Qualys Patch Management Reviews

Our use case for Qualys Patch Management is patching and updating. We use it for adding and removing local admin to the machines, along with various other tasks.

Qualys Patch Management helps the IT and security teams work together by enabling the IT team to handle Patch Tuesday and Microsoft patches. With Patch Management, I can monitor when patches have not been applied and help ensure 100% coverage on Patch Tuesday for the desktop team. 

Qualys Patch Management has helped reduce our organization's risk by 20%, and we have seen an improvement in our patch rates.

The best feature of Qualys Patch Management is the ability to schedule jobs. I have browser updates that run automatically every day to update the three browsers, and I don't have to worry about it.

For those patches that I have to download for Patch Management, I would prefer if I could upload them to a repository instead of having to download them every time.

I have been using the solution for about eight months.

I haven't experienced any bugs, glitches, or downtime, so I would rate Qualys Patch Management a ten out of ten for stability.

For scalability, I would rate it a ten out of ten. We have approximately 8 to 10 users using this solution.

I would rate the vendor support a ten out of ten.

Positive

We had another patch management solution, but we were using Qualys for VMDR and moved everything into Qualys Patch Management for the simplicity of the user interface and because we had an existing relationship with Qualys. That way we can not only manage our vulnerabilities, but if the vulnerability requires a patch, it's very easy to fix it in Qualys. We were using BigFix for patch management.

The deployment was easy.

The agents self-update, and by using Qualys Cloud, that's all handled by the vendor, so the maintenance aspect requires little to no interaction from our end.

It has improved our patch rate by 40%.

Regarding the single source of truth, it really at this juncture has not reduced costs as of yet.

I would recommend this product to other users because it's very user-friendly. I can't speak to the pricing aspect, but from a user standpoint, it's a very good product.

I would rate it a nine out of ten.

Our primary use case for Qualys Patch Management is vulnerability remediation and running scripts. It helps us detect vulnerabilities in our environment and identify specific patches that are required. If we want to mitigate any vulnerabilities, we can run scripts. It is utilized on a very large scale in our organization.

Before Qualys Patch Management, the challenge that we faced was that we were able to detect the vulnerabilities using Qualys VMDR, but mitigation was not easy. Qualys Patch Management helped us to identify which specific patch is required and which patch is missing from our environment. Most of the time, we considered the most suited patches to make sure that all the vulnerabilities get remediated but that was not always the case. We also wanted to see the old patches that were missing. Qualys Patch Management helped us there.

Qualys Patch Management helped us to automate processes. We did not have to do anything manually. All we had to do was write a particular query command, and based on that, we could time or schedule our patches. If a patch is not properly installed or is crashing on the system, there is the ability to roll back that particular patch. We can see what caused the problem and fix the issue.

We have an improved vulnerability detection rate, and the remediation timelines have been reduced significantly. Earlier, if 100 vulnerabilities were detected, only 50 might be closed after several months. Now, with Qualys Patch Management, the number of vulnerabilities can drop from 100 to 20 in less than a month.

We have information about the severity of the vulnerability. QDS also gives us a score of the vulnerability severity. Accordingly, we also have the categorization of our assets. Qualys VMDR creates the scoring of the assets for us. It tells us what is the asset criticality and the risk score of the asset. Based on that entire calculation, it helps determine which asset to prioritize and fix. It helps us identify what needs to be prioritized.

We use Qualys VMDR with Qualys Patch Management. It is a combined package. Qualys VMDR helps with detection. The data about the vulnerabilities detected by the agents and the scanners is being fed into the Patch Management model which helps to know how to mitigate them. This integration saves a lot of time and makes business operations easy. As soon as we perform a scan, the data gets populated in the Patch Management module. We can see all the data in the Patch Management module. By entering the asset name or the IP address of the host, we can see all the information already over there. We do not have to sync anything or have to pull anything separately using the APIs.

Qualys Patch Management has removed the requirement of approval from the security team for patches because the patches recommended by Qualys are required from the security standpoint itself. They are not showing any patches for functionality improvement or something like that. That is why the security team's intervention is not required anymore. The patching team can schedule and deploy patches.

