Qualys VMDR Reviews

Qualys' main function is to scan IT systems. It does the scanning of computer systems.

Continuous Monitoring is excellent because it is entirely dependent on the agent, and the Agent Scan, is also quite good. 

I also like the asset tagging, asset grouping features, and the dashboard, because we can customize and create our own dashboard. That's quite good. 

The most recent is VMDR, which provides a comprehensive overview of how to detect, patch, and remediate specific vulnerabilities. That is also an excellent module.

The dashboard itself could be improved, while we can customize it, they can create different tabs where we can see the trending vulnerabilities, how many there are, or how many have been fixed, as in the most recent scan report, so that trend analysis is a little easier.

Aside from that, the solution itself is fairly generic in nature. What they can do is pretty much customize everything and provide a relevant solution for everything. For example, because Qualys has a Cloud Agent that scans a system's entire inventory. As a result, they can test their use cases to determine whether or not a vulnerability has been confirmed. If they can do so, they can also provide us with a straightforward solution to a specific problem rather than a generic one. That could be one area where they can improve. 

Qualys does not currently have an IoT, SCADA vulnerability assessment, they can significantly improve their IoT, SCADA, and ICS (Industrial Control Systems) vulnerability assessment technique. When you compare with Tenable SC it has more features than Qualys VM.

If you see power grids, large oil stations, they fall under SCADA and Industrial Control Systems. These systems are very different from standard IT systems. Qualys currently does not have any features for scanning SCADA, IoT, and Industrial Control Systems.

I believe they can improve on the addition of devices. Assume I have two lakhs of devices that cannot all be added at the same time. For example, if I have two lakhs of devices, and two lakhs of those devices have a Cloud Agent, adding all of those devices at once is not easy. We have to add it 1,000 at a time, which takes a long time when there are two lakhs of assets to add. If we do 1,000 at a time, we'll have to do it for around two lakhs, which is quite difficult.

They can increase their frequency of working faster, similar to the time constraint they currently have. The second thing they can improve is the addition of assets. They can almost completely automate the process of adding assets, or they can increase the maximum number of assets that can be added in one go. They are only allowed to add 1,000 assets. If I want to add two lakh assets, it will be extremely difficult to do so by adding 1,000, at a time.

That is a fairly technical issue. Most of the false positives reported by Qualys or the inability to detect a cumulative patch update, if any, are the few things that they can improve and incorporate. 

As I previously stated, it would be extremely beneficial if they could implement scanning, vulnerability scanning of IoT systems, Industrial Control Systems, and SCADA devices.

I have been working with Qualys VM for approximately four years.

We have been using multiple Qualys modules, such as VMDR, Cloud Agent, AssetView, and Continuous Monitoring. The most recent version that we are using is 4.14.

It's reasonably steady. When we say stable version, there is also room for improvement in that Qualys will not be able to handle large amounts of data at once. When you do billions of scans, such as a scan for millions of devices, it becomes extremely slow, and gathering data and populating the report becomes extremely tedious. 

Scalability is quite good. We can pretty much rely on the tool. It is easy to scale. 

If the organization grows, we can pretty much scale it to most of the areas. The only problem is that they must primarily work on Industrial Control Systems and lightweight devices such as CCTV cameras, and lightweight devices. As a result, they are required to work in that field, otherwise, it is pretty good.

Based on my previous experience, there were approximately 300 or more users using Qualys in organizations with a population of more than two lakh people. Currently, I see that approximately 400 users are using it, and the size of the organization is significantly larger than the previous one.

We use this solution daily.

Technicals support is pretty good. Since I've been working in this, they've been friendly and straightforward, and we were able to get the most out of them.

We have suggested areas for improvement, and they have been working on them. They always make a good impression on us.

As a consultant, I've worked on a variety of projects in a variety of organizations.

The initial setup is simple and straightforward.

We initially had assistance from the vendor, but once we had a good understanding of it, we scaled it in our organization.

Because I've been using Qualys for quite some time, I was looking for a comparison of several solutions such as Tenable SC, Rapid7, InsightVM, and Tenable Nessus. I was curious to know if there were any other tools that were better than Qualys.

I was looking for more information about Tenable SC and wanted to compare it to Qualys in more detail, with parameters such as, how the false positives are detected in Tenable SC and how good it is in comparison to Qualys. In a similar manner, in comparison to Qualys, we learn about its usability, interface, and how user-friendly it is. Those are the few things I was looking for, and I'm still looking for more information about Tenable right now.

