I think the CTEM part of Qualys Enterprise TruRisk Platform can get better, not that anyone else is doing, but continuous threat and exposure management. We are now going beyond the risk, especially in areas where AI is involved. For example, we have all these AI models, and then there are new products coming in, for example, AI runtime security and others. I think it is high time that we start feeding those things from those platforms into something like TruRisk. That gives us again, it is very difficult I understand, to attach a particular value or a score to that particular risk because with AI, we have all these new things for which there is no signature or there is no vulnerability known, and that thing is very dynamic, but it has to be done. So that is one of those things. Integration with AI runtime security tools, I guess that is crucial. Feeding Qualys may develop or have its own database of vulnerabilities which are AI specific or not, I do not know, but it should have the capability to get the feeds from all the other sources. So I think that is crucial. That one about AI runtime security, I think it is high time that everyone starts thinking about that and bringing integrating all the risks that come along with AI runtime. For example, we use ChatGPT, and then there are all the tech teams which have API integrations with OpenAI, Claude, Anthropic and others. Then there are all these prompts or prompt injection attacks or model poisoning and others. If there is something and then we do use a Palo Alto, for example, for AI runtime security. Now, if something happens, someone is trying to poison the model, or if the runtime system itself has some vulnerabilities, it is crucial that every single risk prioritization tool also has the ability to integrate with that tool and then ingest and then figure out what is the risk level of that particular event or that particular system. Everyone needs to inherit that. It is not a Qualys thing. Of course, it is very difficult to do it without the risk of bringing in a lot of false positives. But that must be done.
I have not been working with real-time threat intelligence updates. Back then, AI integration was not there with the product, but I am uncertain about how the tool has upgraded itself now. If it is still not there, then AI integration could be a helpful addition. Compared to Microsoft, there were already advanced tools, so I had seen some drawbacks compared to licensing or technical side. I am uncertain about the product now, but if AI is not there, then it is good to have AI because when I was using Qualys Enterprise TruRisk Platform, AI was not that much developed. So far, only AI integration is the only area for improvement with Qualys Enterprise TruRisk Platform.
Mediation Specialist III at a tech vendor with 201-500 employees
Real User
Top 20
Sep 26, 2025
One thing which I really want Qualys Enterprise TruRisk Platform to improve is the UI. While it might not be the case for everyone and it's subjective, in my team, most people agree on that part. The UI should be more user-friendly. If you have uploaded a file containing many IP addresses, you don't have a straightforward option to check what the IP addresses were. If we want to search an IP address from the list, we need to check it one by one. Also, when we download something, the feature should be upfront. When we get the result of the scan, it should be 'download this file'. In many scanners, when you go to the download option, you get the options for particular formats immediately. However, in this case, when you click on download, it loads another page before giving you the output options for PDF or CSV. This feature should be upfront.
IT Consultant at a tech vendor with 10,001+ employees
Real User
Top 5
May 2, 2025
The report sometimes inaccurately identifies the corresponding operating system version. It would be beneficial if the solution could correctly identify the exact OS version, potentially requiring code adjustments. Additionally, the possibility of Qualys Enterprise TruRisk Platform ( /products/qualys-enterprise-trurisk-platform-reviews ) handling remediation tasks and re-scanning the environment would be advantageous.
Support could be improved. Contacting support is a lengthy process for raising a case. Recently, while attempting to set up a customized CI checklist, I faced difficulties updating parameters and obtaining results. Each Control ID in the checklist required a separate case, which presented a significant challenge given the number of checks involved. If issues arise with these checks, we must raise cases. Despite providing documentation and evidence, we receive standard instructions to follow rules we've already adhered to, making the process repetitive.
Learn what your peers think about Qualys Enterprise TruRisk Platform. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
Qualys Enterprise TruRisk Platform provides robust risk management, supporting both agent-based and agentless deployments, scanning environments, categorizing risks, and prioritizing threats with machine learning capabilities. Qualys Enterprise TruRisk Platform enhances vulnerability management across diverse systems, including Windows Server, databases, and network devices. It assigns CVE and CVSS scores, delivers detailed reports, and guides threat prioritization. Machine learning enables...
I think the CTEM part of Qualys Enterprise TruRisk Platform can get better, not that anyone else is doing, but continuous threat and exposure management. We are now going beyond the risk, especially in areas where AI is involved. For example, we have all these AI models, and then there are new products coming in, for example, AI runtime security and others. I think it is high time that we start feeding those things from those platforms into something like TruRisk. That gives us again, it is very difficult I understand, to attach a particular value or a score to that particular risk because with AI, we have all these new things for which there is no signature or there is no vulnerability known, and that thing is very dynamic, but it has to be done. So that is one of those things. Integration with AI runtime security tools, I guess that is crucial. Feeding Qualys may develop or have its own database of vulnerabilities which are AI specific or not, I do not know, but it should have the capability to get the feeds from all the other sources. So I think that is crucial. That one about AI runtime security, I think it is high time that everyone starts thinking about that and bringing integrating all the risks that come along with AI runtime. For example, we use ChatGPT, and then there are all the tech teams which have API integrations with OpenAI, Claude, Anthropic and others. Then there are all these prompts or prompt injection attacks or model poisoning and others. If there is something and then we do use a Palo Alto, for example, for AI runtime security. Now, if something happens, someone is trying to poison the model, or if the runtime system itself has some vulnerabilities, it is crucial that every single risk prioritization tool also has the ability to integrate with that tool and then ingest and then figure out what is the risk level of that particular event or that particular system. Everyone needs to inherit that. It is not a Qualys thing. Of course, it is very difficult to do it without the risk of bringing in a lot of false positives. But that must be done.
I have not been working with real-time threat intelligence updates. Back then, AI integration was not there with the product, but I am uncertain about how the tool has upgraded itself now. If it is still not there, then AI integration could be a helpful addition. Compared to Microsoft, there were already advanced tools, so I had seen some drawbacks compared to licensing or technical side. I am uncertain about the product now, but if AI is not there, then it is good to have AI because when I was using Qualys Enterprise TruRisk Platform, AI was not that much developed. So far, only AI integration is the only area for improvement with Qualys Enterprise TruRisk Platform.
One thing which I really want Qualys Enterprise TruRisk Platform to improve is the UI. While it might not be the case for everyone and it's subjective, in my team, most people agree on that part. The UI should be more user-friendly. If you have uploaded a file containing many IP addresses, you don't have a straightforward option to check what the IP addresses were. If we want to search an IP address from the list, we need to check it one by one. Also, when we download something, the feature should be upfront. When we get the result of the scan, it should be 'download this file'. In many scanners, when you go to the download option, you get the options for particular formats immediately. However, in this case, when you click on download, it loads another page before giving you the output options for PDF or CSV. This feature should be upfront.
The report sometimes inaccurately identifies the corresponding operating system version. It would be beneficial if the solution could correctly identify the exact OS version, potentially requiring code adjustments. Additionally, the possibility of Qualys Enterprise TruRisk Platform ( /products/qualys-enterprise-trurisk-platform-reviews ) handling remediation tasks and re-scanning the environment would be advantageous.
Support could be improved. Contacting support is a lengthy process for raising a case. Recently, while attempting to set up a customized CI checklist, I faced difficulties updating parameters and obtaining results. Each Control ID in the checklist required a separate case, which presented a significant challenge given the number of checks involved. If issues arise with these checks, we must raise cases. Despite providing documentation and evidence, we receive standard instructions to follow rules we've already adhered to, making the process repetitive.