We now have a single source of truth. Previously, everyone was relying on their own inventory or reports, so the chances of errors were pretty high because there could be data mismatch. Now that we have a single source of truth, there is less chance of errors. All the teams are seeing the same data.

Qualys Patch Management has not reduced a lot of costs. There is about a 15% reduction. It has improved our patch rate by about 60% over the last one to two years.

We have integration with ServiceNow for ticket management. As soon as the patches have been deployed, tickets are getting resolved. When the rescans happen, there is again a revalidation of whether the vulnerabilities have been closed or not. The process of resolving or closing the tickets is 40% to 50% faster than before.

Qualys Patch Management has reduced our organization's risk by 40% to 50%. 

Qualys Patch Management automates patch deployment for hundreds or thousands of our assets, reducing our reliance on the IT team to perform these tasks manually. It is able to fix most of our vulnerabilities. The count is reducing significantly. We do not have to rely on our IT team to manually log in to systems or deploy using the AD group. We can just put in a command and schedule the patches for our hundreds or thousands of assets. The vulnerability count has reduced significantly.

Secondly, it helps us not just deploy a patch, it also helps us to install a particular software if it is required from an IT standpoint. Tomorrow, if the organization has a requirement for certain software to be installed on a device, Qualys Patch Management has that capability as well. It can install that software on the machine irrespective of whether it is a security tool or some other tool. We can just put in the URL or source path of it, and it will install that software.

The last one is the registry remediation. It is not just limited to patch management or patch deployment. We can also create a script to fix a particular vulnerability that cannot be fixed through patch deployment. It might require logging into the system, opening the registry keys, and editing some values to it. We can create a script for that.

Some patches require OEM consent or must be released by OEM. For example, if an outdated version of a tool like Falcon is detected, Qualys flags it as a vulnerability, but cannot automate the patch update. We can not simply download and do an upgrade. Improved partnerships with OEMs could resolve this.

It works with Windows and Linux, but Mac patch support is not yet available.

We have been using Qualys Patch Management for approximately five years. We were given a subscription to Patch Management along with the VMDR module.

I would rate the stability of the solution a ten out of ten. It is a stable solution.

So far, Qualys Patch Management fits our company requirements. However, Mac patch support is not available, which could be improved. Overall, I would give it a nine out of ten.

Our organization has a global presence. We have offices in Asia, Europe, and America. The Patch Management solution is being used by 30 to 40 teams. We have the infra team, the security team, and the managers keeping track of what is going on and whether everything is on track.

Whenever we raise a ticket, Qualys has a quick response time of 48 hours. They provide the necessary resolution once all information is shared. I would rate their support a nine out of ten.

Before using Qualys Patch Management, my team used SCCM. However, there were challenges. It did not detect required security patches effectively and had limitations on asset detection. The number of vulnerabilities was still pretty high even after deploying the patches.

There were also limitations in terms of asset detection. Certain types of assets did not work with SCCM. Qualys provides better asset detection.

Qualys Patch Management works with Windows and Linux. We do not have to use different tools. 

The setup was straightforward and quick. We just had to connect with a Qualys partner. They set up the cloud environment for us and gave us the URL and the credentials.

As soon as the contract application was done, it took about a week to get the cloud environment set up and ready.

It does not require any maintenance from our side. Qualys takes care of its maintenance. There is a periodic maintenance schedule every quarter. 

The implementation was supported by a partner at Qualys who set up the cloud environment.

Qualys Patch Management comes as part of a bundled package with several modules, making it a cost-effective deal for us. I cannot speak to the separate cost, as we have always used it as part of the package.

I would recommend Qualys Patch Management to others because it is user-friendly and has a wide database of vulnerabilities and patches. I am fond of Qualys, having started my journey with them. Overall, I would rate the solution a ten out of ten.

We use Qualys Patch Management to remediate vulnerabilities. Qualys synchronizes with both the Vulnerability Management, Detection, and Response module and the Patch Management module. This provides a unified view of which vulnerabilities can be patched through Qualys and allows patching to be initiated directly from the VMDR module.

