Qualys Patch Management Reviews

We use Qualys Patch Management for server deployment and workstation deployment. It is also used for vulnerability management, managing open ports, and remediating vulnerabilities.

The risk-based management involves process automation, identifying vulnerabilities through scheduled reports, and ongoing patch deployments.

Qualys Patch Management utilizes advanced algorithms within its management policies to effectively address vulnerabilities. It accurately identifies threats and provides the necessary solutions to remediate bugs in end-user systems.

TruRisk automation streamlines our vulnerability remediation process by automatically identifying and deploying necessary patches, eliminating the need for constant security team involvement. Previously, the security team would provide monthly scan profiles and assign them to us. We would then scan endpoints, identify vulnerabilities or partially/fully installed patches, and use Qualys reports to address any patching failures. TruRisk automates this entire workflow, increasing efficiency and reducing our reliance on manual intervention from the security team.

Qualys Patch Management offers a single source of truth to identify, prioritize, and address vulnerabilities across all assets. This ongoing monthly process consistently identifies vulnerabilities in our network, devices, and systems. Using a standardized remediation template, we scan for vulnerabilities and implement necessary fixes to ensure ongoing security.

It reduces costs through automated deployments, eliminating the need for manual monitoring and machine checks. By creating a job to identify machines with low disk space or those not requiring patches, we generate a report and exclude unnecessary machines from the patching schedule. This automation removes machines that don't need patches, ensuring only those requiring updates are involved, and reduces manual effort by approximately 50 percent through automated scheduling and issue identification.

I have been managing patches for the past two years. Previously, the tools available lacked automation and couldn't handle all tasks, including scheduling. Now, with Qualys Patch Management, we can schedule jobs, automatically identify and fix bugs, and significantly reduce the time spent on patching. For instance, tasks that once took ten hours can now be completed in three.

Our patch rate was 85 percent before implementing Qualys Patch Management, and now it is 98 percent.

We utilize Qualys Patch Management's ITSM tools for ticket management, which has proven highly beneficial for our operations. We are integrating Qualys Patch Management with ServiceNow and BMC Remedy. This integration automatically identifies and closes approximately 50 to 60 percent of tickets.

Adding Qualys Patch Management to our existing vulnerability management tools has provided us with an on-demand capability to patch our internal devices as needed.

Qualys Patch Management helped reduce our organization's risk by patching 98 percent of vulnerabilities.

Qualys Patch Management is an effective tool for vulnerability remediation. It identifies vulnerabilities, creates profiles, and recognizes vulnerabilities on the endpoint, all within a user-friendly environment.

The availability of Qualys Patch Management needs to be improved.

I have been using Qualys Patch Management for almost five years.

There are times when Qualys Patch Management is unavailable.

I would rate the scalability of Qualys Patch Management a nine out of ten.

Technical support is good, providing seamless efforts in their support.

Positive

We use multiple tools. On-demand, we use Qualys alongside other solutions like Tanium, Rapid7, and SCCM to manage machines both inside and outside the organization.

The initial deployment is straightforward. It does not take much time to deploy. Everything is completed within the four-hour schedule.

Compared to other tools, the price of Qualys Patch Management is reasonable.

I would rate Qualys Patch Management a nine out of ten.

Qualys Patch Management is deployed in multiple departments and locations. We have five members that administor the solution.

No maintenance is required from our end.

I recommend Qualys Patch Management because it is effective in past deployment and vulnerability management. It identifies necessary patches instead of scanning the entire machine.

We use Qualys Patch Management to mitigate and remediate all critical vulnerabilities present within our infrastructure.

We implemented Patch Management to address critical vulnerabilities in our infrastructure. This proactive measure mitigates the risk of compromise that could arise from unpatched vulnerabilities.

Patch Management has tremendously increased our security posture. Previously, we used to manage patching manually and remotely, which did not provide accurate data. With Qualys, all the details are readily available on the dashboard, aiding us in submitting details to management. It has significantly helped in providing management with up-to-date data, leading to improved satisfaction. We saw the benefits of implementing Qualys Patch Management within the first quarter.

Qualys Patch Management gives us a single source of truth for assets and vulnerabilities that must be assessed, prioritized, and remediated. This has drastically affected our operations because the features present on Qualys are amazing, and it's user-friendly compared to other tools.

