Qualys VMDR Reviews

The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product.

Qualys does have an on-prem solution, but it is very expensive. 

I have used this solution for six months. 

I would rate this solution a nine out of ten. 

The interface is pretty good, as all the instructions are clear enough. The way you can create groups or scheduling scans and reports is a very good feature, and the CSV reports have very good information.

In this case, my last employer was a Qualys partner and the consultancy was extra. But, the reports and the way the information is, helped a lot. Also, with this information concise presentations were sent to the CIO every month.

I think the only area to improve it is the way the scores are calculated. That was the only problem I had and because of that, all scores had to be rectified manually.

I was using both Multimedios Redes (Enterprise version) and Lamosa for three years. I also used PC, PCI, and WAS.

No issues were encountered.

Maybe one or two times, but they were caused by scheduled windows, but these problems were fixed very quickly.

No issues were encountered.

Very good! I think I would give them 10/10 because in Latin America the service was excellent.

Again, I would give them 10/10, as the documentation is so good and all is clear, but if you have a doubt, technical support was always concise and had a quick answer. Also the community helps a lot.

I did not personally, but the technical contacts that worked for my customers tried another solutions, and they chose Qualys for the easy way it manages the processes.

The initial setup was very easy, with no complications found when the instructions were followed. Also, this activity was done with a physical and virtual appliance, and both ways were very easy to follow.

I was the vendor team, but I can give you the answer from the actual companies I worked for. The administrators, before Qualys, did not care so much about security, patching, etc.; but, after Qualys they changed their minds. Security took a very important role and of course they reduced, a lot, the chances of being hacked or attacked. It also helped, at this point, to be verified by auditors.

It's worth it, really, when you see the complete picture and see all the factors. It is a very good investment. Qualys is a very good tool and very easy to use and it is also better to have an annual subscription rather than paying for a scan.

My customers evaluated Foundstone and Rapid7, and possibly others.

The primary use for the solution is vulnerability management.

The way we can maintain a current actual registry of all the IP assets within it is very good. The scanning of software assets on the endpoint machine is also useful. I've tried the scanning of similar asset vulnerabilities throughout different servers, including Unix and Windows. Qualys maintains a good intervention database. We have a service line that updates to the newest software, or whenever you set it up. The second service line has denominated my nodes across the globe. It's easy to deploy the solution.

The server application scanning has room for improvement.

It's quite complex on the way it is set up, so it takes a fair bit of time in order to get your head around it in order to deploy it. Once you've deployed it, then you're never confident on the versions of the browsers and the SSL certificates, etc. You have to always go back into Qualys and check.

They do talk about an agent-based scanning for non-IP machines. It sort of sits between server scanning and endpoint scanning. That's not very clear. If they can improve that and deploy, then it'll be such a nice package.

The solution should help its vendors more with renewals. For example, we had deployed the solution as a reseller to a client and then somebody else came along and we didn't end up getting the renewal licenses for the servers. I wasn't very happy about that. We put all the hard work to get it in, but the following years we didn't get the benefit of our low pricing in the first year. 

They should integrate with the dashboard and provide a plugins link for data that's coming into API on the dashboard. When the users buy the license, they can turn it items on. So, that way you know you've got the full solution. What you don't pay for is not switched on, and what you pay for can get switched on immediately.

The solution is very stable. 

The solution is highly scalable.

Technical support is fantastic.

I would advise others to always have a proof of concept version of the solution put into play. Then spend a good two months on it. Stabilize the solution and check out the features and then deploy it into production. Otherwise, you will spend money during the real project for what could have been done as a POC. Deploy the core solution, get the scanning done and all the critical components put it in a proof of concept and then move it into production.

I would rate the solution eight out of ten.

We are currently using Qualys for vulnerability detection, as part of our security solution. We're moving towards Defender ATP because I am looking more at the Operational Technology (OT) side of things than I am at the Information Technology (IT) side.

What I like best about this product is that it does what it is supposed to do, which is vulnerability scanning.