Most Windows security patches are released on Patch Tuesdays and become available to us through Qualys the following day. Once available, we can initiate patching to reduce vulnerabilities within our infrastructure. This process primarily addresses critical security updates from Microsoft and other third-party applications, allowing us to mitigate vulnerabilities using Qualys proactively.

Qualys Patch Management effectively mitigates risks through its risk-based automation, enabling rapid vulnerability remediation.

The integration of Qualys Patch Management with Qualys VMDR allows us to use the same device identification ID for both patch management and vulnerability identification. This enables us to easily determine which vulnerability a patch addresses, access CVE information, and validate patches based on product or product family. For instance, if we have Google applications with vulnerabilities, we can efficiently identify and patch them without searching for specific versions or missions. By selecting assets in Patch Management, we can automatically patch QID-based or family-based vulnerabilities identified by VMDR. This integration streamlines the patching process and provides clear visibility into the vulnerability status of our assets.

Our previous patch management products had communication issues with their agents. Qualys Patch Management utilizes the same agent as their vulnerability management system, streamlining the process. Security agents are more reliable than standard IT solutions, and because our IT team prioritizes agent uptime, patching is more accessible, and risk is reduced within our infrastructure. Qualys Patch Management offers immediate benefits. If a patch requires a reboot, Qualys allows users to initiate one within a specified timeframe automatically. Upon rebooting, the machine reports to the Qualys console and is automatically scanned. If the patch is successfully installed, the console reflects the update within 20 to 30 minutes. This streamlined process ensures efficient patch management and reduces vulnerabilities.

Qualys Patch Management's TruRisk automation allows us to prioritize patching vulnerabilities with available patches. This prioritization helps us focus on critical vulnerabilities and quickly remediate them, improving our security posture. The TruRisk score provides a clear metric to demonstrate the effectiveness of our remediation efforts to leadership, showing how quickly we address critical vulnerabilities and enhance our security.

TruRisk automation enhances data accuracy across business units. Leveraging the Vulnerability Management Tool for Remediation within TruRisk, patching can be initiated based on a risk score mechanism query, which provides the TruRisk score for a specific business unit. A subsequent query determines patch dispatchability, triggering a patch job if applicable. This process can be streamlined using Patch Query Language to efficiently retrieve data and execute accurate patching, reducing risk based on TruRisk scores.

Initially, the IT team resisted using Qualys Patch Management for vulnerability remediation due to its critical importance. However, after we demonstrated how integrating Patch Management with Vulnerability Management provides a single report and effectively reduces vulnerabilities, we convinced them to adopt it. This consolidated approach enhances efficiency and streamlines patch management throughout our organization.

Qualys Patch Management significantly improved our patching rates. Qualys provides access to exclusive security patches and boasts a comprehensive knowledge base covering a wide range of applications, including third-party software like Google Chrome, Edge browsers, and SQL. As Qualys expands its knowledge base, our patch management rates continue to improve. Furthermore, the Qualys support team has been instrumental in helping us resolve patching issues, such as installation failures, by efficiently identifying the root cause, whether it stemmed from network problems or the Qualys platform itself. With their assistance and the robust Qualys product, we have successfully mitigated these challenges.

Qualys Patch Management has significantly reduced our organizational risks. Previously, when using other solutions, our patch percentage was low, resulting in high risk. Qualys Patch Management, integrated with VMDR, immediately improved our patch percentage. Features like patch initiation, recurring patches, scheduling, and randomized patch downloading have been crucial in mitigating risk, especially for employees working from home with network issues. The randomized download option ensures patches are successfully downloaded even with interruptions, resuming automatically when the network connection is restored. These capabilities ensure Qualys Patch Management effectively reduced our organizational risk by 88 percent.

My favorite feature of Qualys Patch Management is its flexibility in executing scripts before and after patching. This is particularly useful for third-party or enterprise applications that require registry modifications to address vulnerabilities. We leverage this functionality to deploy scripts that adjust registry values, effectively patching vulnerabilities and enhancing the security of our machines. The ability to automate these tasks through Qualys Patch Management streamlines our workflow and improves our overall security posture.

