Qualys Patch Management Reviews

Qualys Patch Management is used to address and remediate server vulnerabilities. It provides a dashboard with information on remediation steps, vulnerability severity, impact, and other relevant details. This tool effectively manages and mitigates security vulnerabilities, ensuring the security of our infrastructure.

Qualys Patch Management provides visibility into our infrastructure's security vulnerabilities, enabling us to demonstrate to external auditors that our infrastructure is secure and vulnerabilities are mitigated. This has strengthened our security posture and significantly improved our overall security.

The TrueRisk automation helps us remediate vulnerabilities without involving our security team.

Qualys Patch Management provides a single source for asset and vulnerability monitoring, allowing us to view remediation status and severity levels from a centralized dashboard.

It is user-friendly and easy to learn, even for someone without experience, enabling them to master the tool within four days.

Qualys Patch Management has helped reduce our organization's risk by 70 to 80 percent.

The most valuable feature is the ability to search for vulnerabilities using their QID. This provides comprehensive information, including severity, CVE, and impact, in an informative dashboard. This allows for a clear understanding of the scope of the infrastructure affected and the specific servers impacted.

The Qualys agent sometimes encounters authorization issues, leading to inaccurate vulnerability reports. Additionally, server updates cause duplicate assets to appear, hindering accurate asset identification.

I have been using Qualys Patch Management for approximately two and a half years.

I would rate the stability of Qualys Patch Management as nine out of ten.

I would rate the scalability of Qualys Patch Management as eight out of ten.

Qualys' technical support is good. We raised some issues, and their response was quick and effective, resolving everything on time.

Positive

The initial setup for one or two servers was straightforward and did not take much time. It was set up before I joined the organization, so my direct experience with a larger-scale setup is limited.

I would rate Qualys Patch Management eight out of ten.

We have three environments: production, development, and QA. To perform patching, we must coordinate with the application team and schedule downtime. Due to the critical nature of the business application running on the production servers, we cannot automate patching; instead, we use satellite servers.

Our organization has between 20 and 30 people who use Qualys Patch Management.

In the two and a half years I've used Qualys Patch Management, I haven't observed any need for maintenance on the tool.

Qualys Patch Management is a valuable tool for large organizations seeking to maintain a secure infrastructure.

Our use cases for Qualys vary depending on the client. I work for a Paris-based French company that provides cybersecurity and metadata services to multiple clients. We primarily use Qualys to check the core infrastructure that hosts everything, scanning and remediating vulnerabilities.

We work with multiple teams, so if we identify a patching issue using Qualys, we might need to escalate it to another department. For example, if we identify a vulnerability in a CI/CD tool the DevOps team uses in Terraform, we're not supposed to touch it. We recommend a time frame for the DevOps team to apply the patch. If the issue is high-severity, they may need to address it as soon as possible. We run the scans, get the reports, and create recommendations.

We have integrated Qualys with our homegrown ticketing tool, but we plan to migrate to ServiceNow. It's a gradual process. Microsoft Sentinel, our SIEM solution, sends alerts to our internal detection and monitoring tool, which ServiceNow will soon replace. Our SIEM tool is responsible for monitoring the overall risk, while we use Qualys to report vulnerabilities that need to be patched.

Qualys improved productivity and efficiency after we became certified and familiar with the tool. However, our efficiency ultimately doesn't rely on us. We're not free to do whatever we want because we need to wait for the approval of our bosses or clients. We only note everything on our customized reports inspired by Qualys' core reporting. 

Our clients typically have a 30 percent security score, and we aim to raise that to at least 90 percent through patch management and vulnerability monitoring and detection so their infrastructure security improves daily.  

Qualys' best feature is its reporting. At first, it may seem a little complicated to a beginning user, but it's helpful once you get used to it. Most of these scans run automatically. We set the scans up for the client to run at daily, weekly, or monthly intervals, depending on how critical the server or other hardware is.

According to the scan target, we adopt a risk-based or patch-based approach. Our company has a large SOC team that covers more than just the scanning aspect. Qualys is one tool we use. Regarding the managerial component, we have documentation and a set of steps to follow. We must also follow all the protocols, regulations, and standards, such as ISO-27000 or GDPR if you are in Europe.  

Qualys could improve its capacity to fix vulnerabilities on VMware and other virtualized environments. The reporting could also be enhanced to make it more user-friendly. It's difficult for beginners to learn.  

I have used Qualys for two and a half years.

We've had no stability issues with Qualys because most clients use high-speed fiber optic connections. 

I rate Qualys support nine out of 10. I've contacted Qualys support four or five times. They're highly efficient. There were some delays and technical issues the first time I called them, but the rest of my experiences went smoothly.

Positive

We used Nessus, but we switched. It was a company decision because it has a partnership with Qualys' parent company. Before that, we used Metasploit

Deploying Qualys was initially overwhelming, but after a lot of tutorials and testing, we got used to it. Three people were involved in the first six months, but now I'm the only one using it. We had some help from Qualys in the first few months.  

I'm unaware of Qualys' exact price, but it's more expensive than Nessus. With technological products, you need to pay to get the best. 

I rate Qualys eight out of 10. It's a great tool, and if I consulted for a client, I would recommend it.