QualysGuard Policy Compliance OverviewUNIXBusinessApplication

What is QualysGuard Policy Compliance?
Qualys Policy Compliance (PC) automates the collection of technical controls from information assets within the enterprise, and maps this information to policies to fix and document compliance with regulations and business mandates. It provides compliance reporting by leveraging a comprehensive knowledge-base that is mapped to prevalent security regulations, industry standards and compliance frameworks.
QualysGuard Policy Compliance Customers
PDX, Cigna
QualysGuard Policy Compliance Video

QualysGuard Policy Compliance Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Vladimir Jirasek - PeerSpot reviewer
CEO at Foresight Cyber Ltd
Top 5Leaderboard
Easy to use, fast, and reliable
Pros and Cons
  • "It's a simple product."
  • "The reporting needs improvement."

What is our primary use case?

Policy Compliance pretty much has just one use case, and that is to compare or assess the security hardening of a typical operating system or platform or, in some cases, an application against predefined or customized security best practices. For example, if we are running Windows PCs and servers, an organization could say we are going to follow Microsoft's best practices for security configuration, including how to harden Windows computers. We would basically load the Qualys policy compliance module with those best practices and agree on the list with the customer. Then Qualys simply does the rest. It basically verifies for each individual check if it is actually in place or not. 

What is most valuable?

It's a simple product. It's basically binary decisions based on the policy. You first define the policy, and then the tool compares the policy against the actual state of, for example, a Windows computer.

The policy compliance really is the most valuable aspect of the solution. You can actually create your own configuration controls. Even if it's not part of the preexisting library of controls we can handle it. For example, we had a client that had their own specific hardening requirements what kind of, let's say, registry entries or permissions on the file system or specific files being or not being on the file system. We were able to create these policies. 

It's really customizable. It can be customized pretty much to meet any need and any policy that customers can throw at us.

What needs improvement?

The reporting needs improvement. 

While the tool is really good at doing the assessment, it's not as good at reporting various compliance states. Maybe management reporting could be improved as well. They really need to improve the versioning of the policies. You can create basically your own policy based on the industry practice. However, if that industry practice changes, for example, maybe there's a new version from Microsoft, you basically need to start from scratch. That kind of migration from the old best practice to the new best practice and retaining all those customizations that have been done for the old one that has not been actually done. That's something to improve. However, we typically do it as we work with it. We do it programmatically. We do it through the API.

For how long have I used the solution?

I've been using the solution for 22 years. 

What do I think about the stability of the solution?

The solution is completely stable. 

What do I think about the scalability of the solution?

The solution scales. However, there is a little bit of difference regarding the speed of various cloud platforms from Qualys. Basically, they are running on completely independent platforms around the world. They sometimes lack performance. So accessing the web UI, sometimes you might see the leg and wait for the page to load. The improvement of web interface could improve in certain situations.

We have 13 engineers using the solution. They're all trained in Qualys.

How are customer service and support?

We do not use technical support that much as we are pretty good experts. That said, when we do have questions, they are pretty good.

How would you rate customer service and support?


How was the initial setup?

The initial setup is straightforward and really easy. You install an agent basically. Maybe it is slightly more complicated. However, that's not Qualys' fault. It's more how the organizations work. If we need to scan over the network, we need to obviously put something in the network like a scanner. That involves discussions with the client more in-depth than if we just tell them, "please take this agent and install it on all your Windows analytics service." Typically organizations just agree to that. 

It's done within maybe a couple of days, max. It really depends on the client. The distribution of the solution, so it's ready for assessment. Then there's the importing of the policies. If we are talking about these kinds of best practices from the library, it's straightforward. It's a click, then a little bit of customization. It can be done within hours even. We now have one client who installed the first ten agents within like three hours, and we are already getting the results. 

What was our ROI?

For customers, certainly, they've seen a return on investment compared to other solutions. It basically gives the results almost immediately after the agents or scanning has started. In terms of visibility of the data, it's easy to use and reliable. I've only seen positives from clients. Of course, the return on investment on security products is almost impossible to calculate. You cannot put the value into hard terms, really. Just putting ROI on one tool is almost impossible.

What's my experience with pricing, setup cost, and licensing?

The cost varies. It really depends as the pricing is on a sliding scale. I'm not at liberty to say what the pricing is as it's confidential. I'm under an NDA from Qualys.

What other advice do I have?

There's no versioning in Qualys, there's simply the latest version. It's a cloud solution.

We are a reseller for Qualys. We also manage it and do the consulting around it. So we definitely plan to increase it. We also use it internally.

While it may seem relatively easy and certainly quick to implement, there is a certain nuance. I would always advise new users to engage with experts.

I'd rate the solution ten out of ten. 

It's the best I've seen. It is easy, fast, and reliable. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
PeerSpot user