Qualys VMDR Reviews

The vulnerability scanning feature is valuable.

QualysGuard has provided us with a valuable insight into vulnerabilities across our environment. Before the use of this product, we had no way of identifying or tracking vulnerabilities.

The reporting capabilities are good but I would like to be able to make more customized reports. In addition, I would like to be able to assign a numerical asset value to critical hosts.

I've used it for six years.

No issues encountered, it went very smoothly.

No issues encountered.

No, as it's very easy to add additional hosts.

8/10.

8/10.

We didn't use a previous solution.

It was straightforward.

It was implemented in-house.

We also looked at Nessus.

Make sure you take advantage of authenticated scans and it is also very helpful if you have a complete server inventory.

The feature where the solutions to issues are mentioned in the reports.

It's easy to reach the current location and download/install the correct patch.

The feature where the solutions to issues are mentioned in the reports could be improved.

I've been using it for over three years.

No issues encountered.

No issues encountered.

No issues encountered.

7/10.

5/10,

No previous solution was used.

It was implemented by the vendor.

The top one for me is that the vulnerabilities are kept up to date.

It has reduced the cost of ownership for the engineers who can launch scans on the customers’ networks.

I’m convinced it could be possible to do a simpler interface.

I used it for about four years.

No issues encountered.

There is an issue with the web browser, but it's not an issue with the product itself.

No issues encountered.

9/10.

8/10.

I switched due to the cost.

It was simple because it's only used for external scans.

You have to find the best solution regarding functions and cost.

• Tripwire
• Nessus
• Accunetix
• OIpenvas

• Take your time
• Study all the functionalities of the product
• Try to set it up in a lab first before your production environment.

WAF integration is valuable.

We can now perform vulnerability scans with WAF integration. The WAF has improved the vulnerability identification and reports to the SOC and CSO.

The IT infrastructure, especially server administration, needs to be improved.

I've used it for two years.

There was only one related, and that need work on our technology. As the solution is cloud based, we needed to adapt our internal policies.

There were no issues.

This been done without a problem.

It's good.

It's good.

There was no previous solution, but I did execute several POCs.

It was a regular setup for the configuration, but the official training was necessary.

We also looked at Nessus and GFI Languard.

It mainly scans the model against all of our online websites.

There are fewer false positives when using this solution. We are also cutting the need for news monitoring with this solution.

We find all of the features useful. 

One note for room for improvement is that all of the data is stored on the cloud. I think it would be better if they came up with a big box that could store the data and collect data from, it would be a huge improvement.

It is an extremely impressive and stable product. I would give it a 99% out of 100%. It is very close to being perfect.

I have had no issues with scalability. Initially, we had some issues with the dashboard, but eventually, it set and stabilized. There was an issue with the data dashing between the two models initially, but it was resolved.

The tech support is helpful. When we initially open a ticket, we get response within five minutes. Then, they open a case and we receive input from tech support within 24-48 hours with a Q-ID.

The first thing we like is the scanner, the device which checks vulnerability management.

They also have threat detection which maps threats. There is a feed that comes from Qualys when a new vulnerability is found. It tells us which machines are infected with that vulnerability. If there is a new attack, we definitely know that it is happening, what is happening in our environment.

What we have found is that the solution is not closely tied with the patch management. It is okay with newer ones, like Windows 10 machines; it gives the correct patch. But for Windows 7 or Windows Server 2008, it does not give us the correct patch so we have to manually identify the patches. This is a major problem.

It's stable. Every month we scan more than 5,000 IP addresses and we are able to detect vulnerabilities.

Our experience is that the problems we send them take too much time to resolve. For example, we opened a case for the problem I mentioned earlier, the vulnerabilities with Windows 7 and Server 2008 where it's trying the wrong patch. It took them a long time to even give us the correct explanation. So this is a problem.

The initial setup was very easy. We just needed to download the virtual machine. There is a key and we just needed to provide a proxy setting. That's it.

We did all the configuration as a one-time job where we defined our subnet and mapped. We needed to schedule the scan and the map and we needed to schedule a group of, say, Windows. It was just a one-time job where needed to configure the query and run it. It created a report and sent it to the administrators. After that one-time job, everything happens automatically.

We did it on our own.

I would recommend Qualys because it's very easy to use. It does not require many specific skills. We are always on the latest version because Qualys provides automatic updates.

We have a virtual appliance in each site and that sends the logs to the cloud. We have the consoles on the cloud which enable us to query and scan. All this happens through the cloud.

We only have one administrator for the solution who monitors and checks if there is anything to be aware of. It sends the reports to all the different administrators, such as network, Linux, and Windows administrators and they take it from there.

We also have Qualys configuration management module. If there are any particular issues in any servers or in any network, it gives us a report to suggest and rectify the issues. It tells us what changes are needed to on that device.

We are a system integrator. We implement Qualys for our customers for vulnerability management and policy compliance. We are not using Qualys as a product in our company. We have public, private, and hybrid cloud as well as on-premises deployments.

There are many features. Its reliability, ease of installation, ease of use, and the richness of the information provided are the most valuable features.

Its integration with ServiceNow and other similar products is complicated and can be improved. It should also have virtual batching.

They should support more standards and compliance requirements and more customizations. For policy compliance, they can add the standards required by the countries in the Middle East. Each country generates its own standards and frameworks, and those frameworks should be there in all products, not only in Qualys. The market here is huge, especially in the cybersecurity field. Qatar has a framework for Qatar 2022, and each and every company in the public or private sector has to follow the Qatar 2022 framework. 

I have been using this solution for three years.

Qualys is a reliable, strong, and solid product. 

It is scalable. The main advantage of Qualys is that it is a cloud-based solution because of which you can scale it up or down according to your needs. It is very quick and flexible.

Because we are in the Middle East, we deal with the office in Dubai. You cannot imagine how supportive they are. They are amazing in their response.

The initial setup was easy. It has great hardware. Its deployment was easier than Rapid7, which is a bit complicated. Tenable is less complicated, but Qualys is faster and easier to deploy than Tenable. 

I deployed Qualys in two hours. It is easy to install, manage, and go through. There are multiple tabs, and everything is understandable.

Qualys is cheaper and more affordable than other solutions.

I would recommend Qualys because it is a reliable, affordable, and very safe product. It can have everything that you are looking for.

I would rate Qualys VM an eight out of ten.

It gets up to date very fast.

Users do not feel any QualysGuard presence.

Solution for fixing problems need to be better documented, such as in a step by step way.

I've used it for three years.

No issues encountered.

No issues encountered.

No issues encountered.

8/10.

7/10.

No previous solution was used.

I strongly recommend that you use this solution.