Qualys VMDR Reviews

It improves the continuous monitoring of the systems on-premises.

If any anomalies are there, we can easily detect with our agent based solutions, and we can isolate them quickly, and response time or any incident is much quicker than previous. Before we were taking eight hours, now we're taking around 30 minutes to respond to any incident, security and such.

I find the most valuable features are the continuous monitoring.  Even on premises, there is constant monitoring.

When tested on Zero day, there were errors.

In addition, they have integrated with other third parties, but it is still not viable. They are using their own Q id's. This sometimes leads to a false positive. And, even the updating of signatures into Qualys is not that much quicker. Maybe for Windows and Linux, it is a little quicker or networks and other devices. The signature updating is not quicker.

I have not experienced issues with stability of the solution. There were a few bugs, but we reported it.

I did not have any issues of scalability.

The tech support acted quickly and responded quickly to our tickets. There was a good response time.

I also have previous experience with Tennable Nessus, and I find Qualys is better than Nessus, which is slow in the security center and lags a bit.

It's good. Yes, it's competitive. We got the best price.

Our primary use case is to manage vulnerabilities, scan web applications, and report assets throughout the network. Also, we create reports based on this data. 

• Tracks workstations and servers.
• Monitors workstations and servers for vulnerabilities and creates reports.
• Performs automated, regular scans in the network.
• Detects new hosts along with vulnerabilities.

The Qualys Agent is most valuable for getting insight into what is happening on what device with all its metadata.

• Improve the API speed. 
• Make some minimal dashboard improvements.
• Improve the user interface.

From my point of view all the Qualys products are valuable. From the clients' perspective, I believe vulnerability management is the most valuable one and it’s a must in every organization. After the client realize the risks from outside, and that the vulnerabilities are real, a proper compliance policy implementation using Qualys Policy Compliance (I'm using v8.4), the second product needed in any infrastructure, can be done. If the organization has public websites, Web Application Scanning (I'm using v4.1) is the third valuable product needed in an organization.

After the first scan of the servers at all the POCs QualysGuard discovered many vulnerabilities that are grouped from low to high impact. The ability to use asset management to scan the grouped servers from the vulnerability management feature with the policy compliance engine helps the security officer to perform the daily/monthly tasks faster and make them more organized.

One of the biggest issues from the clients' perspective is that all Qualys computing is on the cloud.

As last month ( this is when I found out) Qualys offers a On-Premise instalation for it's customers.

https://www.qualys.com/enterprises/qualysguard/pri...

The issue with the private cloud is that is costs very much for a small firm.

I have been using QualysGuard since 2012, and I have followed the certification from Qualys in class. After that, I implemented it for one of our clients, and did some POCs using Qualys. In the last month I had another PoC with Qualys and the client looks interested.

need support from sysadmin to deploy the ovf file.

Qualys appliances are based on Linux OS, and they are very stable. I didn’t encounter any stability issues.

The big advantage of using the virtual appliances is that you can increase the allocated hardware if you need more resources.

The customer service level is very high. All the requests made to the reseller were fulfilled in a very short time.

We didn’t need to use Qualys technical support as the product was very stable, and our knowledge of the product was enough to fulfil all the clients needs.

I have used both Nessus and Rapid 7 Nexpose. I am working as a security consultant and I need to know the big players so I could present to my clients the pluses and minuses of the products they might choose.

Qualys initial setup is straightforward and if you follow the manual you don’t have any problems. You receive the credentials, login to the Qualys website, download the virtual appliance, configure the IP, and, after defining the credentials and the assets, you can start scanning your environment. For the hardware appliance you have to connect it to the network and after the configuration you can start the scanning.

I was part of the consultant team that implemented this solution to the client. We didn't have any complaints from him, and he used us to implement the rest of Qualys' components.

Usually every implementation is different and the quote is in function of number of assets.

The clients are usually evaluating the top three vendors from Gartner. From my clients side, the vendors used in evaluation were Nexpose, McAfee Vulnerability Manager and Nessus. Also I have tried the open source VM OpenVAS

Follow the vendor provided steps, and you will not have any problems during the initial implementation. If you don’t have experience with server policies, use a consultant that will be able to identify your business needs.

• Totally vendor-managed appliance
• Highly scalable and deployable portal interface
• Ability to easily distribute administration functions based on access roles

It provides fully automated internal and external vulnerability management.

Streamline PCI integration and attestation.

I have used it for five years.

I have not encountered any scalability issues.

Technical staff are excellent.

We previously used Rapid 7. The product was not staying current with shifting trends, sales staff were pushy and management were arrogant.

Initial setup was simple.

Negotiate for the pricing model that fits your budget. The vendor is willing to customize pricing.

Before choosing this product, we evaluated Rapid 7, Nessus.

Take your time and have each vendor set up an actual proof of concept, rather than just relying on a demo. Get your network and support staff engaged in the process early on because they will be instrumental in deployment and support. Know what you’re trying to accomplish.

QualysGuard provides a solution for network security, web application security and compliance.

Vulnerability management and policy/PCI compliance are the features that I have used which I think are the most valuable.

We use QualysGuard to identify all network and compliance-related violations of the assets. The report generated by the product will have a detailed description and solution. This has helped us to provide a certificate of compliance or a clean sheet for our vendors.

I'm looking forward to having an exploitation framework, a platform/framework that helps to cross verify the vulnerabilities like Metasploit.

I've used it for four years.

No issues encountered.

No issues encountered.

No issues encountered.

7/10

7/10

I have evaluated multiple products that include commercial as well as open source. There are different solutions available with other products, but I feel this is the integrated product which covers information security and compliance comprehensively.

Also, the results provided by the product are accurate and precise.

It gets up to date very fast.

Users do not feel any QualysGuard presence.

Solution for fixing problems need to be better documented, such as in a step by step way.

I've used it for three years.

No issues encountered.

No issues encountered.

No issues encountered.

8/10.

7/10.

No previous solution was used.

I strongly recommend that you use this solution.

The vulnerability scanning feature is valuable.

QualysGuard has provided us with a valuable insight into vulnerabilities across our environment. Before the use of this product, we had no way of identifying or tracking vulnerabilities.

The reporting capabilities are good but I would like to be able to make more customized reports. In addition, I would like to be able to assign a numerical asset value to critical hosts.

I've used it for six years.

No issues encountered, it went very smoothly.

No issues encountered.

No, as it's very easy to add additional hosts.

8/10.

8/10.

We didn't use a previous solution.

It was straightforward.

It was implemented in-house.

We also looked at Nessus.

Make sure you take advantage of authenticated scans and it is also very helpful if you have a complete server inventory.

The feature where the solutions to issues are mentioned in the reports.

It's easy to reach the current location and download/install the correct patch.

The feature where the solutions to issues are mentioned in the reports could be improved.

I've been using it for over three years.

No issues encountered.

No issues encountered.

No issues encountered.

7/10.

5/10,

No previous solution was used.

It was implemented by the vendor.