Qualys VMDR Reviews

It was responsible for vulnerability scanning. It enforces vulnerability management websites.

The reporting and the GUI need improvements. Tenable dominated in these two areas: reporting and graphical user interface.

Qualys VM was used once for one of our customers.

We were using the latest version.

Qualys VM is very stable.

I didn't have all of the necessary information regarding the scalability or how to scale this solution, but all vulnerability management solutions have the same idea. 

I believe that it is easy to scale.

I did not contact technical support.

I have also used Rapid7, which is very similar to Qualys VM.

Scaling is more difficult with Rapid7. When it comes to scaling, Rapid7 is not my first choice.

I did not implement this solution, I performed one scan for our client.

We have regulations in place in Saudi Arabia and Egypt that require all vulnerability management solutions to be implemented on-premise.

I would recommend this solution to others but Tenable is my preferred option.

I would rate Qualys VM a five out of ten.

It's used for vulnerability assessments, assessment of IT equipment, PCs, servers. It's supposed to help prioritize which security patches need to be deployed on that equipment.

The prioritization feature is great. I think it has all of the advanced features that we need.

It's too early for me to say if there is any room for improvement since we're in the first couple of months of using this solution. So far, we've been pretty happy about it. Nothing comes to mind that is negative.

Given that it's really new, we're really trying to use all of the features and get a good comfort level and gain more experience in it. For this reason, I can't speak negatively of it, yet.

We've been using Qualys for roughly six to seven years, but we've only been using Qualys VMDR for a few months.

Qualys VMDR is very stable.

Qualys VMDR is definitely scalable.

They provide a lot of free virtual training to really understand the technology and the solution. That's a plus for them.

I used to work with QualysGuard VM — an older version. The earlier version didn't have the detection response that we needed, that's why this time it has the detection response. VMDR is the evolution of the solution.

The initial setup was pretty straightforward. Deployment was quick.

We implemented this solution ourselves.

Overall, on a scale from one to ten, I would give this solution a rating of eight. For us, it's just more of gathering more experience. The more we learn, I think we'll appreciate it, and then maybe from that point, we'll be able to say it's a nine, or a ten. It's more on us versus the solution.

The reporting and vulnerability analysis features.

Vulnerability scans are easily managed and maintained using Qualys. What used to be a manual process is now automatic. When we have an issue, I can easily see what production systems are affected and I can easily pinpoint a solution to mitigate the issue.

The reporting is lacking a little, and it would be nice to have reports sent via email. Often times we have to manually generate the reports after a vulnerability is fixed and a scan has to be re-run.

I've used it for three years.

We did not.

Our Qualys box is hardware and it's very easy to set up and maintain. It's very little maintenance, and the most time consuming part is setting up everything initially, such as what subnets you want to scan, what reports you want to run, etc.

We have over 15,000 devices and had no issues with scaling up our Qualys infrastructure.

I have never had to interact with them. I get most of the information on the forums, and even there the responses are lighting fast. As far as actually talking to someone, I personally have never had to speak to Qualys support.

It's great. The users on the forums are very knowledgeable and eager to help. If I need a quick answer I will always get one from the support forum.

We used Nessus before. It was a manual process and very time consuming. I like Nessus, but it was very tedious to get it to function automatically.

There are always complexities to every setup. I think the biggest issue was the learning curve. Having to learn all the new pieces and how they fit into our environment was probably the single biggest hurdle we had to face.

We did it in-house.

We looked at Metasploit Expose but the price was too much for what we needed.

Do your research and see how this product would best fit into your environment.

• Totally vendor-managed appliance
• Highly scalable and deployable portal interface
• Ability to easily distribute administration functions based on access roles

It provides fully automated internal and external vulnerability management.

Streamline PCI integration and attestation.

I have used it for five years.

I have not encountered any scalability issues.

Technical staff are excellent.

We previously used Rapid 7. The product was not staying current with shifting trends, sales staff were pushy and management were arrogant.

Initial setup was simple.

Negotiate for the pricing model that fits your budget. The vendor is willing to customize pricing.

Before choosing this product, we evaluated Rapid 7, Nessus.

Take your time and have each vendor set up an actual proof of concept, rather than just relying on a demo. Get your network and support staff engaged in the process early on because they will be instrumental in deployment and support. Know what you’re trying to accomplish.

We use this product for vulnerability management.

I like Qualys because it is a very complete product, more so than Tenable. It has vast capabilities.

We have been working with Qualys VM for a very short time, perhaps six months.

This is a stable solution.

Scalability-wise, this is a good product.

The technical support is very good and they have it both in Spanish and English.

We are also working with Tenable SC. Qualys is both more complete and for us, better in terms of pricing.

For a beginning, the initial setup is complex. You have to have some knowledge for setting it up and using it.

The price of Qualys for us is better than Tenable, although that is only because we are partners. The retail price of Qualys is higher than that of tenable. The pricing and licensing for Qualys could be improved.

Overall, this is a good product and I recommend it, mainly because of the capabilities and the management using a single console. I can even create a calendar for activities from the main screen.

I would rate this solution a nine out of ten.

• Vulnerability assessment
• Asset management
• WAS

Since this is a SaaS based solution, the vulnerability scan with the external scanners as well as the reporting has improved a lot. The reporting is very granular and you can please higher management with your reports.

None, as the product is great.

I've used it for four years.

Stability of the product is very high, I have never seen it unavailable.

The support needs to improve a lot, their response is absolutely slow. I have had terrible experience with support over the years.

I would rate it great because of its improvement since I have had terrible experiences in the past.

We used McAfee Vulnerability Manager/Foundstone and had to switch because this is a SaaS based solution and has more features/capabilities.

The initial setup is very simple in terms of configuring the appliance.

We installed it ourselves,

I would definitely recommmend using this product, as this is very simple and yet an effective way to do vulnerability assessment.

.

I primarily use Qualys VM for vulnerability management, security configuration, and management and asset inventory.

The most valuable feature is the connection of threat intelligence information with identified vulnerabilities, which means you can prioritize vulnerabilities according to actual attacks.

Some of the older features could be polished instead of focusing on releasing new features.

I've been using Qualys VM for around eighteen years.

We've had no problems with stability.

Qualys VM is quite easy to scale, and you can cover a large number of instances.

The technical support is pretty good, though sometimes the response time could be better.

Positive

The initial setup is quite simple.

Qualys VM is better suited for medium to large companies because the price can be too much for smaller customers. With the SaaS version, you're buying a license for use per asset, so the price can differ, and there are additional fees for features like patch management and EDR policy compliance.

We also tested Tenable and Rapid7.

I would rate Qualys VM as nine out of ten.

Our primary use case is to manage vulnerabilities, scan web applications, and report assets throughout the network. Also, we create reports based on this data. 

• Tracks workstations and servers.
• Monitors workstations and servers for vulnerabilities and creates reports.
• Performs automated, regular scans in the network.
• Detects new hosts along with vulnerabilities.

The Qualys Agent is most valuable for getting insight into what is happening on what device with all its metadata.

• Improve the API speed. 
• Make some minimal dashboard improvements.
• Improve the user interface.