We've observed an improvement in our patch rates by up to 50 percent. Utilizing the Patch Management tool allows us to download comprehensive compliance reports detailing the number of patches applied to each server, which is significantly beneficial.

Qualys Patch Management's risk reduction recommendation report offers comprehensive and customizable details, including in-depth vulnerability information with plugin output not found in other tools. This makes Qualys a superior solution for managing and understanding security risks. Qualys Patch Management's risk reduction recommendation report provides a helpful scoring system, the QDS, which can be mapped to our asset classification system, allowing us to prioritize and address vulnerabilities according to their risk level.

The risk reduction recommendation report has identified vulnerabilities that, if addressed, would yield the most significant risk reduction. Prioritizing these vulnerabilities based on their severity allows us to focus on the most critical risks to our organization and take appropriate remediation action.

We have created widgets with the assistance of the Qualys support team to add them to our existing vulnerability management solution, which has been instrumental in helping us track vulnerabilities related to our infrastructure.

Qualys Patch Management has significantly reduced our organizational risk by up to 70 percent by identifying vulnerabilities in our infrastructure and prioritizing remediation efforts. This has allowed us to reduce vulnerabilities and strengthen our overall security posture effectively.

Qualys Patch Management offers valuable features like scheduling and on-demand patching, allowing us to conveniently push patches to our servers at designated times.

The GUI has areas that need improvement, particularly in the accuracy of results when adding dashboards and running queries.

I have been using Qualys Patch Management for the last two years.

The stability of Qualys Patch Management is impeccable. I would rate it ten out of ten.

Qualys consistently upgrades itself with major changes and new technologies. They introduce new modules as needed, making Patch Management highly scalable.

Qualys support is exceptional. Whenever we need custom reports, we log a ticket with Qualys.

Positive

We transitioned from Nessus Security Center to Qualys due to challenges with Nessus's automatic patch deployments, which resulted in unplanned downtime on critical systems. A proof of concept and vendor support confirmed Qualys as a more suitable solution for our needs.

The initial setup was straightforward. Before deciding to implement it, we conducted a month-long POC to ensure all requirements were met. The deployment took over 25 days.

I would rate Qualys Patch Management ten out of ten. 

We are conducting testing in a UAT environment. Our risk mitigation approach involves deploying a patch only after thorough testing in the UAT environment confirms the absence of issues.

We use an internal ticketing system called TUSOM. While previous discussions with our Qualys TAM indicated that integration with TUSOM was not possible, we have recently re-engaged with them, and they are now working on a solution to enable integration.

Approximately 13 individuals have administrative access to Qualys Patch Management, while the remainder have read-only access for viewing reports.

Maintenance is required before we can implement the policy. As a result, we are conducting preliminary testing in the UAT environment. Additionally, Qualys will notify us of any planned maintenance.

I recommend starting with a proof of concept to ensure Qualys Patch Management meets your requirements. In my experience, it is highly user-friendly and has excellent support, making it superior to other products.

My organization uses Qualys Patch Management internally, including its core patching functionality and Vulnerability Management, Detection, and Response. As a consultant, I help several Qualys user clients with best practices and similar tasks, addressing use cases ranging from vulnerability reduction and patch management to asset management.

Qualys is a cloud-based platform. While they offer a private cloud option at a higher cost, their core functionality resides in the cloud. The lightweight agents we install on our systems simply collect data and upload it to the cloud-based Qualys interface. The only exceptions are passive sensors like network sniffers and on-premise scanners, which are optional deployments for specific needs. This cloud-centric approach eliminates the need for us to manage on-premise servers, unlike some competing products like baramundi.

Qualys query language simplifies patch selection by allowing us to define risk-based criteria. We can target patches based on severity medium to critical and Qualys rating while excluding specific unwanted patches like "Patch xyz". As long as a patch meets our pre-approved criteria, it's automatically selected, making the approval process quick and efficient.

The Patch Management integration with VMDR including all development patches and configuration changes required to remediate vulnerabilities detected by the VMDR is significantly important.

