Qualys VMDR Reviews

We use this solution mainly for vulnerability management.

Qualys is a well-known name in the market and we use it for different scenarios. We also like the flexibility in their licensing.

The IoT scan is not great and we would like to see some improvements to it.

We have been using this solution for over three years.

It is a stable solution.

It is a scalable solution. We use the test version.

I rate the technical support an eight out of ten. They have really good support.

I rate the initial setup a nine out of ten. It was very good and easy. 

It has a competitive price. I rate the pricing an eight out of ten.

I rate this solution a ten out of ten. Compared to other solutions, brand awareness and Azure integration are the strong points of Qualys VM. We would like to have some predefined parameters for the setup in regards to security and vulnerability, and how to maximize it. For example, we want scans and management with some predefined parameters that we need to have in the environment prior to deployment and initial setup.

We're using the entire suite except for Patch Management. I use Qualys VM for my production environment on Amazon AWS. I also use it for my endpoints and some BDI solutions that require on-premise solutions, and I use it for both.

I find Qualys VM very robust, and it's very useful for vulnerability management and patch management. The value that it brings to my environment is economies of scale. There is no limitation on adding any endpoints. You go by the rule, and it's added once another endpoint is added to our environment. It's automatically installed, and it's less work from our end. It frees up my license automatically if I don't need an endpoint or if my machine is decommissioned.

I like the dashboard displays because I don't see any duplication. The most important part is vulnerability management and prioritization. Unlike Symantec, it shows the kind of vulnerability I would want to patch first. It provides a holistic view of the kind of vulnerabilities and the ones I should remediate first.

I don't have to do a scan; it just brings up those critical kinds of vulnerabilities like zero-day vulnerabilities and tells me to prioritize them. You have to prioritize these vulnerabilities first and go on with the rest. The dashboard shows me the ones that have been fixed, so I don't have to complete an aging report.

The user experience and the graphical interface are good. As it's user-friendly and understandable on an executive level, it brings real value. We also use this solution because it's robust and flexibile. 

The price could be better. Asset view is still a legacy feature. I'm not able to extract the information about the asset with complete details. It would be better if they fixed that in the next release.

I know Qualys is already working on it, so I'm hopeful it will be available in the next five or six months. That would be something that's changed where I seek improvement.

I have been working with Qualys VM for the past six months.

Qualys VM is a stable solution.

Qualys VM is a scalable solution. We currently have about 4500 users in our organization.

Support could be a little bit faster. I haven't been granted access to their support portal, but I have a technical support engineer who's always available, and there is only one person I can talk to. But the problem is if he's absent, I'm left waiting for access to his portal. 

I used Symantec before but switched to Qualys VM as there's no limitation to adding endpoints. The other reason everyone moved to Qualys VM was its robustness and flexibility. I think that's something that's there, and there was no hassle in deploying the agent. All I had to do was get these machines that were enrolled in our MDM solutions.

As it's a cloud agent, there wasn't any specific setup. It's also managed centrally by Qualys, and when they always release a new update, all we have to do is push it. So, the maintenance requirement is minimum at best.

We deployed this solution by ourselves.

Qualys VM is quite expensive. It's a subscription-based license, and it's yearly. Right now, it's open for me, and I don't have any limitations or caps on the licenses. They are seeing if the product is viable for 4500 users. I can add as much as I want, and at the end of the subscription, they'll let me know how many licenses were actually used and bill me accordingly.

On a scale from one to five, I would give their pricing a three. It's still expensive.

If you're going for an on-premises solution, you should dive into the POC. Because I wasn't procuring an on-premises solution, it was pretty easy for me, and the support was quite helpful. But if you're going to deploy it on-premises, you should go through a proper procedure of going through the POC and getting to know the product. I would rate it at the top because it's better than Nexpose, it's better than Tenable, and it's better than Symantec.

On a scale from one to ten, I would give Qualys VM an eight. 

It is a SaaS solution with agents distributed at endpoints.

Qualys VM has improved the way the organization functions.

The Vulnerability Management and Patch Management features are the most valuable features of this solution.

The most valuable qualities of Qualys VM are its ease of deployment and metrics.