They have the ability to improve SCADA. SCADA stands for Supervisory Control and Data Acquisition, and IoT stands for Internet of Things scanning.

Recommending this solution would depend on the organization, the requirements, and the devices they have.

For a typical IT system, it is very good to go with this solution. Microsoft, Deloitte, and the majority of organizations still use it, it is pretty much good to go. But, once again, it is entirely dependent on how the organization is, what type of devices they have, and what kind of scans they would like to have, it is entirely dependent.

In a broad sense, it is a good solution to go with.

I would rate Qualys VM an eight out of ten.

Qualys VMDR is a vulnerability management and detection response tool. It belongs to the first generation of vulnerability assessment tools. It enables us to manually identify vulnerable keys and fix them. It is built as a cutting-edge continuous platform where we can detect and protect. With this product, we can respond to specific vulnerabilities, going beyond just using artificial intelligence features. We have implemented VMDR across our cloud, physical interfaces, endpoints, and log servers. It's a good digital product for our organization.

It has improved our organization in many ways. We needed to have a security solution that focuses on different types of things. We discussed budgeting for the cloud and the need for an alternative to taking care of malware. Additionally, we have to consider various attacks. Therefore, Qualys VMDR is a great tool that helps us improve.

The most valuable feature is automation.

Qualys VMDR is basically susceptible to false positives, and false negatives. We receive a lot of false positives in there. VMDR can be considered a complex solution, especially for enterprises with limited resources or organizations. It requires extensive knowledge as an engineer. So, when using this tool, you need to utilize other tools to remediate the false security issues.

So maybe it should also have the ability to automatically identify and address false positives. In additional features, an automated process for remediating false positives. We might be looking for new types of signatures that can help us identify and address specific issues.

I have been using Qualys VMDR for one last year. 

I would rate the stability an eight out of ten.

I would rate the scalability an eight out of ten.

It took us one month to set up.

I have seen an ROI.

The price is very reasonable, so you can definitely go with all the endpoints it offers.  

Just consider the licenses we have within VMware. They could replicate some of these features, which are used for premium customers. So, it might be useful to include those features in the subscription plans.

Overall, I would rate the solution a nine out of ten.

We use this solution to scan the servers on the network. It is used predominantly by our information security team.

This solution gives us insight into our environment and improves our security. It helps us to maintain a good patching system whereby we know that XYZ is vulnerable within the system. 

Qualys makes us proactive in terms of handling patching and effective when it comes to scanning out network.

Qualys could be improved in its overall performance compared to other vulnerability management or scanning tools. 

I have been using this solution for five years. 

I have previously used Nessus. Overall, Nessus is a better tool because it provides greater insight into all vulnerabilities, some of which are skipped by Qualys. 

This solution is very easy to set up. 

We worked with a third party to complete deployment. 

In Nigerian Naira, we spend about roughly four to five million to use this solution and this is expensive compared to solutions like Nessus.

I would advise others to run a proof of concept and to exhaust all functionality if considering Qualys. This may take between 15 and 60 days to complete. 

I would rate this solution a six out of ten. 

Our customers use Qualys for vulnerability management, it's a way for them to discover the kinds of vulnerabilities they have on their systems. We are a partner with Qualys and I'm an infrastructure security consultant. We currently have 20 clients using Qualys. 

The functionality continues to improve and knowing when there are security issues is very helpful. 

I like the Qualys Cloud Agent because it's very easy to use. It has a low impact and is supported on Windows, Linux, and others. I deploy process scanners, which are usually connected to core switches so customers can replicate all the connections. Almost all our customers try to use the agents because they're already installed and integrated into the cloud and communicate with Qualys management. There are no problems and it's really better than using some virtual appliance to scan the various kinds of assets. Qualys has a lot of information and it's great to integrate with the Central Management Database.

If you're not overly experienced and you're looking for something in their management, it can sometimes be quite difficult because they can move buttons around without sending an update. Previously, if you deployed the Cloud Agent, you could define which tech would be under the agent and where it would be deployed. It now requires some text preparation and the Cloud Agent then downloads the specific profile defined without any indication that this might happen. If you are not using vulnerability management, you are not able to create the correct patch process for all applications stored on the system.

It would be helpful if Qualys would integrate with more systems like ServiceNow, Jira, and so on, to create some tickets and integrate them into the active directory, because each group works differently and if you need to prepare a ticket, it must be defined to a specific group of people. Qualys just created a kit on ServiceNow, but it doesn't have the correct group of people in the active directory.

I've been using this solution for three years. 