Qualys could improve its randomized download feature and provide more detailed information about patch failures, including the reason for failure. This could include specifying whether the failure is related to a file download error, network interruption, application crash, or installer error based on the operating system. These enhancements would offer more insights into the patch management process and improve overall functionality.

I have been using Qualys Patch Management for the last two years.

The stability of Qualys Patch Management is a nine out of ten. While it's generally stable, there have been occasional issues, particularly when new patches for Linux have been introduced.

Qualys Patch Management's scalability is a ten out of ten. It scales efficiently across different machines globally, ensuring patches are deployed smoothly.

Qualys' technical support has been excellent. Their team has effectively resolved various issues, including some that originated within our network.

Positive

The initial setup was straightforward, leveraging the existing vulnerability management tool, which facilitated easy integration of Patch Management.

Deploying software to a single machine takes approximately one minute. However, in an organization with 1,000 machines, a traditional push deployment method could take up to four days to complete.

I would rate Qualys Patch Management ten out of ten. Qualys Patch Management has significantly benefited our security and remediation efforts.

Qualys Patch Management is deployed across multiple locations and time zones in various countries. While most of the IT team has access to view Qualys Patch Management, only a few individuals can initiate patching. Those with view access can assess the patching capabilities and compliance of specific machines, while a limited number of authorized personnel can deploy the patches.

Qualys Patch Management requires minimal maintenance, primarily involving updating the agent software on managed devices.

I would recommend Qualys Patch Management to those using a vulnerability management solution as it helps significantly in reducing risks. It provides various options such as using third-party repositories for patches, which are beneficial for comprehensive patch management.

We use Qualys Patch Management to patch our servers, which run on both Linux and Windows operating systems.

We implemented Qualys Patch Management to identify and address operating system vulnerabilities.

A risk-based approach to automation prioritizes addressing vulnerabilities according to their criticality, ensuring that the most significant risks are mitigated first.

The integration of Qualys Patch Management and VMDR is crucial because it automates the process of identifying and deploying necessary patches and configuration changes to address vulnerabilities. This automation minimizes manual intervention, streamlining both patching and vulnerability scanning. The integrated system automatically generates reports that include vulnerability details and their corresponding Software Development Lifecycle phase, along with patching status and the number of systems patched across production, DMZ, and VOD environments.

We used to do manual patching, which took more time to complete. With Qualys Patch Management, we have reduced the time it takes to patch. We can now perform patching with a single click and obtain a report of the patch application. We saw the benefits of Qualys Patch Management within seven months.

Qualys Patch Management excels with its user-friendly interface and comprehensive reporting features. Additionally, it offers robust vulnerability scanning for both network devices and operating systems, ensuring thorough and effective security assessments.

The TruRisk automation has significantly reduced the time it takes for risk management and reporting.

Qualys Patch Management gives us a single source of truth for assets and vulnerabilities that need to be assessed, prioritized, and remediated.

Qualys Patch Management enabled us to increase our patching frequency. Previously, limited staffing necessitated quarterly patching, but with Qualys, we can now patch monthly as releases become available. This proactive approach minimizes risk to our infrastructure.

We have integrated Qualys Patch Management with our SIEM solution, enabling us to build a single dashboard that displays vulnerability reports from both systems. This allows both the infrastructure and security teams to simultaneously access and utilize the Qualys Patch Management reports within the SIEM dashboard.

The organization's risk score has significantly improved since integrating with Qualys Patch Management. Previously at 60 percent, the score is now down to 39 percent, with the potential for even further reduction.

There are certain integration parts that could be improved. Sometimes, legacy operating systems are not supported by Qualys Patch Management, which is an issue. There should be a document readily available with Qualys that lists unsupported operating systems and provides solutions on how to achieve patching in other ways.

I have been using Qualys Patch Management for the last three years.

We have used Qualys Patch Management for the past three years without issue and would rate its stability a ten out of ten.