While Qualys offered benefits initially, the deployment of the cloud agent truly transformed our security posture. Previously, regular scans provided only point-in-time vulnerability identification. Now, with continuous updates from the cloud agent every four hours, we have near real-time visibility into our risk levels, allowing us to prioritize and swiftly address vulnerabilities to minimize overall security exposure.

TruRisk automation streamlines vulnerability remediation by prioritizing threats based on real-world exploitability, not just a generic CVSS score. This allows us to focus on the most critical issues first, avoiding the time-wasting whack-a-mole approach of patching everything at once. While all vulnerabilities eventually need to be addressed, TruRisk helps us prioritize effectively and work through them in a methodical way.

Qualys' prioritization feature streamlines vulnerability management by offering a central hub to find, rank, and address critical security issues. This unified approach significantly improves collaboration between security and IT teams. Previously, prioritizing vulnerabilities was often a matter of simply patching critical ones. Patching policies also play a role, with most companies aiming for a 30-day window or less for critical patches. While the industry average turnaround is 17 days, faster patching remains crucial. Qualys' TruRisk scoring system helps identify outliers – vulnerabilities that might slip through the cracks in a well-managed environment. Traditional patching methods, like Microsoft's WSUS, may miss these outliers, but Qualys excels at finding them, providing better communication and faster remediation.

This single source has helped reduce soft costs where employees were wasting time spinning their wheels searching for answers. This newfound focus allows them to dedicate their energy to more important tasks.

Prior to implementing patch management, a random sampling of systems would often reveal outdated patches, some exceeding 60 days old. However, with patch management in place, finding such aged patches is now a rarity.

We integrated Patch Management on top of Qualys VMDR. This gave us a lot more visibility and accuracy.

Patch Management has helped to reduce our organizational risk.

The most valuable feature in Patch Management is the Qualys query language for set-it-and-forget-it patching for our preapproved patches, and our preapproved schedules, That is extremely helpful compared to the old days of patching.

A common area for improvement in Patch Management, both within our environment and others I've encountered, is the lack of built-in driver updates. Ideally, the system would handle updates for network interface cards, video cards, and other components, eliminating the need to rely on manufacturer-specific tools like Dell Update or HP Update. Integrating these patching options would significantly improve the overall functionality.

Qualys Patch Management primarily updates operating systems, third-party software including Adobe products and many more, leaving video card drivers and firmware updates to other tools. This focus on core software is understandable, as driver and firmware updates can be more complex.

The price has room for improvement.

I have been using Qualys solutions for over 20 years.

Qualys Patch Management is very stable. They clearly communicate any scheduled maintenance in advance, and these updates typically require no downtime. In rare cases of major maintenance, they might announce limited portal access during specific hours. Like any software, occasional minor glitches can occur, but we can easily check for known issues at status.qualys.com before troubleshooting on our own. Overall, Qualys Patch Management is a reliable solution.

Qualys Patch Management is highly scalable. 

Qualys technical support has been excellent recently. While there have been occasional periods of lower satisfaction in the past, similar to any organization, they seem to be prioritizing customer happiness. This is evident by their recent staffing improvements, which have led to my last few support requests being resolved quickly and efficiently.

With extensive system use, I've occasionally received initial responses from what seems like level-one support. I then need to clarify and request further troubleshooting before they escalate the issue.

Positive

Qualys Patch Management deployment is straightforward as long as we have the right team, whether it's a consulting firm or our own IT staff familiar with whitelisting. This is because whitelisting the Qualys Cloud Agent on systems protected by endpoint security tools like Carbon Black or CrowdStrike is crucial to prevent them from blocking the agent. Fortunately, the whitelisting requirements are well-documented, making implementation smooth for a prepared team.

A single person can handle the deployment if they have permission to distribute the cloud agent, install on-premise scanners, and build the virtual machine for the scanner. In fact, several of my colleagues successfully manage deployments for large organizations on their own.

Qualys Patch Management's pricing is competitive. While some perceive it as expensive, competitor tools are similar. While a free option like Microsoft WSUS exists, it lacks features. While I'd prefer Qualys VMDR to include Cyber Security Asset Management for a more attractive overall package, Patch Management itself remains competitively priced. Scaling brings lower per-asset costs, and Qualys recently introduced better pricing bundles for smaller environments.