The solution is scalable. If you need more resources they can be added to the backend, depending on the circumstances and requirements. If you are able to deploy in the VMDR licensing, you are able to deploy unlimited virtual active appliances to discounted appliances. It all depends on your resources. 

Each customer is different and if you need to deploy a more active virtual process that will affect the implementation. If a customer wants to use policy compliance on their machines that can add to deployment time too. I tend to deploy myself because I'm usually making the POCs of Qualys.

I believe the annual cost is approximately $40 per asset in VMDR, although it also depends on the circumstances. It contains all the features one needs although if you need synchronization with ServiceNow and CMDB, there is an additional cost. 

I constantly speak to other companies to find out what they're doing and what the differences are between the different products. My job is to find the best solution for my customers so it's important to know what's on the market.

I rate this solution eight out of 10. 

I use Qualys VM for vulnerability scanning, enterprise management, web application scanning, and patch deployment.

Qualys VM's best features are vulnerability management and customizable scoring.

Qualys VM's vulnerability scan could be improved, especially the number of CVE numbers it can manage at a time. It could also be more user-friendly. In the next release, Qualys VM should include threat intelligence and external test service management.

I've been using Qualys VM for around six months.

Qualys VM is stable and reliable.

Qualys VM is quite easy to scale.

Qualys' customer service could be better.

Neutral

The initial setup was not user-friendly.

I evaluated Tenable but chose Qualys VM because of its management features.

I would rate Qualys VM eight out of ten.

We're using the entire suite except for Patch Management. I use Qualys VM for my production environment on Amazon AWS. I also use it for my endpoints and some BDI solutions that require on-premise solutions, and I use it for both.

I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned.

I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first.

I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report.

The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile. 

The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release.

I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement.

I have been working with Qualys VM for the past six months.

Qualys VM is a stable solution.

Qualys VM is a scalable solution. We currently have about 4500 users in our organization.

Support could be a little bit faster. I haven't been granted access to their support portal, but I have a technical support engineer who's always available, and there is only one person I can talk to. But the problem is if he's absent, I'm left waiting for access to his portal. 

I used Symantec before but switched to Qualys VM as there's no limitation to adding endpoints. The other reason everyone moved to Qualys VM was its robustness and flexibility. I think that's something that's there, and there was no hassle in deploying the agent. All I had to do was get these machines that were enrolled in our MDM solutions.

As it's a cloud agent, there wasn't any specific setup. It's also managed centrally by Qualys, and when they always release a new update, all we have to do is push it. So, the maintenance requirement is minimum at best.

We deployed this solution by ourselves.

Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly.

On a scale from one to five, I would give their pricing a three. It's still expensive.

If you're going for an on-premises solution, you should dive into the POC. Because I wasn't procuring an on-premises solution, it was pretty easy for me, and the support was quite helpful. But if you're going to deploy it on-premises, you should go through a proper procedure of going through the POC and getting to know the product. I would rate it at the top because it's better than Nexpose, it's better than Tenable, and it's better than Symantec.

On a scale from one to ten, I would give Qualys VM an eight. 

I primarily use Qualys VM to manage vulnerability tickets.

Qualys VM's most valuable feature is automatic detection.

Qualys VM should improve its methodology.

I've been working with Qualys VM for six months.

Qualys VM is stable but slow.

Qualys' technical support is quite good.

Positive

The initial setup was quite straightforward.

I would rate Qualys VM as seven out of ten.

It is a SaaS solution with agents distributed at endpoints.

Qualys VM has improved the way the organization functions.

The Vulnerability Management and Patch Management features are the most valuable features of this solution.

The most valuable qualities of Qualys VM are its ease of deployment and metrics.

Endpoint stability and fault resolution could be improved.

I would like to see the solution's footprint expanded to include iOS and iPads in the next release.

One example of how it could be better would be better handling of end-of-life systems and better feedback on job failures.

We have been working with Qualys VM for just over two years.

It is a cloud platform. I'm not sure if a version is associated with that. 

The stability of Qualys VM is quite good, but not fantastic. I would rate it an eight out of ten.

The scalability of Qualys VM is very good.

This solution is used by five security or system administrators in our organization.

We have no plans to expand our usage; it is already widely deployed.

The technical support is mediocre at best.

I would rate them a two out of five.

Neutral

We were previously using Lansweeper, which was not scalable.

I would rate the initial setup a three out of five.

It took several weeks to deploy.

We completed the deployment in-house.

We have seen a return on investment.

There are no additional fees in addition to the standard licensing fees.

I would recommend identifying the right metrics to drive the program.

I would rate Qualys VM an eight out of ten.