Qualys Patch Management is a globally scalable product, easily handling increasing workloads and users. Its scalability gets a ten out of ten rating.

We have not faced any challenges with customer service. Whenever we raised a case with Qualys for troubleshooting or any assistance, we received support as required.

Earlier, we were using Nessus. There were some challenges with Nessus, such as the reporting part not being customizable as per our requirements, and some management pricing issues. We conducted a POC and switched to Qualys Patch Management.

The initial setup was straightforward, with servers deployed in two days using a broadcasting tool for installation. This allowed for the successful deployment of Qualys Patch Management within one week.

With Qualys, we've experienced reductions of 70 percent in work hours and 30 percent in overall security costs.

The pricing is fair and within our budget. With the capabilities Qualys offers, we believe we are getting good value for the price.

I would rate Qualys Patch Management nine out of ten.

We use a ticket submission tool to assign IT service tickets. Once the IT team completes a ticket, they close it.

We have around 1,500 users that are located evenly between the office and home environments.

Qualys Patch Management typically requires maintenance only for agents that encounter operating system issues preventing automatic updates.

I recommend using Qualys due to its ease of deployment, automation capabilities that reduce human intervention, and cost-saving benefits. As a highly effective product, Qualys Patch Management may eliminate the need to consider alternative solutions.

We primarily use Qualys Patch Management for our endpoint machines. This solution automatically pushes patches to all machines, regardless of whether they are connected to the network, and allows them to update and reboot automatically.

The risk-based approach to automation in Qualys Patch Management helps us meet our strict SLA timelines by prioritizing critical vulnerabilities. Most vulnerabilities can be patched directly through Qualys, although some require additional external component upgrades. While we generally address critical vulnerabilities within the SLA timeframe, occasional delays necessitate quarantining affected systems from the network to mitigate risk. This automated process significantly reduces our overall security risk.

We had a large number of assets, making it challenging to push patches to all machines, especially those off the network. Qualys Patch Management allowed us to install agents on all endpoints, enabling automatic patching over the internet, regardless of network connection. Upon reconnecting to the Infosys network, any missed patches are applied, and the machine is automatically rebooted. This eliminates downtime for endpoints, except servers, and ensures timely vulnerability remediation, significantly reducing complaints and associated risks. We saw the benefits of Qualys Patch Management within a month.

Patch Management's integration capabilities are highly valuable, enabling precise targeting and prioritization of vulnerabilities. Automated features streamline patch deployment and ensure compliance, effectively mitigating risks and bolstering organizational security.

Qualys Patch Management serves as a single source of truth for identifying and addressing vulnerabilities in our assets. We utilize this tool extensively for various purposes, including VMDR, CSAM, and our own internal compliance efforts. Additionally, we are anticipating the release of Total AI and plan to integrate it into our workflow once available.

Before implementing Qualys, we lacked a comprehensive inventory view and relied on the support team to manage most machines. With Qualys Patch Management, we established a single source of truth for asset payment requests, providing clarity on server and endpoint counts. This allowed us to accurately assess vulnerabilities through scans and create dashboards for each device. By leveraging this data, we successfully eliminated one million unnecessary fees within six months.

Qualys Patch Management significantly improved our patch rates by 80 percent, scanning for vulnerabilities every four hours via the Qualys agent. Once identified, patches are automatically deployed and await system reboot, with an option to skip the reboot twice. This process effectively addresses most vulnerabilities identified in our call list. However, some vulnerabilities may require additional features or intervention from the project team, potentially involving coaching or further action, which can lead to delays. Despite these exceptions, Qualys Patch Management successfully deploys all required patches.

Our IT support team uses Qualys Patch Management with a configuration management database. Qualys Patch Management has significantly reduced our vulnerability count by enabling faster ticket resolution. This efficiency has allowed us to address vulnerabilities across thousands of machines, drastically reducing the number of vulnerabilities from millions to a manageable level.

Qualys Patch Management has helped reduce our organization's risk by 80 percent.

Qualys Patch Management's pricing could be more competitive, as it presents a significant obstacle for many companies who find it unaffordable.