To verify Qualys Patch Management's effectiveness, I've occasionally used free tools like Patch My PC to scan for missed patches. These scans consistently come up clean, giving me confidence that Qualys Patch Management is doing a good job.

While both Qualys Patch Management and baramundi Update Management are powerful tools, Qualys offers a clear advantage in ease of use. For organizations with large IT teams that can handle a more hands-on approach, baramundi can be effective, but it requires more ongoing management compared to Qualys' set-and-forget approach. Notably, baramundi goes beyond patching with software distribution capabilities, but this additional functionality comes at the cost of increased complexity. Ultimately, for those seeking a simpler solution, Qualys is the better choice.

I would rate Qualys Patch Management ten out of ten.

While the initial setup involves deploying cloud agents, Qualys Patch Management is low maintenance. Updates for both agents, signatures, and related components are automatic. Qualys handles maintenance in the cloud, and new systems are easily enrolled with agents through software distribution or policy enforcement.

New Qualys Patch Management users should consult the documentation and training resources before deploying. While a trusted partner can assist with implementation, understanding the process is crucial. Qualys offers free training to cover essential steps like agent deployment, configuration, and security considerations to ensure successful patching. Don't skip these steps, as seemingly minor setup issues can hinder functionality. This applies not just to Qualys, but to any endpoint security solution.

Mostly, I've used it because I'm working in the Vulnerability Management Team. I've done the POC for Patch Management and then handed over the product to the Patch Management Team, which handles the patching. I tested the module by Qualys, exploring the functionality of the Patch Management module, such as available patches. All these tasks were completed by me before procuring the product, and then access was provided to another team that uses it for patching. As part of the Vulnerability Management Team, my work involves overseeing the entire Qualys product, including VMDR, FedRAMP, cloud agents, and other functionalities.

The first thing I would say is the ease of use. It's so user-friendly that even a newcomer in IT can use it directly. It helps reduce our attack surface by patching all software vulnerabilities and deploying patches directly from the console. The connection and integration between different tools are excellent, allowing continuous monitoring of the types of patches released, which can be quickly deployed onto the systems. The dashboards help identify what type of patch I want to deploy and which patches are missing.

There is room for improvement in the inclusion of more patches. That's the only improvement I would suggest. Not all patches are available on Qualys, so they need to get licenses for other patches as well. That would be more helpful.

I have used the solution for 3 years.

It's quite stable. I would say it’s a nine.

Scalability, it's dependable.

Technical support, I would say it’s about seven and a half.

We used BigFix before.

For Patch Management, the testing part took about one to two weeks. Procurement took one week because it was pending with the procurement team. Overall, I guess it took about a month.

We have saved time and resources by detecting vulnerabilities, which helps us patch many assets. I can't quantify it exactly, but it's significant as it prevents vulnerabilities from being exploited. If those vulnerabilities were open and we did not have Qualys or similar solutions, we would have been at risk of attacks. I cannot give a specific number, but having a Vulnerability Management tool has a significant impact.

These two tools are completely different. BigFix is a full-fledged patching tool where you can directly apply patches but cannot view vulnerability data. On Qualys, you can see vulnerabilities and deploy patches directly. It offers a different perspective by allowing you to view a vulnerability and deploy a remedying patch. Qualys acts like both a vulnerability management tool and a patching tool, which is quite beneficial. Tools like Nessus, Rapid7 handle vulnerability management, while BigFix, SCCM handle patching.

I would recommend it because of its ease of use and integration as both a Vulnerability Management and Patch Management tool. I rate it nine out of ten.

I use Qualys Patch Management to patch vulnerable applications such as Mozilla Firefox and Java. Additionally, I use features like registry updates and scripting options available in the Patch Management deployment module. Our usage is about 70%.

Qualys Patch Management is beneficial for addressing critical vulnerability alerts quickly, providing significant improvements in mitigating risk within our organization. It is very helpful to push patches for critical vulnerability alerts in that one shot to remediate vulnerabilities.

It is very helpful in reducing risk in our organization. This is the only tool we are using to patch applications in our environment.

The availability of patches for required applications from Qualys itself is convenient, making it easy for me to push patches. 

We can update the registry with special features such as Registry Update. We can also run scripts via the Patch Management module. These features are very helpful in our operations. 