We are moving away from Qualys to Defender ATP because I find that Defender ATP is much better at prioritizing the vulnerabilities that I should be looking at.

In general, I would like to see some better analytics and prioritization of vulnerabilities.

We have been working with Qualys VM for three years.

Qualys VM is a stable solution.

This is a stable product.

Technical support is great and we've never really had a problem. They're always there if we need them.

We did not work with another similar solution prior to Qualys.

The initial setup is straightforward.

Our setup involved some on-premises deployments but ultimately, it uses the cloud.

They have recently changed the pricing model, which is now better than it was before.

Right now, we don't have anything in our OT environment, and this is what I am particularly interested in. I am currently having discussions about new solutions with Qualys, Tenable, and Forescout.

I would rate this solution a seven out of ten.

We are a solution provider and this is one of the products that we implement for our clients. We do a lot of work with containers. With respect to containerization, security is important for us and we regularly check the market to see what solutions are available in these areas.

This solution is primarily used for container security and compliance. Moving into any environment, in particular, one that is cloud-based, our clients want to make sure that things are okay from a compliance perspective. We generate reports and they can see whether there are any violations. If they see violations or security breaches during the audit then they have to be addressed.

The most valuable feature is that this solution is very lightweight.

I would like to see this solution simplified to work more easily in a multi-cloud environment. One of our customers has more than 3,000 servers across multiple regions, and they were asking about security and vulnerability checking in an automated fashion. This could be done with a cloud-based service that monitors all of the deployments, pulls the data from the containers, and checks for compliance.

We have been dealing with Qualys for at least three years, which is when our container journey began. At that point, our proposals did not deal with security for containers because our customers did not ask for it, but now it is something that we recommend.

The technical support for this solution is good. We are required to solve any kind of security issue whin two hours, so these are critical tickets. The entire instance usually has to come down until the fix is delivered.

We often demonstrate these types of tools to the enterprise architecture team, who will ultimately decide which solutions they are going to implement based on their environment and requirements.

We are completely agnostic with respect to which tools our customers decide to implement. As an engineering team, we implement what the customer wants. In the case of Qualys and other solutions, we download the information and pass it along to our customers. We also facilitate or set up communication between vendors and customers to best help our clients.

We do try to learn about who the providers are and what differentiates their solutions from others. Sometimes our customers do not know very much about the products, so we try to provide as much insight as possible to facilitate their decision making. 

A lot of our customers have a workload that is scattered across a multi-cloud environment. This means that some of the RFPs we answer are based on very large landscapes with distributed workloads.

I would rate this solution a seven out of ten.

Our primary uses for this solution are security vulnerability detection and policy compliance.

It's been the chosen solution year after year for vulnerability management and our vulnerability management program is centered around this tool.

The most valuable features are vulnerability detection and the scanning capability to enable identification of vulnerabilities across our network.

I would like to see this solution more developed and competitive in the Cloud space.

We have been using Qualys VM for fifteen years.

Qualys Container Security scans similar to a runtime container and it scans the entire cluster.

The most valuable feature of Qualys Container Security is the detailed information in the reports and the remediation. This is done to make sure there are no vulnerabilities.

Qualys Container Security can improve the interface. It could be easier to navigate and be enriched.

In a future release, it would be beneficial if the network and port policies we provided with some kind of automation AML script files. Having configuration files related to Kubernetes environments would be helpful.

I have been using one year.

Qualys Container Security is stable.

The scalability of Qualys Container Security is good.

I have used the support from Qualys Container Security and they could improve their knowledge.

I rate the support from Qualys Container Security a two out of five.

Neutral

I have not used another similar solution prior to Qualys Container Security.

The initial setup of Qualys Container Security is complex. The documentation could improve.

I rate the initial setup of Qualys Container Security a three out of five.

I rate Qualys Container Security a six out of ten.

Datacenters which are in different locations.

• Asset discovery
• Asset sanitization
• Scan scheduling
• Patch supersedence.

Patch supersedence.

Representation of the total number of vulnerabilities (with name) vs. the number of patches (with name).