Endpoint stability and fault resolution could be improved.

I would like to see the solution's footprint expanded to include iOS and iPads in the next release.

One example of how it could be better would be better handling of end-of-life systems and better feedback on job failures.

We have been working with Qualys VM for just over two years.

It is a cloud platform. I'm not sure if a version is associated with that. 

The stability of Qualys VM is quite good, but not fantastic. I would rate it an eight out of ten.

The scalability of Qualys VM is very good.

This solution is used by five security or system administrators in our organization.

We have no plans to expand our usage; it is already widely deployed.

The technical support is mediocre at best.

I would rate them a two out of five.

Neutral

We were previously using Lansweeper, which was not scalable.

I would rate the initial setup a three out of five.

It took several weeks to deploy.

We completed the deployment in-house.

We have seen a return on investment.

There are no additional fees in addition to the standard licensing fees.

I would recommend identifying the right metrics to drive the program.

I would rate Qualys VM an eight out of ten.

We use bother on-premise and cloud deployments of Qualys VM. For my clients in the cloud, we use a cloud solution, which is a bring your own license model. Additionally, We have our own deployment of Qualys VM.

We are using Qualys VM to provide a VM service.

The most valuable features of Qualys VM are its ability to do proper vulnerability assessment. It has a lot of updates for all the vulnerability databases from all over the globe.  It's an amazing solution when it comes to the versatility of the features it has. Additionally, the reports are very good. It generates very detailed reports about the vulnerabilities inside the environment

I have been using Qualys VM for approximately five years.

Qualys VM is a highly stable solution.

Qualys VM could improve by having more skilled support personnel.

The initial setup of Qualys VM is straightforward. The full implementation took us approximately one day.

We have approximately 100 people who are part of our technical team. We did the implementation of this solution.

There is a license for the use of this solution. We pay annually instead of monthly to receive a better discount on the price.

I would recommend this solution to others.

I rate Qualys VM a nine out of ten.

The integrations for this solution are very good. I use a different product for virtual patching of vulnerabilities and Qualys integrates well with that product.

Qualys does have an on-prem solution, but it is very expensive. 

I have used this solution for six months. 

I would rate this solution a nine out of ten. 

It was responsible for vulnerability scanning. It enforces vulnerability management websites.

The reporting and the GUI need improvements. Tenable dominated in these two areas: reporting and graphical user interface.

Qualys VM was used once for one of our customers.

We were using the latest version.

Qualys VM is very stable.

I didn't have all of the necessary information regarding the scalability or how to scale this solution, but all vulnerability management solutions have the same idea. 

I believe that it is easy to scale.

I did not contact technical support.

I have also used Rapid7, which is very similar to Qualys VM.

Scaling is more difficult with Rapid7. When it comes to scaling, Rapid7 is not my first choice.

I did not implement this solution, I performed one scan for our client.

We have regulations in place in Saudi Arabia and Egypt that require all vulnerability management solutions to be implemented on-premise.

I would recommend this solution to others but Tenable is my preferred option.

I would rate Qualys VM a five out of ten.

We primarily use the solution for full enterprise visibility from both an asset detection perspective and vulnerability detection perspective. Basically, we are tracking all the devices over agents, including PCs and servers, et cetera. 

We are able to understand what our current situation is on the devices. At the second stage, we are able to catch the devices which do not have agents or which are not in the inventory, with on-premise scanners. 

We are running security configuration hardening assessments or compliance with CIA security benchmarks. 

In addition to that, we are also utilizing the cloud assessment solution of the Qualys, to ensure compliance with CIA security standards. For example, the Amazon cloud platform is configured compliantly with the CIA security benchmark. These are the four pillars utilized.

The prioritization mechanism is the most valuable aspect of the solution.

The initial setup is straightforward. 

Technical support is great.

The stability and reliability are good.

The user experience, the UI, needs to be improved. The technology is there and it is obvious it is able to do many things, however, from a user experience perspective, the UI design is a bit complicated. If the platform could have a bit more of a user-friendly environment, it could be easier for the admins and analysts to use it.

The solution is a bit expensive if you do not have access to discounts. 

