment and metrics.

Endpoint stability and fault resolution could be improved.

I would like to see the solution's footprint expanded to include iOS and iPads in the next release.

One example of how it could be better would be better handling of end-of-life systems and better feedback on job failures.

We have been working with Qualys VM for just over two years.

It is a cloud platform. I'm not sure if a version is associated with that. 

The stability of Qualys VM is quite good, but not fantastic. I would rate it an eight out of ten.

The scalability of Qualys VM is very good.

This solution is used by five security or system administrators in our organization.

We have no plans to expand our usage; it is already widely deployed.

The technical support is mediocre at best.

I would rate them a two out of five.

Neutral

We were previously using Lansweeper, which was not scalable.

I would rate the initial setup a three out of five.

It took several weeks to deploy.

We completed the deployment in-house.

We have seen a return on investment.

There are no additional fees in addition to the standard licensing fees.

I would recommend identifying the right metrics to drive the program.

I would rate Qualys VM an eight out of ten.

We are using Qualys VM, as our scanner tool. We also use it for Application Security and Policy Compliance.

We use it for the identification of vulnerabilities for all of our devices on the network. This includes Windows workstations, servers, and Linux machines. We also use it for cloud, and external use as well.

The features that are most valuable are the identification, scan features, and the identification of vulnerabilities. Recently, the VMDR additions and the threat protection has been useful.

It's pretty user-friendly.

The Patch Identifications, which are supersedence identifications, need improvement.

I would like to see more accuracy in detections, better reporting capabilities, and better dashboard download capabilities. These are things that are definitely needed.

I have been using Qualys VM for more than 15 years.

We are using the latest version.

VMDR was added in July with newer enhancements.

It's a stable solution.

It's very scalable for large networks. We have also used the agents and they work very well.

I have a team of five in our organization and external to it, there are approximately twenty-five.

We engage with technical support often. There could be some improvements made.

The initial setup is straightforward.

It is different for every company, but for us, it's every three years. I will know more about the pricing in September because we are going to be looking at our pricing again.

We get a large volume discount, which is good.

I would recommend this product to others who are interested in using it.

I would rate this solution an eight out of ten.

Qualys VM is used for vulnerability scanning.

It's really beneficial for scanning and interacting with the agent. 

The disadvantage of working with Qualys is that the graphical interface is quite outdated.

If you want to choose a scan result, or maybe configure an IP range or something similar, it opens up a lot of processes, or steps, which is somewhat bothersome. Because it opens several phases, it is not a single-window program. 

We are testing it, as well as Rapid 7 InsightVM.

We have been testing Qualys VM for approximately five weeks.

Qualys VM is a stable solution.

Qualys VM is a scalable product.

It works with ten assets. It works with 100 assets. It has worked with 3,000 assets. It's quite scalable.

In our organization, we have two dedicated people, and five others are only dedicated to gaining insights. 

It actually depends on how you remediate all of the vulnerabilities in Qualys since you can also set up it such that product owners, that is, the owners of the apps that are deployed on all systems, can access reports and everything. But that's not how we do things.

The security and infrastructure departments are using this solution in our organization.

We have a dedicated Qualys team of two persons assisting us with the implementation.

We are currently doing a proof of concept with both Qualys VM and Rapid 7 InsightVM.

Qualys is a fully SaaS solution.

It is dependent on the configuration. When you work with the agent, you are primarily concerned with deploying the agents to all assets. However, if you want to scan based on IP, you'll run into some problems.

If you wish to scan on an IP basis, for example, you should deploy a virtual appliance. You may set up several appliances for different domains. Otherwise, you must have your network rules properly configured so that the appliance can reach every asset.

It's relatively simple to set up the basics, but if you want to scan, it really depends on how many networks and domains you have.

In a couple of weeks, you can set it up.

It's very expensive, especially if you want to use multiple modules of Qualys.

I think mainly decide how you want to scan: based on IP or based on an agent.

Then work with the interface and then explore how it works.

I would rate Qualys VM an eight out of ten.

We use bother on-premise and cloud deployments of Qualys VM. For my clients in the cloud, we use a cloud solution, which is a bring your own license model. Additionally, We have our own deployment of Qualys VM.

We are using Qualys VM to provide a VM service.

The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe.  It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment

I have been using Qualys VM for approximately five years.

Qualys VM is a highly stable solution.

Qualys VM could improve by having more skilled support personnel.

The initial setup of Qualys VM is straightforward. The full implementation took us approximately one day.

We have approximately 100 people who are part of our technical team. We did the implementation of this solution.

There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price.

I would recommend this solution to others.

I rate Qualys VM a nine out of ten.

We use this solution to scan the servers on the network. It is used predominantly by our information security team.

This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system. 

Qualys makes us proactive in terms of handling patching and effective when it comes to scanning out network.

Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools. 

I have been using this solution for five years. 

I have previously used Nessus. Overall, Nessus is a better tool because it provides greater insight into all vulnerabilities, some of which are skipped by Qualys. 

This solution is very easy to set up. 

We worked with a third party to complete deployment. 

In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus.

I would advise others to run a proof of concept and to exhaust all functionality if considering Qualys. This may take between 15 and 60 days to complete. 

I would rate this solution a six out of ten. 

We use this solution mainly for vulnerability management.

Qualys is a well-known name in the market and we use it for different scenarios. We also like the flexibility in their licensing.

The IoT scan is not great and we would like to see some improvements to it.

We have been using this solution for over three years.

It is a stable solution.

It is a scalable solution. We use the test version.

I rate the technical support an eight out of ten. They have really good support.

Positive

I rate the initial setup a nine out of ten. It was very good and easy. 

It has a competitive price. I rate the pricing an eight out of ten.

I rate this solution a ten out of ten. Compared to other solutions, brand awareness and Azure integration are the strong points of Qualys VM. We would like to have some predefined parameters for the setup in regards to security and vulnerability, and how to maximize it. For example, we want scans and management with some predefined parameters that we need to have in the environment prior to deployment and initial setup.