I struggled to see patch availability for some applications in the Qualys console, requiring me to use third-party repositories. If repositories could be integrated within the Qualys module, it would simplify the patching process for me. 

Additionally, there are glitches in the VMDR vulnerability section while querying for particular vulnerabilities. There are unwanted commands in the KQL which sometimes hinder my results. For example, we sometimes could get CVE IDs while running a query, but at other times, we could not.

I have been working with Qualys Patch Management for around nine months.

As of now, I have not encountered any performance issues or stability issues.

I have not faced any limitations or scalability issues.

We have more than 25K assets. We have three people to do the administrative things.

The support team is responsive and provides detailed information. They share the required documents when we need them. They are very helpful in resolving issues. I would rate them a nine out of ten.

Positive

We previously used Microsoft SCCM for patch management. We switched to Qualys because it centralizes vulnerability detection and patch availability, reducing our workload. We can find the vulnerabilities and see patch availability for those vulnerabilities. It saves time.

With Microsoft SCCM, we could push patches for the applications we wanted to, but with Qualys Patch Management, we could not push some third-party applications. That is the one main difference. Another thing is that whenever we ran the script, we could not see the results or outcome after running the script with Qualys Patch Management, whereas in SCCM, we could see the output of the script. These are the two main differences between Microsoft SCCM and Qualys Patch Management.

It is a SaaS solution. I was not involved in its initial setup, but we are in the process of deploying agents in our entire organization. 

It does not require maintenance from our side. If anything is required, we raise a ticket. So far, we have faced only one issue. Usually, a Qualys agent having a newer version is automatically upgraded, but in our environment, on some machines, we are not able to see the latest version. We are working with the Qualys team to resolve it.

I did not evaluate any other options before choosing Qualys.

It is a very good tool to reduce the vulnerabilities in our organization. Our current usage is about 70%, but we have started utilizing more features. We are planning to increase its license in our environment when there is an increase in the assets.

I would recommend it to others. It is a very good solution for finding vulnerabilities and patching them.

I would rate Qualys Patch Management an eight out of ten.

We use almost every module that Qualys has, except the EDR, which is endpoint protection. They came up with that module last year. We use their patch management, vulnerability scanners, cloud agents, and network passive scanners. We are using everything that is available.

They have a very good approach called TruRisk. If an exploit is publicly available or something is public-facing, they have an in-depth categorization process, so I do not have to think about what to patch first. Qualys take care of that. They assess them based on many factors. They have a team that works on that and goes through every aspect of the vulnerability in terms of how easily it can be exploited, and then they put a priority on it.

TruRisk automation has not helped us remediate vulnerabilities without needing to involve our security team. That is because we have been having some issues with the Windows Store app. We blocked it now but did not block it before, so it got installed on some of the machines. Because of that, we have to deal with it manually because Patch Management cannot do that. They will look for attributes, and they still exist. We cannot delete or update them because the Windows Store app is blocked, so we have to deal with those things manually.

They have a dashboard, which is very useful. I heavily rely on the dashboard. I create additional widgets if I have to, but the dashboards they have in their library are sufficient and very easy to use. I already know their language and I can build queries if necessary. 

Having this single source of truth affects the way our security and IT teams work together. Instead of me telling or sending screenshots, I can send them a link. When I send the link, others can see the exact same screen and easily drill down on endpoints.

This single source of truth helps reduce costs. It saves time, and time is always equal to money.

Patch Management has improved our patch rates. Previously, our approximate patching duration to close a vulnerability or remediate a vulnerability was almost 30 to 40 days. Right now, it does not exceed 11 days. Qualys has its own priority levels. They have priority 4, priority 3, priority 2, and priority 1 levels. Priority 4 ones are the most dangerous ones. They are patched right away. For other priorities, it was 30 to 40 days and then it was 21 days. The last one was about 14 days and now it is 11. It is a very good progress from what it was before.

I do not use their Risk Reduction Recommendation Report, but I usually go for the dashboard. The dashboard usually tells everything such as the end-of-life hardware, software, or other things. When I drill down, I can generate a report and present it to my IT colleagues and tell them that we need to get rid of this equipment or this software. We need to do something with it. This is an on-demand report, so I can put it on my schedule, and when I need it, I can generate it.