From a general perspective, SLA tracking capabilities could be improved with a building method. There was a tracking method to be able to see if this vulnerability for a while or maybe it was patched. However, an internal SLA mechanism could help with batch prioritization and issue detection. 

I'd rate the solution at a nine out of ten.

I've been using the solution for six months. I've used it for less than a year now. 

The solution is stable. The passive scanning capabilities are advanced. I'm able to see all the missing paths and many vulnerabilities or many configuration mistakes at the same time. Due to its passive scanning, we don't see any stress or research consumption from agents.

Network scans are a bit more intense and they of course require research and can create some noise, however, for the most part, it is okay. There is no reliability issue from our perspective.

I haven't really tried to scale the solution and therefore cannot really speak to it. We do have some activities happening on there, however, I'm not ready to provide feedback for the results. It's my understanding, however, that the API extensibility is great. I've just not seen anything yet that I can really comment on.

Technical support is pretty good. It is very easy to get support from the global team, at least for us. We don't depend on local partners, which is great due to the fact that, whenever you are acting in 10 or 11 countries, local partners can be an issue. The language barriers, et cetera, can be an issue. That's why it is great to have responsible global support.

The initial setup was very straightforward. We just deployed the agents and everything went very smoothly. There were no big issues.

We pay a yearly fee for a license. 

They have very good discounts. That's why the price is okay for us. Generally, if we talk about the price without discounts, I do see a big peak in vulnerability management solutions licenses. It is not only Qualys. All the vendors peaked at some point. 

We do see over $100,000 in terms of price, for mid-size programs. You likely will pay more than $100,000 without any discount. It is a bit pricey. There's room to improve, however, I believe they're managing things with discount offerings. I'm saying this not only for Qualys. All the vulnerability management solutions do the same thing price-wise.

We did evaluate other solutions. We looked at most other vulnerability management solutions.

We are just a customer and end-user.

We are using the latest version of the solution. I cannot speak to the exact version we are using, however. 

We are using both the on-premises and cloud deployment models. We have on-premise sensors and we have a scan-over cloud service from Qualys. Qualys cloud has a scanning capability for pairing sensors, for scanning an external perimeter. Therefore, we are utilizing that and agents as well.

I'd recommend the solution.

If anybody looks forward to first perimeter security, if any conceptual work is done around perimeter security, they have to solve that agent issue first for their program. Companies need to select a solution that can work wherever the PC is. 

We use Qualys Asset Inventory for doing infrastructure level scans or server inventory, or saving the server database or asset database.

Good Posture of Servers database. Gives easy access of all hardware details. 

I think it's a good tracking mechanism, and it gives a good infrastructure level scan, which helps us to maintain the assets and the asset inventory or gives us a good understanding of both. 

It gives a very good overview of the inventory assessment process.

IT Manages assets in your account that you want to scan for security and
compliance, define asset tags and AWS connectors.

Modules supported
VM, PC, SCA, CERTVIEW, CLOUDVIEW

It can be accessed across our company because it's a global tool.

One thing that can be improved is the flexibility and the fact that Qualys Asset Inventory provides too much detail, which makes it not very easy to understand. It's not very user-friendly at times and requires in-depth understanding. So, a layman or someone new to Qualys won't be able to easily understand it. You need education to use the solution.

As for additional features, the first thing would be providing call support whenever we require any kind of help with issues that have been identified. The second would be a simple reporting structure.

I've been using Qualys Asset Inventory within the last 12 months.

Stability-wise, Qualys Asset Inventory is always stable, and for this particular asset inventory, it is a good tool. We have not had any kind of issues, and as of now, it's a stable environment.

We currently have 50 plus users and have no plans to increase usage at present. 

Most of the time technical support has been through emails; calling is a back feature. It's not as easy compared to that of Veracode.

The initial setup was quite complex and took two to three months, including customization and testing.

The license is on a yearly basis.

If you are familiar with or have hands on experience with Qualys Asset Inventory, this is a better tool. It will give you in-depth details of all the assets, and the managing inventory will be better. It will also give you advanced features compared to those of other inventory tools.

I would rate Qualys Asset Inventory at eight on a scale from one to ten.