Qualys Patch Management would benefit from enhanced integration to address its current limitations in patching new features.

I have been part of the team using Qualys Patch Management for one and a half years.

I would rate the stability of Qualys Patch Management nine out of ten.

I would rate the scalability of Qualys Patch Management nine out of ten.

The technical support received from Qualys is excellent. We have a dedicated person to resolve any issues quickly.

Positive

The initial deployment was straightforward and was completed in two to three months. 

The implementation of Qualys Patch Management has resulted in an eighty percent reduction in vulnerabilities across the organization, which suggests a significant positive ROI.

Qualys Patch Management is expensive.

I would rate Qualys Patch Management nine out of ten.

Our security team is divided into two groups. The IT support team uses Qualys Patch Management to handle automated patching and maintenance. My team addresses issues that cannot be fixed automatically. We handle vulnerabilities that have been pending for a long time, escalating them and seeking remediation. If these issues remain unresolved, we quarantine the affected vulnerabilities.

We have 300 people from my team using Qualys Patch Management.

Maintenance from our end is minimal as we get comprehensive support from the Qualys team. They provide all necessary support, enabling us to effectively manage the solution.

I would recommend Qualys Patch Management, especially considering its integration capabilities and the support it provides in managing and automating patching processes, substantially reducing vulnerabilities and risks.

We are using the Qualys Patch Management and VMDR solution at a client location.

We primarily use Qualys Patch Management for the company's infrastructure. We utilize the core Patch Management module to remediate and manage patches. We mainly use it to address zero-day vulnerabilities and swiftly deploy patches across a large number of devices.

Whenever Microsoft releases any zero-day vulnerabilities, they provide a workaround. We are able to push that workaround from the Patch Management module. We can push the registry key changes or use the PowerShell script. We push changes to almost 600 devices in ten minutes. It helps us ensure our infrastructure security.

Qualys Patch Management has significantly improved our visibility into vulnerability remediation and patch severity. The solution has enabled us to remediate a large number of vulnerabilities and reduce our attack surface effectively.

We can track live updates and present dashboards to management, which has increased their confidence in our security posture. We can see the progress while pushing the patches. We have VMDR dashboards and reports. The reports are user-friendly, and everyone can understand these reports. We could also present them to the management. They were also happy to see the progress. They had visibility.

We have not implemented much automation. We are still in the early stages of this solution and testing out the possibilities. We had an issue because of the requirement that every server should be connected to the Internet before downloading the patches, but QGS was very helpful with that. QGS helps to ensure that we are able to patch devices that are not connected to the Internet.

We are able to prioritize the vulnerabilities and remediation. We did not see any discrepancies. With some of the other tools I have used, I have seen so many discrepancies between the vulnerability and the patching.

It helped our teams to work together. We created a separate team for vulnerability remediation. We also could help the patching team and support them in automating patch management. Previously, they were doing it manually on each server.

With Qualys Patch Management, there is an increase in vulnerability remediation. We have remediated almost 100,000 vulnerabilities. That is a huge count. Previously, we used a formula to identify critical vulnerabilities, and we could remediate only a limited number of vulnerabilities. With Qualys Patch Management, we could remediate all the vulnerabilities. We did not exclude any of the vulnerabilities.

There is also an increase in the patch rate. Previously, we could only cover 30% patching, whereas with Qualys Patch Management, within one and a half months, we could achieve 70% to 80% patching. The remaining ones are not included in the initial phase because of certain dependencies. We pushed data to almost 2,000 devices. It took some time for us to do the testing. We tested on ten production devices. After that, we pushed the patches to other devices.

We can download reports and customize the report templates based on the information we need. Our management could clearly see where we are now as compared to before. They could see our progress. They could see that we have fixed all high-priority ones within a month. The remaining ones are of medium and low priority. Even if we do not remediate them, it will be fine.

The Risk Reduction Recommendation Report helped us see which vulnerabilities would reduce the most risk within our organization.

The features I find most valuable in Qualys Patch Management include the ability to manage registry changes and run scripts both pre and post-patching. We have been able to apply workarounds for zero-day vulnerabilities efficiently.