Patch Management has definitely helped to reduce our organization's risk. It is hard to provide metrics because, with the security field, you cannot be very precise about how secure you are. However, I can sleep at night and not stress about if some computer is being patched. I do not worry about situations where when you have a lot of systems, some of them you cannot patch because they have old applications. If you patch them, it will break something. I do not have that stress because I can rely on Qualys to do its job. In my previous job, I have had systems that I could not patch. I had to request a window to do the patchwork. With Qualys, I do not have to do that. There is a work/life balance. I got back my Saturdays and Sundays. In my previous job, I came to the job on Saturday and Sunday when people were not there and patched the systems. With Qualys, it is definitely not the case. We do not have to do that.

Patch Management, if configured correctly, works effectively without requiring further action. There are some applications that Patch Management cannot update, but they have a Custom Assessment and Remediation module to update third-party software. That module completes patch management, and you can now update everything.

The vulnerability scanner is solid and thorough. Vulnerability scans go through everything such as the endpoints, servers, and hardware.

They are constantly working on making it better. There is no 100% reliable or working application or software. There are caveats with the network passive sensor when it does not merge or something does not feel right, but whenever I have to report on those things, someone from their support team jumps on and tries to help us, which is why I like it. They should keep it up. 

They can maybe do check-ins with the customers once a month. All the vendors are doing it nowadays. Qualys can do regular check-ins to go over not only all the vulnerabilities but also the overall process to see if there is anything where we might need improvement. They know about the latest trends, and they have meetings about them. They can relay to us some newer information that we do not know, but they saw in our environment. That would be a nice thing.

I have probably been using it for three years, give or take.

I have interacted with them many times. Their support is good and reactive. When we needed support, it took a day or two. We can always reach out to our technical account manager. He is able to get on board with the engineers to help resolve issues, which I appreciate. If we need to fix something urgently, he can always help us.

Positive

We also use Microsoft through the GPL, and we have KACE, which checks for missing patches and applied patches, but mostly, we use Qualys. Qualys would be our single pane of glass where we see all those.

I joined after the initial deployment was completed, but I deployed a couple of scanners, like vulnerability scanners on the VMs, and that process was easy. It was self-explanatory and straightforward. You just spin one up, put the IP address, and it works.

It does not require any maintenance. It is a cloud agent. As long as the cloud agent is installed on the endpoint, we are collecting all the information and the system is being patched. That is a good part.

It took us some time to realize its benefits. I went to a Qualys conference, and that was when I started to realize its benefits. Till then, I thought Rapid7 was a good one or Manage Engine was a good one. I thought those products were good, and they also patch third parties whereas Qualys did not patch third parties. After going to Qualys, they explained there is a way to do that. It was a longer way, which I did not do. We decided to go with an MSP that specializes in installation and fine-tuning the Qualys product. When they did everything, I did not have to touch any configuration with Qualys Patch Management. Everything was going through. With the way we did things previously, it was going through, but it was a longer approach. It was taking a little longer and was more manual. We did not properly utilize tagging. We did not properly utilize the patching process scheduling. The MSP guys did tagging. They did automation of the patch management according to the risks. That was very important. Previously, we had six or seven jobs and sometimes, we manually patched individual machines. After the MSP guys did the fine-tuning, we had only two scheduled jobs, and that was it. The first job does 10 to 15 testing computers, and then the next one does the old machines.

I would rate Qualys Patch Management a nine out of ten.

I am a cybersecurity engineer focused on vulnerability assessment and penetration testing. We use Qualys Patch Management to scan our client infrastructure and external-facing applications. We collect asset details from clients and perform activities using Qualys VMDR to prepare and submit reports. If vulnerabilities are detected, we conduct patch management.

We implemented Qualys Patch Management to simplify patching processes and maintain a comprehensive record of all assets, both those already patched and those requiring patching.

Qualys Patch Management's risk-based approach to automation is effective in addressing vulnerabilities. By configuring policies, patches are applied automatically, eliminating concerns about oversight and ensuring comprehensive mitigation.

The integration of Patch Management and VMDR is critical for medium and large organizations because it automatically includes relevant patches and configuration changes to remediate detected vulnerabilities. This allows organizations to gain clear visibility into device vulnerabilities and take immediate action to mitigate risks.

Qualys Patch Management keeps our clients informed of all security aspects. It keeps the quality up to date, with vulnerability databases and new CVEs based on the CVSS score. Clients are pleased with the insights on their security posture and any security gaps.

We use TruRisk automation and the Qualys knowledge base, with its batch management and information-sharing features, to remediate vulnerabilities without involving the security team.

Qualys Patch Management provides a centralized platform to identify, prioritize, and address vulnerabilities across all assets. This allows us to tailor vulnerability assessments and patching strategies for clients with critical assets, such as servers hosting public-facing web applications, by leveraging asset criticality tags to create dedicated sections within the platform.

Qualys Patch Management has helped improve our patch rate by 35 percent.

Qualys Patch Management helps reduce our client's organizational risk by 50 percent.

Qualys Patch Management allows us to structure all the patches together and schedule patch management sessions. If we do not need a particular patch, it can push it automatically. It provides insight into the organization's security posture and keeps databases updated with new CVEs.

The pricing of the solution is slightly high compared to other tools in our field. It’s manageable for clients, but as a service provider, it can be challenging due to the lower cost of vulnerability assessments and penetration testing.

I have been using Qualys Patch Management for the past two years.

Qualys Patch Management is a stable solution. I would rate its stability as a ten out of ten.

Scalability could be improved, as not everyone can afford it, and some may not fully understand how to use Qualys.

During the license purchase process, there was some delay in technical communication from Qualys. 

Positive

The deployment involved a team of six people and took about half a year.

Qualys Patch Management has saved time and resources by reducing the need for human resources. Clients are satisfied with the insights and reduced vulnerabilities over time.

While the cost of Qualys Patch Management is slightly high compared to alternative tools, it is not excessively expensive. I would rate the pricing as a seven or eight out of ten for expense.

I would rate Qualys Patch Management ten out of ten.

Our clients who use Qualys Patch Management are medium to enterprise-level businesses.

Qualys handles the maintenance for Patch Management.

I recommend Qualys Patch Management to others due to its ability to enhance organizational and client security posture while reducing time and costs associated with vulnerability assessment and auditing.

I have used this management system to remediate vulnerabilities.

There are a few vulnerabilities we can remediate very quickly. It reduces the time delay. If there are configuration-level changes, we can create and push scripts. 

It helps us increase visibility for faster remediation. 

Syncing between the MBR and patches is the feature. Another valuable feature is pushing configuration-level changes for a script, which leads to a single solution for all the changes. 

From a risk perspective, prioritization helps us more by allowing us to see the visibility of assets with more critical vulnerabilities. We can then push the patches immediately to remediate or reduce risk as soon as possible. That is the major advantage I have.

The integrations with VMware include configurations to mitigate vulnerabilities. It helps us identify permissions and whatever is applicable for the vulnerability for faster patching. 

It helps us remediate vulnerabilities without involving our security team. This helps further relieve time delays. We've saved around 50% of time with patching with Qualys.

The solution provides a single source of truth. We have everything all in one place, saving 40% of our time when compared to the older approach. We don't have to look at different platforms or move back and forth between tools between patching and validation. 

It has effective risk reduction recommendation reports. It streamlines remediation and gives us more data on the vulnerabilities. It helps us to identify the risk factors and levels of risk for increased prioritization.

Our patch rates have increased significantly. 

We've been able to reduce organizational risk by 50%.

The patch status and patch completion information should be improved. If a patch fails due to some reason, such as a Windows error, the error code that gets published should be more detailed. This would make it easier for us to identify where the issue lies, whether at the network level, machine level, or elsewhere. 

I have been using the solution for the past three years.

The stability is rated ten out of ten.

The scalability is rated ten out of ten.

I would rate technical support as nine out of ten.

Positive

I used different solutions like KACE, among others. We switched so we could use a single tool to make the process as simple as possible.

We use a hybrid cloud approach.

The setup was just about enabling a module for it. Since the system is already deployed, we only had to enable the module.

We use it across multiple locations.

There is no maintenance required once deployed.

As I said previously, it has reduced the risk by fifty percent compared to the previous solution. Everything is in SaaS.

As a single tool, it is a better choice. I would recommend the solution to other users. 

I would rate the overall solution as nine out of ten.