Being able to create patch groups based on QIDs is also valuable. We can identify vulnerabilities using the QID and create a patch group. After that, we can push the patches.

They need to improve the user-friendliness of identifying how many devices are affected by a particular patch. It is not intuitive, and there should be clearer indicators or buttons to access this information easily. Currently, we have to go to the Patch Management module within an asset to see the information but not many people are aware of it. It is not intuitive in terms of seeing how many patches are pending on an asset. Other than that, it has everything we need.

I have been using Qualys Patch Management for approximately one year.

We faced an issue once due to a cloud-related problem that slowed down the console and presented device status inconsistencies, but it was resolved within four hours.

We have not encountered any scalability issues. We operate across multiple locations and have not faced any lags.

We have almost 125,000 users. We are a multinational company. We have offices in about 15 states in India. We are also in two or three other countries. This is why our asset count is high.

Customer service is exceptional. The support team is experienced and responsive, providing solutions quickly without delay. I would rate them a ten out of ten.

Positive

Before Qualys, we used Microsoft SCCM, which was not effective in progress tracking and vulnerability remediation. The tool was basic, the licensing cost was high, and we were only able to address 30% to 40% of vulnerabilities.

We proposed the Qualys Patch Management module. Its cost was almost similar but we got many more features. After implementing it, we could see the progress in vulnerability remediation and patching.

Qualys Patch Management also provided us with a variety of dashboards or criteria. We could see the number of patches done, pending, and failed. Microsoft SCCM did not give us that information. We could also export reports with Qualys Patch Management. This option was not available with Microsoft SCCM. 

In terms of user-friendliness, Microsoft SCCM is more user-friendly. It has fewer features and is very easy. Even a beginner can use Microsoft SCCM, which is not the case with Qualys Patch Management. 

It is a cloud solution, so everything required is provided by Qualys. 

It does not require any maintenance from our end.

We required assistance from the Qualys team for the initial setup and configuration as we were not familiar with setting up and configuring QGS at the time.

It has saved us resources. We now have only two people for patch management.

The pricing is reasonable and competitive. We get many more features at the same price as other solutions such as Microsoft SCCM.

It is worth the money considering the services and features it has. Their support team is also awesome.

We evaluated Rapid7 as an alternative to Qualys but found it lacking in some features that Qualys offered.

I would recommend Qualys Patch Management to every organization looking for better patch management and remediation. I would recommend opting for the cloud version of Qualys Patch Management as it is easier and faster to use compared to an on-premises solution.

I would rate Qualys Patch Management a ten out of ten. It makes my job easy.

We utilize Qualys Patch Management to patch our customers' virtual machine environments. This includes performing tasks and remediation actions in conjunction with Qualys Vulnerability Management, Detection, and Response.

We implemented Qualys Patch Management for the zero-touch patches.

Qualys Patch Management's risk-based approach simplifies the automation of risk mitigation.

The automatic inclusion of relevant patches in Qualys Patch Management based on Qualys VMDR findings streamlines remediation. This integration simplifies patching tasks by providing a direct solution from VMDR to Patch Management, making it easier to address vulnerabilities.

Qualys Patch Management is user-friendly. We used to have a different tool that did not provide good solutions or responses, so we tested Qualys Patch Management internally and with a few customers. As a result, the time to push patches, get updates, or push zero-day patches has significantly decreased compared to the previous tool. We realized the benefits of Qualys Patch Management within the first quarter.

Qualys' TruRisk automation improves our operational efficiency by enabling us to remediate vulnerabilities without requiring direct involvement from our security team.

Qualys Patch Management streamlines our vulnerability management process by providing a single source of truth to assess, prioritize, and remediate vulnerabilities across all assets. This consolidated approach has significantly reduced our workload, enabling us to meet all compliance standards and accelerate remediation from weeks to days.

We have significantly improved our patch rates using Qualys Patch Management, though the exact improvement varies depending on the vulnerabilities. For critical issues, typically those with a CVSS score of four or five or higher, we contact the customer and, upon their approval, immediately patch the relevant item. This includes application software, configurations, Microsoft Patch Tuesday updates, and zero-day vulnerabilities.

We augmented our vulnerability solution with Qualys Patch Management to address patching deficiencies within our customer base. Many clients operate in silos with disparate IT teams, hindering comprehensive patching efforts. Our adoption of Qualys Patch Management enables us to centrally manage and execute patching through its VMDR capabilities, resulting in higher success rates compared to decentralized client-managed patching.

We have seen a significant reduction in our customer's risk, around 70 to 80 percent.

Qualys Patch Management excels with its automated patch scheduling and retrieval. The system efficiently executes jobs, provides clear messaging, and simplifies the management of installations and residual file removal.

Qualys's current response time for releasing solutions to zero-day vulnerabilities, which takes approximately 12 to 16 hours, needs improvement. The goal is to reduce this timeframe to under 12 hours. Additionally, their platform requires enhanced support for multi-tenancy.

I have been using Patch Management for the last two years.

I would rate the stability of Qualys Patch Management nine out of ten.

Qualys Patch Management's scalability is eight out of ten because it does not provide good support for multi-tenancy.

Qualys' technical support is good.

Positive

We previously used patching solutions like Kaseya VSA, but now prefer Qualys Patch Management due to its integration with VMDR. This single-solution approach reduces remediation time significantly.

The initial deployment is straightforward. It involves installing agents and scanner appliances, which automatically manage everything. The deployment can be completed within a few days.

The pricing is reasonable and less expensive than the previous tool.

I would rate Qualys Patch Management eight out of ten.

Our customers who use Qualys Patch Management are small and medium-sized businesses.

Qualys Patch Management does not require any maintenance.

I would recommend Qualys Patch Management to other users because of its advantages over other tools. This tool is good compared to others.

In the previous company, the customer was using Qualys Patch Management tool, and they were using more than one lakh assets in that organization. The Qualys Patch Management tool helped significantly in that case.

The risk-based approach Qualys Patch Management uses is very good for easily getting the details. That is one of the factors in the prioritization of the vulnerability. We can see if a patch is or is not available. The details are easily obtained through risk analysis. If everything is available, we still need to know which one to prioritize, and this approach helps us significantly with priorities.

We saw an improvement in our patch rates from using Qualys Patch Management, especially with respect to automated patches. 

We got the consolidated data, and using automated Patch Management for a few assets saved a lot of time because we don't have to do it manually or raise tickets for everything. 

By trusting Qualys Patch Management, we remediated many vulnerabilities, especially with Windows.

The consolidated report we received from the solution was very time-saving because, in the dashboard, we could get all the patch details for a particular patch and all the assets listed. That was very easy. Instead of going through Excel sheets, we could easily pull up the data and produce it based on the operating system, distribution, and other things. 

False positives were the biggest concern. 

We also had some concerns with respect to the Cloud Agent. VMDR is something that whoever uses Qualys Patch Management will always use. We used both, but sometimes we got different details in Patch Management and VMDR. The data differs, especially with Cloud Agent-installed assets. We have had to contact their technical support many times, especially for Cloud Agent troubleshooting. We raised many feature requests with Qualys for Cloud Agent and faced many issues with it. Cloud Agent always gave us trouble, not just with Qualys, but with other tools too. However, compared with others, Qualys did have more issues with Cloud Agent.

I used Qualys Patch Management for one year.

The platform maintenance is according to what we have seen. A few times Qualys was not reachable for very few minutes, but stability-wise, it is a very good product.

Scalability-wise, Qualys Patch Management is a very good product. I never faced any issues with any of that.

I would rate them a ten out of ten for support because they are very approachable. Whenever we raise a request and mention the priority of the ticket, they respond immediately via email or call.

Positive

We were using another tool before Qualys Patch Management, though I don't remember which one. When we did the PoC, compared to Qualys, the other tool was giving less data, and that is why we moved to Qualys Patch Management.

My overall rating for Qualys Patch Management is a ten out of ten.